Премини към съдържанието

Филтри за търсене

Показани резултати за тагове 'Решен'.

  • Търсене по таг

    Въведете тагове разделени със запетая
  • Търсене по автор

Търсене в


Форуми

  • Софтуер
    • Нови Програми
    • Търсене на Програми
    • Програми - Проблеми и Дискусии
    • Драйвери - Търсене, Проблеми, Линкове
    • Операционни системи
    • Сигурност и антивирусна защита
    • Игри
  • Хардуер
    • Общи хардуерни въпроси
    • Преносими компютри
    • Дънни платки
    • Запаметяващи устройства и памети
    • Монитори, Аудио и Видеокарти
    • Периферия
    • Овърклок и PC модинг
    • Нови конфигурации и части, въпроси, препоръки и мнения
  • Мобилни телефони, GSM, Мобилни приложения, Комуникации
    • Мобилни телефони - Въпроси, Проблеми, Софтуер
    • Съвети при избор на телефон
    • Мобилни Приложения (Apps)
    • Мобилни оператори, Мрежи, Промоции, Абонаменти, Услуги
    • Други теми относно мобилни телефони
  • Уеб дизайн, Графичен дизайн, Програмиране
    • Програмиране
    • Графичен Дизайн и Визуални изкуства
    • CMS, Форумни и Торент системи
    • Хостинг, Домейни, Уеб сървъри
    • SEO, Уеб оптимизация и стандарти
  • Битова Техника
    • Аудиотехника
    • Телевизори, Видео и Фото техника, Видео наблюдение
    • Климатици - проблеми, съвети, въпроси
    • Бойлери, Печки, Отопление
    • Друга битова техника
  • Интернет, Локални Мрежи и GPS Навигации
    • Интернет, WiFi, xDSL и Локална Мрежа
    • Биткойн и Криптовалути
    • Онлайн бизнес, AdSense, Affilate програми
    • Рутери, Модеми, Суичове
    • Facebook - проблеми, въпроси, вируси
    • Skype, VoIP - Интернет телефония
    • GPS, Навигационни системи - Въпроси, Карти, Проблеми
  • Изкуство
    • Музика
    • Кино и Телевизия
    • Поезия и Лично творчество
    • Изкуство - Изящно, Приложно и Сценично
    • Фотография и Фотографска техника
    • Литература, Книги (e-books, video trainings, tutorials & etc.)
  • Други
    • Статии и ревюта
    • Образование и обща култура
    • Религия, Мистика, Езотерика
    • История
    • Философия
    • Психология и Психотерапия
    • Новини от България и Света
    • Българите по света
    • Политика
    • Право и Юридически консултации
    • Здраве и Mедицина
    • Банки, Застраховане, Финанси, Кредити
    • Тийн Зона (Teen Zone)
    • Купувам / Продавам
    • Всичко останало
  • Хоби, Развлечение и Свободно време
    • Спорт
    • Автомобили
    • Дом и семейство
    • Домашни любимци
    • Пътешествия и туризъм
    • Кулинар
    • Изповеди
    • Празни приказки и забава
  • За kaldata.com
    • Новини относно сайта
    • Предложения, Въпроси и Проблеми свързани със сайта
  • групите за са стадото аз съм вълк единак Теми
  • Photoshop майнаци Теми
  • Аудио-видео и компютърна техника За приемане на членове
  • Аудио-видео и компютърна техника Теми
  • python3 data types
  • какви са ви любимите игри?? Темиигри за вас
  • супрески игри и рекорди Темиигри за вас

Блогове

Няма резултати

Няма резултати

Категории

  • Компютри
    • Компютърни конфигурации
    • Компютърни компоненти
    • Периферни устройства
    • Дънни платки
    • Мултимедия
    • Компютърни игри и софтуер
    • Администриране и интернет услуги
    • Компютърни аксесоари
    • Лаптопи и таблети
    • Видеокарти
    • Монитори
    • Процесори
    • Хард дискове и Памети
    • Други
  • Електроника
    • Телефони, GSM апарати
    • Аудио
    • Битова електроника
    • GPS и навигационни системи
    • Фотоапарати и обективи
    • TV и Видео
    • Други
  • Имоти
    • Гарсониери
    • Къщи и вили
    • Търговски площи
    • Гаражи
    • Апартаменти
    • Терени
    • Офиси
    • Други имоти в продажба
  • Авто-мото
    • Автомобили
    • Велосипеди
    • Лодки
    • Резервни части
    • Авто аксесоари
    • Мотоциклети
    • Скутери и ATV
    • Камиони и Автобуси
    • Авто сервизи и Rent-a-Car
    • Други
  • Работа
    • Работа в страната
    • Работа в чужбина
    • Стажове
    • Работа от вкъщи
    • Непълно работно време
  • Услуги
  • Строителство
  • Туризъм
  • Курсове и обучение
  • Домашни любимци
  • Други
  • супрески игри и рекорди Обяви
  • супрески игри и рекорди Обяви

Категории

  • Домашни любимци и Животни
  • Игри
  • Инциденти и Екстремни
  • Коли и превозни средства
  • Музика
    • Българска музика
    • Джаз
    • Електронна
    • Метъл и Рок
    • Народна и Фолклор
    • Поп и Диско
    • Поп-фолк
    • Рап и хип-хоп
    • Ритъм енд блус и соул
    • Друга
  • Новини и политика
  • Реклами
  • Смях и Развлечение
  • Спорт
  • Технологии, Компютри, Хардуер
  • ТВ Предавания и Шоу Програми
  • Хора и блогове
  • Филми и анимация
  • Други
  • Old School Hip-Hop and Electroo 80" Видео клипчета

Календари

  • Събития
  • Изложения
  • Семинари
  • Парти
  • Празници в България

Групи продукти

  • Банер Реклами

Търсене в...

Търси резултати които съдържат...


Дата

  • Начало

    Край


Последно обновяване

  • Начало

    Край


Филтриране по брой...

Регистрация

  • Начало

    Край


Група


Skype


Facebook


Google+


Twitter


ICQ


Yahoo


Интернет сайт


Град


Интереси

Открити 133 резултата

  1. Здравейте, от няколко дни когато стартирам фаерфокса като начална страница ми зарежда delta-home, и други които аз не желая.При сканиране с Malwarebytes Anti-Malware откри около 60 проблема.Имам диск. Това е съдържанието на файла от FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015 Ran by Boriv (administrator) on BORIS on 14-06-2015 08:47:50 Running from C:\Users\Boriv\Desktop Loaded Profiles: Boriv (Available Profiles: Boriv & Hristina) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Английски (Съединени щати) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (XTab system) C:\Program Files\MiuiTab\ProtectService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (TODO: <公司名>) C:\Users\Boriv\AppData\Everything\ServiceEverything.exe (Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe () C:\Users\Boriv\AppData\Everything\SFKEX.exe () C:\Users\Boriv\AppData\Everything\SearchBase.exe () C:\Users\Boriv\AppData\Everything\everything.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe () C:\Windows\tsnp2std.exe (Sonix) C:\Windows\vsnp2std.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (BitTorrent Inc.) C:\Users\Boriv\AppData\Roaming\uTorrent\uTorrent.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe () C:\Users\Boriv\AppData\Local\Viber\Viber.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\System32\icacls.exe (LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\Update\SmartShareTray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [262144 2006-05-22] () HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-05-15] (Sonix) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-1421139271-3807526133-746366484-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1421139271-3807526133-746366484-1001\...\Run: [uTorrent] => C:\Users\Boriv\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-07] (BitTorrent Inc.) HKU\S-1-5-21-1421139271-3807526133-746366484-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.) HKU\S-1-5-21-1421139271-3807526133-746366484-1001\...\Run: [Viber] => C:\Users\Boriv\AppData\Local\Viber\Viber.exe [80036560 2015-05-25] () HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-12-22] (Microsoft Corporation) Startup: C:\Users\Boriv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2007.lnk [2015-01-30] ShortcutTarget: Изрязване на екран и стартиране на OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1434011380&z=e5999adf96ef3125d60ea8ag6z7cazbe5g1g7c2bac&from=ient06110&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1420138572&from=kmp&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1434011380&z=e5999adf96ef3125d60ea8ag6z7cazbe5g1g7c2bac&from=ient06110&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1420138572&from=kmp&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6&q={searchTerms} HKU\S-1-5-21-1421139271-3807526133-746366484-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1434011380&z=e5999adf96ef3125d60ea8ag6z7cazbe5g1g7c2bac&from=ient06110&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6&q={searchTerms} HKU\S-1-5-21-1421139271-3807526133-746366484-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1434011380&z=e5999adf96ef3125d60ea8ag6z7cazbe5g1g7c2bac&from=ient06110&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6 HKU\S-1-5-21-1421139271-3807526133-746366484-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1421139271-3807526133-746366484-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1434011380&z=e5999adf96ef3125d60ea8ag6z7cazbe5g1g7c2bac&from=ient06110&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6 HKU\S-1-5-21-1421139271-3807526133-746366484-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1434011380&z=e5999adf96ef3125d60ea8ag6z7cazbe5g1g7c2bac&from=ient06110&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6&q={searchTerms} SearchScopes: HKU\S-1-5-21-1421139271-3807526133-746366484-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1421139271-3807526133-746366484-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1421139271-3807526133-746366484-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1421139271-3807526133-746366484-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1421139271-3807526133-746366484-1001 -> {516AB8DC-6CDF-43FA-B250-1817B5F25C5B} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1421139271-3807526133-746366484-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Tcpip\..\Interfaces\{3FB6B7E9-CDEE-4B8E-8123-60E10B838DDC}: [NameServer] 46.40.72.9,46.40.72.13 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1420138572&from=kmp&uid=ST3320620AS_9QF8MPW6XXXX9QF8MPW6 FireFox: ======== FF ProfilePath: C:\Users\Boriv\AppData\Roaming\Mozilla\Firefox\Profiles\lwd4qy02.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: delta-homes FF SelectedSearchEngine: delta-homes FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-03] () FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2014-11-26] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-11-26] FF Extension: QuickSearch - C:\Users\Boriv\AppData\Roaming\Mozilla\Firefox\Profiles\lwd4qy02.default\Extensions\quick_searchff@gmail.com [2015-06-11] FF Extension: Search Enginer - C:\Users\Boriv\AppData\Roaming\Mozilla\Firefox\Profiles\lwd4qy02.default\Extensions\sweetsearch@gmail.com [2015-06-11] FF Extension: signTextJS - C:\Users\Boriv\AppData\Roaming\Mozilla\Firefox\Profiles\lwd4qy02.default\Extensions\jid1-AXn9cXcB4fD1QQ@jetpack.xpi [2015-01-30] FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Boriv\AppData\Roaming\Mozilla\Firefox\Profiles\lwd4qy02.default\extensions\quick_searchff@gmail.com FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Boriv\AppData\Roaming\Mozilla\Firefox\Profiles\lwd4qy02.default\extensions\sweetsearch@gmail.com ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [File not signed] R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [File not signed] R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125056 2015-06-11] (XTab system) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-07-24] (Nitro PDF Software) R2 ServiceEverything; C:\Users\Boriv\AppData\Everything\ServiceEverything.exe [295624 2015-06-11] (TODO: <公司名>) R3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-12-22] (Microsoft Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-12-22] (Disc Soft Ltd) R3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [31232 2010-11-23] (IC Plus Corp. ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.) R3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [10305280 2006-06-07] () [File not signed] R1 MpKslbf6b7b5a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A8B2B79-CB1F-45D6-AF0B-60A3283009D1}\MpKslbf6b7b5a.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-14 08:47 - 2015-06-14 08:49 - 00014291 _____ C:\Users\Boriv\Desktop\FRST.txt 2015-06-14 08:46 - 2015-06-14 08:46 - 00000000 ____D C:\Users\Boriv\Desktop\FRST-OlderVersion 2015-06-14 08:21 - 2015-06-14 08:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-14 08:20 - 2015-06-14 08:20 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-14 08:20 - 2015-06-14 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-14 08:20 - 2015-06-14 08:20 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-14 08:20 - 2015-06-14 08:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-14 08:20 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-14 08:20 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-14 08:20 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-14 08:08 - 2015-06-14 08:08 - 35247384 _____ (Microsoft Corporation) C:\Users\Boriv\Desktop\mpas-fe.exe 2015-06-13 17:32 - 2015-06-13 17:32 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Boriv\Desktop\mbam-setup-2.1.6.1022.exe 2015-06-11 14:50 - 2015-06-11 14:59 - 00852480 _____ C:\Users\Hristina\Desktop\ценоразпис 06-15.xls 2015-06-11 14:10 - 2015-06-14 08:48 - 00000000 ____D C:\FRST 2015-06-11 14:08 - 2015-06-14 08:46 - 01148416 _____ (Farbar) C:\Users\Boriv\Desktop\FRST.exe 2015-06-11 11:30 - 2015-06-14 08:45 - 00000000 ____D C:\Program Files\MiuiTab 2015-06-11 11:30 - 2015-06-14 08:42 - 00000000 ____D C:\Users\Boriv\AppData\Everything 2015-06-11 11:30 - 2015-06-11 11:30 - 00000000 ____D C:\ProgramData\IHProtectUpDate 2015-06-10 20:54 - 2015-06-10 20:54 - 00000000 ____D C:\Users\Boriv\AppData\Roaming\Rovio Entertainment Ltd 2015-06-10 08:45 - 2015-06-10 08:45 - 00001937 _____ C:\Users\Hristina\Desktop\фтб 10.06.xls 2015-06-10 08:44 - 2015-06-10 08:44 - 00006316 _____ C:\Users\Hristina\Desktop\валер 10.06.xls 2015-06-10 06:15 - 2015-05-25 20:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-10 06:14 - 2015-06-02 22:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-10 06:14 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-10 06:14 - 2015-05-23 06:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-10 06:14 - 2015-05-23 06:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-10 06:14 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-10 06:14 - 2015-05-23 06:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-10 06:14 - 2015-05-23 06:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-10 06:14 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-10 06:14 - 2015-05-23 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-10 06:14 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-10 06:14 - 2015-05-23 06:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-10 06:14 - 2015-05-23 06:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-10 06:14 - 2015-05-23 06:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-10 06:14 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-10 06:14 - 2015-05-23 06:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-10 06:14 - 2015-05-23 06:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-10 06:14 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-10 06:14 - 2015-05-23 06:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-10 06:14 - 2015-05-23 05:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-10 06:14 - 2015-05-23 05:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-10 06:14 - 2015-05-23 05:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-10 06:14 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-10 06:14 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-10 06:14 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-10 06:14 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-10 06:14 - 2015-05-23 05:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-10 06:14 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-10 06:14 - 2015-05-23 05:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-10 06:14 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-10 06:14 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-10 06:14 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-10 06:14 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-10 06:13 - 2015-05-09 06:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-10 06:13 - 2015-05-09 06:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-10 06:13 - 2015-05-09 06:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-10 06:13 - 2015-05-09 06:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-10 06:13 - 2015-05-09 06:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 04:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-10 06:13 - 2015-05-09 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-10 06:13 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-10 06:13 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-10 06:13 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-10 06:13 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-10 06:13 - 2015-04-29 21:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-10 06:13 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-03 08:54 - 2015-06-03 08:54 - 00006867 _____ C:\Users\Hristina\Desktop\валери 04.06.xls 2015-06-03 08:50 - 2015-06-03 08:53 - 00002312 _____ C:\Users\Hristina\Desktop\фтб 04.06.xls 2015-06-02 19:26 - 2015-06-04 07:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-05-28 19:54 - 2015-05-28 19:54 - 00000000 ____D C:\Users\Boriv\Documents\My Games 2015-05-28 19:54 - 2015-05-28 19:54 - 00000000 ____D C:\ProgramData\Steam 2015-05-28 19:54 - 2015-05-28 19:54 - 00000000 ____D C:\ProgramData\Package Cache 2015-05-28 19:54 - 2015-05-28 19:54 - 00000000 ____D C:\ProgramData\Codemasters 2015-05-28 19:53 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-05-28 19:53 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-05-28 19:53 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-05-28 19:53 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-05-28 19:53 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-05-28 19:53 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-05-28 19:53 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-05-28 19:53 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2015-05-28 19:53 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-05-28 19:53 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-05-28 19:53 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-05-28 19:53 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-05-28 19:53 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2015-05-28 19:53 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2015-05-28 19:53 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2015-05-28 19:53 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2015-05-28 19:53 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2015-05-28 19:53 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2015-05-28 19:53 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-05-28 19:53 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2015-05-28 19:53 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2015-05-28 19:53 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2015-05-28 19:53 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2015-05-28 19:53 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2015-05-28 19:53 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2015-05-28 19:53 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2015-05-28 19:53 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2015-05-28 19:53 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2015-05-28 19:53 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2015-05-28 19:53 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2015-05-28 19:53 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2015-05-28 19:53 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2015-05-28 19:53 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2015-05-28 19:53 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2015-05-28 19:53 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2015-05-28 19:53 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2015-05-28 19:53 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2015-05-28 19:53 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2015-05-28 19:53 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2015-05-28 19:53 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2015-05-28 19:53 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2015-05-28 19:53 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2015-05-28 19:53 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2015-05-28 19:53 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2015-05-28 19:53 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2015-05-28 19:53 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2015-05-28 19:53 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2015-05-28 19:53 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2015-05-28 19:53 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2015-05-28 19:53 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2015-05-28 19:53 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2015-05-28 19:53 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2015-05-28 19:53 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2015-05-28 19:53 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2015-05-28 19:53 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2015-05-28 19:53 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2015-05-28 19:53 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2015-05-28 19:53 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2015-05-28 19:53 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2015-05-28 19:53 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2015-05-28 19:53 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2015-05-28 19:53 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-05-28 19:53 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-05-28 19:53 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-05-28 19:53 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-05-28 19:53 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-05-28 19:53 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-05-28 19:53 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-05-28 19:53 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-05-28 19:53 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-05-28 19:53 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-05-28 19:53 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-05-28 19:53 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-05-28 19:53 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-05-28 19:53 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-05-28 19:53 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-05-28 19:53 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-05-28 19:53 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-05-28 19:53 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-05-28 19:53 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-05-28 19:53 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-05-28 19:53 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-05-28 19:53 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-05-28 19:53 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-05-28 19:53 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-05-28 19:53 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-05-28 19:52 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-05-28 19:52 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-05-28 19:52 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-05-28 19:52 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-05-28 19:52 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-05-28 08:11 - 2015-05-28 19:53 - 00000000 ____D C:\Windows\system32\directx 2015-05-28 08:10 - 2015-05-28 08:10 - 00000649 _____ C:\Users\Boriv\Desktop\GRID Autosport.lnk 2015-05-28 08:10 - 2015-05-28 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRID Autosport 2015-05-27 18:22 - 2015-05-27 18:23 - 00000000 ____D C:\Users\Hristina\Desktop\Стари данни Firefox 2015-05-25 14:28 - 2015-05-25 14:33 - 202332568 _____ C:\Users\Boriv\Desktop\555555.rar ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-14 08:50 - 2014-12-22 01:36 - 00000000 ____D C:\Users\Boriv\AppData\Roaming\uTorrent 2015-06-14 08:47 - 2014-12-22 10:12 - 01712113 _____ C:\Windows\WindowsUpdate.log 2015-06-14 08:46 - 2015-02-14 12:43 - 00000000 ____D C:\Users\Boriv\AppData\Roaming\ViberPC 2015-06-14 08:46 - 2014-12-24 14:11 - 00000000 ____D C:\Users\Boriv\AppData\Roaming\Skype 2015-06-14 08:44 - 2014-12-22 00:33 - 00009196 _____ C:\Windows\PFRO.log 2015-06-14 08:44 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-14 08:44 - 2009-07-14 07:39 - 00031317 _____ C:\Windows\setupact.log 2015-06-13 21:28 - 2009-07-14 07:34 - 00022448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-13 21:28 - 2009-07-14 07:34 - 00022448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-13 18:31 - 2014-12-22 02:12 - 00000000 ____D C:\ProgramData\firebird 2015-06-13 16:57 - 2014-12-22 21:13 - 00007597 _____ C:\Users\Boriv\AppData\Local\Resmon.ResmonCfg 2015-06-12 14:01 - 2014-12-24 09:41 - 00000000 __SHD C:\Users\Boriv\AppData\Local\EmieUserList 2015-06-12 14:01 - 2014-12-24 09:41 - 00000000 __SHD C:\Users\Boriv\AppData\Local\EmieSiteList 2015-06-12 14:01 - 2014-12-24 09:41 - 00000000 __SHD C:\Users\Boriv\AppData\Local\EmieBrowserModeList 2015-06-11 17:28 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\NDF 2015-06-11 15:02 - 2015-01-07 10:13 - 00000000 ____D C:\Users\Hristina\AppData\Roaming\Skype 2015-06-11 11:29 - 2015-01-01 22:00 - 00000000 ____D C:\ProgramData\IePluginServices 2015-06-11 11:29 - 2014-12-22 00:37 - 00001411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-06-11 11:29 - 2014-12-22 00:37 - 00001399 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-06-11 11:29 - 2014-12-22 00:17 - 00001707 _____ C:\Users\Boriv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-11 07:57 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache 2015-06-11 07:06 - 2009-07-14 07:33 - 00414560 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-11 07:04 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\bg-BG 2015-06-10 23:45 - 2014-12-22 01:25 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-10 23:44 - 2014-12-22 00:38 - 00000000 ____D C:\Windows\system32\MRT 2015-06-10 23:40 - 2014-12-22 00:38 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-06 07:32 - 2014-12-24 14:10 - 00000000 ____D C:\ProgramData\Skype 2015-06-04 07:39 - 2014-12-22 00:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-03 06:55 - 2014-12-22 01:29 - 00000000 ____D C:\Users\Boriv\AppData\Local\Adobe 2015-06-03 06:53 - 2014-12-22 01:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-03 06:53 - 2014-12-22 01:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-02 22:35 - 2015-01-01 21:52 - 00000000 ____D C:\The KMPlayer 2015-06-02 22:11 - 2014-12-22 00:21 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-02 11:22 - 2015-02-17 12:06 - 00086016 _____ C:\Users\Hristina\Desktop\OT4ET MAGAZIN 2015.xls 2015-05-29 09:08 - 2015-02-14 12:43 - 00000993 _____ C:\Users\Boriv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-05-29 09:08 - 2015-02-14 12:43 - 00000985 _____ C:\Users\Boriv\Desktop\Viber.lnk 2015-05-29 09:08 - 2015-02-14 12:43 - 00000000 ____D C:\Users\Boriv\AppData\Local\Viber 2015-05-28 19:52 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-05-26 21:21 - 2015-04-02 18:01 - 195762745 _____ C:\Users\Boriv\Desktop\Navteq_Greece_2014.09.rar 2015-05-20 12:35 - 2015-05-14 22:50 - 00000000 ____D C:\Users\Boriv\AppData\Roaming\Nitro PDF 2015-05-18 10:49 - 2015-04-22 18:28 - 00000000 ____D C:\Users\Boriv\Desktop\Scener ==================== Files in the root of some directories ======= 2014-12-22 21:13 - 2015-06-13 16:57 - 0007597 _____ () C:\Users\Boriv\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Boriv\AppData\Local\Temp\bitool.dll C:\Users\Boriv\AppData\Local\Temp\InitBDE.exe C:\Users\Boriv\AppData\Local\Temp\KMP_3.9.1.131.exe C:\Users\Boriv\AppData\Local\Temp\ose00000.exe C:\Users\Boriv\AppData\Local\Temp\SimBundD.exe C:\Users\Boriv\AppData\Local\Temp\SkypeSetup.exe C:\Users\Hristina\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-13 14:34 ==================== End of log ============================ Addition.txt
  2. Здравейте имам странен проблем с компютъра,например като чатя във фейсбук или скайп започва да праща някакви линкове,също така работи бавно и не се показват целите прозорци. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-08-2015 Ran by W (administrator) on W-F081D34368844 (07-08-2015 12:39:14) Running from C:\Documents and Settings\W\Desktop Loaded Profiles: W (Available Profiles: W & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe () C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe (Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe () C:\Program Files\TeamViewer3\TeamViewer_Host.exe (TeamViewer GmbH) C:\Program Files\TeamViewer3\TeamViewer.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe () C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe () C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\system32\osk.exe (Microsoft Corporation) C:\WINDOWS\system32\msswchx.exe (IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14854144 2005-09-22] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation) HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation) HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [btTray] => C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [278016 2009-02-27] () HKLM\...\Run: [] => [X] HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-21-1757981266-1004336348-1606980848-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.) HKU\S-1-5-21-1757981266-1004336348-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1757981266-1004336348-1606980848-1003\...\Run: [Google Update] => C:\Documents and Settings\W\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-27] (Google Inc.) HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32 HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1757981266-1004336348-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.mail.ru/?ieverfix=1&fr=ieverfix_sg HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1757981266-1004336348-1606980848-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1757981266-1004336348-1606980848-1003 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1757981266-1004336348-1606980848-1003 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&ieverfix=1&fr=ieverfix_dse BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-07-06] (IObit) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-12] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 89.215.233.2 89.215.246.40 Tcpip\..\Interfaces\{A0223CA6-B160-42B4-A7BB-61FD22352FCD}: [DhcpNameServer] 89.215.233.2 89.215.246.40 FireFox: ======== FF ProfilePath: C:\Documents and Settings\W\Application Data\Mozilla\Firefox\Profiles\7iz7rnn2.default FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: google.bg FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-06] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1757981266-1004336348-1606980848-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\W\Local Settings\Application Data\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1757981266-1004336348-1606980848-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\W\Local Settings\Application Data\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2015-02-27] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-02-27] FF Extension: Address Bar Search - C:\Documents and Settings\W\Application Data\Mozilla\Firefox\Profiles\7iz7rnn2.default\Extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [2014-10-29] FF Extension: Adblock Plus - C:\Documents and Settings\W\Application Data\Mozilla\Firefox\Profiles\7iz7rnn2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-06] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-07] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-07] Chrome: ======= CHR Profile: C:\Documents and Settings\W\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Skype Click to Call) - C:\Documents and Settings\W\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-06] CHR Extension: (Google Wallet) - C:\Documents and Settings\W\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14] StartMenuInternet: chrome.exe - C:\Documents and Settings\W\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [850432 2009-02-27] () [File not signed] R3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407 2009-02-27] () [File not signed] R2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2009-02-27] () [File not signed] S2 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit) R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.) R2 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [94208 2008-01-28] () [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [14088 2008-12-07] (IVT Corporation.) S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.) R0 BtHidBus; C:\WINDOWS\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.) R3 btnetBUs; C:\WINDOWS\System32\Drivers\btnetBus.sys [30088 2008-12-07] () S3 BTNetFilter; C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-22] (IVT Corporation.) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [232512 2012-04-03] (DT Soft Ltd) R3 IvtBtBUs; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.) R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2013-12-24] (IObit) R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.) R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [31880 2009-01-08] (IVT Corporation.) R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [223104 2004-10-27] (Marvell) S3 ALSysIO; \??\C:\DOCUME~1\W\LOCALS~1\Temp\ALSysIO.sys [X] U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33800 2008-11-25] (IVT Corporation.) S4 IntelIde; No ImagePath U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-07 12:39 - 2015-08-07 12:39 - 00012145 _____ C:\Documents and Settings\W\Desktop\FRST.txt 2015-08-07 12:39 - 2015-08-07 12:39 - 00000000 ____D C:\FRST 2015-08-07 12:37 - 2015-08-07 12:37 - 01673728 _____ (Farbar) C:\Documents and Settings\W\Desktop\FRST.exe 2015-08-07 10:56 - 2015-08-07 12:35 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-06 11:04 - 2015-08-06 11:13 - 00004839 _____ C:\WINDOWS\setupapi.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-07 12:39 - 2015-07-06 18:05 - 00000000 ____D C:\Documents and Settings\W\Local Settings\Temp 2015-08-07 12:38 - 2015-05-31 20:03 - 00000000 ____D C:\Documents and Settings\W\My Documents\Изтегляния 2015-08-07 12:35 - 2012-04-25 20:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-07 12:35 - 2012-03-31 18:44 - 00422658 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-07 12:33 - 2012-03-31 21:36 - 00360124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-07 12:30 - 2012-06-28 10:13 - 00006244 _____ C:\WINDOWS\system32\LOCALSERVICE.INI 2015-08-07 12:30 - 2012-03-31 19:11 - 00000000 ____D C:\WINDOWS\system32\Lang 2015-08-07 12:29 - 2014-02-13 22:07 - 00000270 _____ C:\WINDOWS\Tasks\SmartDefrag3_Update.job 2015-08-07 12:29 - 2012-03-31 19:21 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-07 12:29 - 2012-03-31 18:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-07 12:29 - 2009-02-27 17:04 - 00001047 _____ C:\WINDOWS\system32\bscs.ini 2015-08-07 11:05 - 2015-07-06 14:08 - 00032644 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-07 11:05 - 2012-03-31 18:57 - 00000178 ___SH C:\Documents and Settings\W\ntuser.ini 2015-08-07 11:01 - 2012-03-31 19:21 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-07 10:54 - 2012-09-15 13:00 - 00001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1004336348-1606980848-1003Core1cd9328f877505a.job 2015-08-07 10:54 - 2012-03-31 22:21 - 00001062 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1004336348-1606980848-1003UA.job 2015-08-06 16:02 - 2012-04-01 19:29 - 00000000 ____D C:\Documents and Settings\W\Application Data\Skype 2015-08-06 10:56 - 2012-03-31 22:22 - 00002250 _____ C:\Documents and Settings\W\Desktop\Google Chrome.lnk 2015-08-05 20:16 - 2001-08-23 10:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-08-04 15:58 - 2015-07-06 18:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData 2015-07-26 13:17 - 2013-03-14 21:48 - 00000182 _____ C:\drwtsn32.log 2015-07-23 15:06 - 2012-04-03 14:12 - 00000000 ____D C:\Program Files\TeamViewer3 2015-07-17 22:03 - 2015-05-29 20:15 - 00000286 _____ C:\WINDOWS\Tasks\Program Manager.job 2015-07-10 14:46 - 2012-05-10 11:58 - 00000000 ____D C:\Documents and Settings\W\Desktop\imoti ==================== Files in the root of some directories ======= 2012-04-04 20:59 - 2015-02-17 18:21 - 0016896 _____ () C:\Documents and Settings\W\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ Addition.txt
  3. Здравейте, за първи път пиша във форума и моля да ме извините ако тук не е точното място на моя въпрос. От няколко дни имам проблем - при зареждане на страници ми изкача прозорец, който блокира съдържанието на страницата. Обикновено се отваря нов прозорец със следното съдържание - data:text/html,<script>window.close();</script> или конкретна реклама на онлайн магазин или досадните "Вие спечелихте...". Използвам Avast, Malwarebytes и adwcleaner, които не индикират проблем. Моля за помощ от Ваша страна. Благодаря за отделеното време и внимание. Хубав и успешен ден!
  4. Здравейте, Имам голям проблем с троянски кон. Този вид е известен като Dark Comet. Всичко тръгна от един приятел който беше правил клип как се работи с него и аз го изтеглих. ( за което съжалявам много ) След малко цъкнах на програмата да се пусне и нищо не стана, затворих папката след 10 секунди я отворих отново и програмката избягала чак в C диска, папка Users и така така някъде си навътре... Четох много постове и изтеглих някои програми: - Malwarebytes Anti-Malware - esetsmartinstaller_enu - noscript - CryptoPrevent - MyDefrag - FRST64 И изтрих стара ми антивирусна Advanced System Care 8. Програмата Malwarebytes Anti-Malware я пусках да изчисти уж някои неща и какво да видя... Последно не си спомням колко бяха, но говорим за повече от 150. Така, така сега търся помощ в смисъл какво ви е нужно освен двата текстови документа от FRST които прикачих. И както ви е известно четох малко за този троянски кон и както си пише така и стана ... Метнал се е на csrss, но нещо не знам какво направих и изчезна и тей тей си вървъ из файловете, до одеве ми местеше иконите.. Та ся утихна малко тоз кон и се оставям на ваши ръце. Благодаря предварително ! Addition.txt FRST.txt
  5. Здравейте.Сигурно компютъра е лепнал някаква гадина , от известно време е много трудно да се сърфира нормално из интернет ,постоянно излизат разни реклами .Другото което е като дам назад ,за да върна някоя страница трябва да натисна 5-6 пъти стрелката , за да се върне предходната страница (използвам chrome) Забелязах , че с отварянето на браузъра се стартира и някаква добавка - 7savae 2.2 Като я махна се пооправя малко но пак е доста муден Компютъра се използва от всички членове на семейството ,та незнам кой в какви сайтове се рови и какво се сваля,имам антивирусна ( microsoft security essentials) но явно е влезнало нещо . Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Tsvetan (administrator) on TSVETAN-PC on 13-03-2015 18:28:47 Running from C:\Users\Tsvetan\Desktop Loaded Profiles: Tsvetan (Available profiles: Tsvetan) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Autodata Limited) C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe () D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\BlueSoleilCS.exe () D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\BsMobileCS.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe () D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\BsHelpCS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\BtTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) AppInit_DLLs: 4 0 => 4 0 File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3399673831-2713686379-3482629517-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3399673831-2713686379-3482629517-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3399673831-2713686379-3482629517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE HKU\S-1-5-21-3399673831-2713686379-3482629517-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=BDT1&ocid=bdtdhp SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0F0CyC0B0B0FzztCtB0F0CtAyDtN0D0Tzu0CtByEzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=316245494 SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> DefaultScope {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q={searchTerms} SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q={searchTerms} SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> {5E55F9EC-CFEF-E453-B954-71D3D1222C2A} URL = http://search.babylon.com/?q={searchTerms}&AF=109130&tt=090212_noffx&babsrc=SP_ss&mntrId=784efc35000000000000001fc6bbf812 SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> {8CB80152-FBCE-473C-ABCD-A81D5C6F4937} URL = http://www.bing.com/search?FORM=BDKTDF&PC=BDT1&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3399673831-2713686379-3482629517-1000 -> {DD77A081-619B-4378-A4EE-FD7BFBE6A1A5} URL = https://www.google.com/search?q={searchTerms} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 195.24.90.1 195.24.88.1 Tcpip\..\Interfaces\{1CCA028E-5561-4405-9AAE-567FCDF37FD7}: [NameServer] 10.250.238.3 10.250.238.4 FireFox: ======== FF ProfilePath: C:\Users\Tsvetan\AppData\Roaming\Mozilla\Firefox\Profiles\5wjvx04s.default FF DefaultSearchEngine: WebSearch FF DefaultSearchEngine,S: WebSearch FF DefaultSearchUrl: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/05/17&hid=16964448839413303893&lg=EN&cc=BG&l=1&q= FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SelectedSearchEngine: WebSearch FF SelectedSearchEngine,S: WebSearch FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-25] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-09-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-09-07] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npfd.dll [2013-03-27] (FreshDevices Corp.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\911bg.xml [2011-11-21] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\diribg.xml [2011-11-21] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml [2011-11-21] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml [2011-11-21] FF Extension: tiAkeshiop - C:\Users\Tsvetan\AppData\Roaming\Mozilla\Firefox\Profiles\5wjvx04s.default\Extensions\L@icf.edu [2015-02-15] FF Extension: aDsy - C:\Users\Tsvetan\AppData\Roaming\Mozilla\Firefox\Profiles\5wjvx04s.default\Extensions\n6pJU@d.org [2015-02-15] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-11-06] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Tsvetan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (7savae) - C:\ProgramData\hcokglkhkdpieiligmplpiebcicfkmin\ [] CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-03-16] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] Opera: ======= OPR StartupUrls: "hxxp://google.com/" ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2014-05-17] (Autodata Limited) [File not signed] R2 BlueSoleilCS; D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\BlueSoleilCS.exe [850432 2009-02-27] () [File not signed] R3 BsHelpCS; D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\BsHelpCS.exe [98407 2009-02-27] () [File not signed] R2 BsMobileCS; D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\BsMobileCS.exe [143467 2009-02-27] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15904544 2014-02-05] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] () S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33800 2008-11-25] (IVT Corporation.) S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27528 2008-11-25] (IVT Corporation.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.) R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-07] () R3 BTNetFilter; D:\Tsvetan\PROGRAMS\IVT.BlueSoleil.v6.4.249.0.x64 & x86 .Incl.Keymaker-EMBRACE\Device\Win2k\BTNetFilter.sys [22416 2006-11-22] (IVT Corporation.) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-16] (DT Soft Ltd) S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2008-04-22] (EnTech Taiwan) R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.) R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] () R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [31880 2009-01-08] (IVT Corporation.) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2012-10-22] (VIA Technologies, Inc.) R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-03-01] (Vodafone) R1 wStLib; C:\Windows\System32\drivers\wStLib.sys [52928 2014-03-19] (StdLib) S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-04-19] (ZTE Incorporated) S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [193536 2011-04-09] (ZTE Incorporated) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 BT; system32\DRIVERS\btnetdrv.sys [X] S0 BTHidEnum; System32\Drivers\vbtenum.sys [X] S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 18:28 - 2015-03-13 18:29 - 00016803 _____ () C:\Users\Tsvetan\Desktop\FRST.txt 2015-03-13 18:28 - 2015-03-13 18:28 - 01135104 _____ (Farbar) C:\Users\Tsvetan\Desktop\FRST.exe 2015-03-13 18:28 - 2015-03-13 18:28 - 00000000 ____D () C:\FRST 2015-03-11 12:31 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 12:31 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 12:31 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 12:31 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 12:31 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 12:31 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 12:31 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 12:31 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 12:31 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 12:31 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 12:31 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 12:31 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 12:31 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 12:31 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 12:31 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 12:31 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 12:31 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 12:31 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 12:31 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 12:31 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 12:31 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 12:31 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 12:31 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 12:31 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 12:31 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 12:31 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 12:31 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 12:31 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 12:31 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 12:31 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 12:31 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 12:31 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 12:31 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 12:31 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 12:31 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 12:31 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 12:31 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 12:31 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 12:31 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 12:31 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 12:31 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 12:31 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 12:31 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 12:31 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 12:31 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 12:31 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 12:31 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 12:31 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-11 12:31 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 12:31 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 12:31 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 12:31 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 12:31 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 12:31 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 12:31 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 12:31 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 12:31 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 12:31 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 12:31 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 12:31 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 12:31 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 12:31 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 12:31 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 12:31 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 12:31 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 12:31 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 12:31 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 12:31 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 12:31 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 12:31 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 12:31 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 12:31 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 12:31 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 12:31 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 12:31 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 12:31 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-02-25 15:54 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-25 14:19 - 2015-02-04 01:57 - 00606920 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2015-02-25 14:14 - 2015-02-04 05:35 - 24199824 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 15294096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 11272048 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 11209376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 10702664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-02-25 14:14 - 2015-02-04 05:35 - 03987784 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 01060680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234144.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 00911504 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234144.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 00908432 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll 2015-02-25 14:14 - 2015-02-04 05:35 - 00870032 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll 2015-02-17 19:14 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-17 19:14 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-17 19:14 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL 2015-02-15 18:23 - 2015-02-15 18:23 - 00028878 _____ () C:\Users\Tsvetan\Downloads\247.degrees.fahrenheit.2011.brrip.xvid-lycan(subsunacs.net) (1).rar 2015-02-15 18:23 - 2015-02-15 18:23 - 00000000 ____D () C:\Users\Tsvetan\Desktop\247.degrees.fahrenheit.2011.brrip.xvid-lycan(subsunacs.net) (1) 2015-02-15 18:20 - 2015-02-15 18:20 - 00028878 _____ () C:\Users\Tsvetan\Downloads\247.degrees.fahrenheit.2011.brrip.xvid-lycan(subsunacs.net).rar 2015-02-15 17:46 - 2015-02-15 17:46 - 00020332 _____ () C:\Users\Tsvetan\Downloads\Windows_8.1_PRO._Activated_[by_TorW]_[isohunt.to] (6).torrent 2015-02-15 17:44 - 2015-02-15 17:44 - 00020332 _____ () C:\Users\Tsvetan\Downloads\Windows_8.1_PRO._Activated_[by_TorW]_[isohunt.to] (5).torrent 2015-02-15 17:44 - 2015-02-15 17:44 - 00020332 _____ () C:\Users\Tsvetan\Downloads\Windows_8.1_PRO._Activated_[by_TorW]_[isohunt.to] (4).torrent 2015-02-15 17:43 - 2015-02-15 17:43 - 00020332 _____ () C:\Users\Tsvetan\Downloads\Windows_8.1_PRO._Activated_[by_TorW]_[isohunt.to] (3).torrent 2015-02-15 17:43 - 2015-02-15 17:43 - 00020332 _____ () C:\Users\Tsvetan\Downloads\Windows_8.1_PRO._Activated_[by_TorW]_[isohunt.to] (2).torrent 2015-02-15 17:42 - 2015-02-15 17:42 - 00020332 _____ () C:\Users\Tsvetan\Downloads\Windows_8.1_PRO._Activated_[by_TorW]_[isohunt.to] (1).torrent 2015-02-15 17:41 - 2015-02-15 17:41 - 00020332 _____ () C:\Users\Tsvetan\Downloads\Windows_8.1_PRO._Activated_[by_TorW]_[isohunt.to].torrent 2015-02-13 15:51 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-13 15:50 - 2015-02-04 04:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-13 15:50 - 2015-02-04 04:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-13 15:50 - 2015-02-04 04:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-13 15:50 - 2015-02-04 04:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-13 15:50 - 2015-02-04 04:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-13 15:50 - 2015-02-04 04:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-13 15:50 - 2015-02-04 04:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-13 15:50 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-13 15:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 18:22 - 2012-09-03 19:13 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-13 18:22 - 2011-12-13 16:42 - 01428287 _____ () C:\Windows\WindowsUpdate.log 2015-03-13 18:21 - 2013-03-27 17:27 - 00006510 _____ () C:\Windows\system32\LOCALSERVICE.INI 2015-03-13 18:21 - 2013-03-27 17:27 - 00000102 _____ () C:\Windows\system32\LOCALDEVICE.INI 2015-03-13 18:21 - 2009-02-27 17:04 - 00001152 _____ () C:\Windows\system32\bscs.ini 2015-03-13 18:17 - 2009-07-14 06:34 - 00030960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-13 18:17 - 2009-07-14 06:34 - 00030960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-13 18:10 - 2014-09-23 17:37 - 00027962 _____ () C:\Windows\setupact.log 2015-03-13 18:10 - 2012-09-03 19:13 - 00000984 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-13 18:10 - 2011-12-13 17:28 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399673831-2713686379-3482629517-1000UA.job 2015-03-13 18:10 - 2011-12-13 16:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-13 18:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-12 20:36 - 2012-05-04 15:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-12 19:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2015-03-12 19:41 - 2011-12-13 17:28 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3399673831-2713686379-3482629517-1000Core.job 2015-03-12 17:37 - 2009-07-14 06:33 - 00406024 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 15:09 - 2011-12-15 14:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 15:08 - 2013-08-18 20:39 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 15:03 - 2011-12-13 20:52 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 12:25 - 2014-10-03 20:00 - 00000000 ____D () C:\Program Files\Opera 2015-03-09 14:31 - 2010-11-20 23:01 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-03 15:16 - 2011-12-13 17:37 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-25 22:11 - 2013-11-11 19:32 - 00000000 ____D () C:\Users\Tsvetan\AppData\Local\Viber 2015-02-25 22:10 - 2013-11-11 19:32 - 00000000 ____D () C:\Users\Tsvetan\AppData\Roaming\ViberPC 2015-02-25 14:19 - 2014-02-18 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-02-22 20:21 - 2011-12-13 18:56 - 00000000 ____D () C:\Users\Tsvetan\AppData\Roaming\Skype 2015-02-18 18:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing 2015-02-15 21:00 - 2011-12-13 18:33 - 00000000 ____D () C:\Users\Tsvetan\AppData\Roaming\uTorrent 2015-02-15 12:36 - 2014-12-12 09:45 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-15 12:36 - 2014-05-07 15:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-13 16:26 - 2012-05-01 12:00 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-13 16:26 - 2012-01-09 21:46 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-13 16:26 - 2011-12-13 18:54 - 00001945 _____ () C:\Windows\epplauncher.mif ==================== Files in the root of some directories ======= 2014-11-23 18:57 - 2014-12-12 18:52 - 0000004 _____ () C:\Users\Tsvetan\AppData\Roaming\appdataFr2.bin 2011-12-19 15:09 - 2014-06-25 10:56 - 0000088 _____ () C:\Users\Tsvetan\AppData\Roaming\default.pls 2013-12-09 20:09 - 2013-12-09 20:09 - 0004608 _____ () C:\Users\Tsvetan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-09-09 13:11 - 2013-09-09 13:11 - 0003366 _____ () C:\Users\Tsvetan\AppData\Local\HWVendorDetection.log 2012-09-09 19:23 - 2013-07-09 17:10 - 0007634 _____ () C:\Users\Tsvetan\AppData\Local\Resmon.ResmonCfg 2010-04-22 19:37 - 2010-04-22 19:37 - 0155474 ____R () C:\ProgramData\DeviceManager.xml.rc4 2011-12-13 18:57 - 2011-12-13 18:57 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2014-05-17 16:11 - 2014-07-15 15:02 - 0000483 _____ () C:\ProgramData\Sls.ini Some content of TEMP: ==================== C:\Users\Tsvetan\AppData\Local\temp\jre-8u31-windows-au.exe C:\Users\Tsvetan\AppData\Local\temp\nvSCPAPI.dll C:\Users\Tsvetan\AppData\Local\temp\nvStInst.exe C:\Users\Tsvetan\AppData\Local\temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-06 15:52 Addition.txt
  6. Здравейте, Реших да поразчистя компютъра и направих сканиране с MBAM, която откри нежелани приложения. Потърсих информация в интернет и попаднах на този форум. Искрено се надявам, че с ваша помощ, ще изчистим тази гадинка.Изнесох и прилагам лог от сканирането с мбам. След това ще изпълня другите стъпки в ръководството. Благодаря предварително. Malwarebytes Anti-Malware www.malwarebytes.org Дата на сканиране: 22.4.2015 г. Час на сканиране: 17:02:02 Дневник: mbam.txt Администратор: Да Версия: 2.01.4.1018 База от данни за злонамерен софтуер: v2015.04.22.03 База от данни за рууткити: v2015.04.21.01 Лиценз: Безплатен Защита от злонамерен софтуер: Забранено Защита от злонамерени страници: Забранено Самозащита: Забранено Когато опитах да изтегля Farbar Recovery Scan Tool антивирусната ми програма Аваст, го разпозна като зловреден и го блокира.
  7. Всеки ден като си пусна компютъра Malwarebytes Anti-Malware открива като заплаха вируса,който е посочен в заглавието на тази тема.Всеки път го слагам под карантина и на другия ден пак същата история.Не разполагам с компакт диск за моята операционна система. Съдържанието на файла FRST.txt ---> Addition.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015 Ran by danitooo (administrator) on DANITOOO-PC on 10-05-2015 21:32:35 Running from C:\Users\danitooo\Downloads Loaded Profiles: danitooo & UpdatusUser (Available profiles: danitooo & UpdatusUser) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe () C:\Program Files\RocketDock\RocketDock.exe (BitTorrent Inc.) C:\Users\danitooo\AppData\Roaming\uTorrent\uTorrent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-07] (AVAST Software) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2015-01-25] (Realtek Semiconductor) HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] () HKU\S-1-5-21-3170674983-682481904-2544561987-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit) HKU\S-1-5-21-3170674983-682481904-2544561987-1001\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-3170674983-682481904-2544561987-1001\...\Run: [uTorrent] => C:\Users\danitooo\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.) HKU\S-1-5-21-3170674983-682481904-2544561987-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-3170674983-682481904-2544561987-1001\...\MountPoints2: {052dd93d-eb45-11e3-84ab-001e9048b044} - E:\Autorun.exe HKU\S-1-5-21-3170674983-682481904-2544561987-1001\...\MountPoints2: {052dd946-eb45-11e3-84ab-001e9048b044} - E:\SETUP.EXE HKU\S-1-5-21-3170674983-682481904-2544561987-1001\...\MountPoints2: {c165d3ac-c00b-11e3-8e0d-001e9048b044} - E:\Autorun.exe IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\ChangeIcon.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\DriverBooster.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\IObitDownloader.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\MakeSFX.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\Promote.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\Scheduler.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\SetupHlp.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 8\AutoReactivator.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-08-07] (AVAST Software) BootExecute: autocheck autochk * SmartDefragBootTime.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3170674983-682481904-2544561987-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\S-1-5-21-3170674983-682481904-2544561987-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\S-1-5-21-3170674983-682481904-2544561987-1001 -> {5B9026C0-EAE3-46E1-8B86-56DDA1A6D821} URL = http://search.us.com/serp?guid={EE5D42FD-60EC-4AAD-8B86-81EAE235F6C7}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-3170674983-682481904-2544561987-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKU\S-1-5-21-3170674983-682481904-2544561987-1001 -> {A5886355-8636-48EF-8242-33B8EF5D1AA7} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513 SearchScopes: HKU\S-1-5-21-3170674983-682481904-2544561987-1001 -> {AA12B683-D02A-484C-9700-AAAEFBB5A2A9} URL = http://search.us.com/serp?guid={5224BF52-C871-4857-80DB-31F6ECDAEA44}&action=default_search&k={searchTerms} SearchScopes: HKU\S-1-5-21-3170674983-682481904-2544561987-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-02-10] (IObit) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation) BHO: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\..\Interfaces\{42C8C059-8EB6-45F6-8D21-F808FF8DCBFA}: [NameServer] 89.215.246.40 89.215.233.2 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-14] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems) FF Plugin HKU\S-1-5-21-3170674983-682481904-2544561987-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\danitooo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-07] Chrome: ======= CHR HomePage: Default -> hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=C055001E9048B044&affID=128403&tsp=5212 CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22] CHR Extension: (Google Drive) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22] CHR Extension: (YouTube) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22] CHR Extension: (Google Search) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22] CHR Extension: (Blur) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2015-03-26] CHR Extension: (AdBlock) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-30] CHR Extension: (Bookmark Manager) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16] CHR Extension: (Avast Online Security) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22] CHR Extension: (video2mp3) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oljlcbniifdjapjocdfamhlnmpkojdkm [2014-12-06] CHR Extension: (Gmail) - C:\Users\danitooo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-07] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S4 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit) S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-03-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-07] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-07] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-07] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-07] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-07] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-07] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-07] () S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-08-29] (Windows ® Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-06-04] (Disc Soft Ltd) S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2014-11-10] (IObit) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-01-03] (REALiX) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2014-11-10] (IObit.com) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2014-06-04] (IObit) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2014-11-10] (IObit.com) S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 vtany; \??\C:\Windows\vtany.sys [X] S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-10 21:32 - 2015-05-10 21:33 - 00018392 _____ () C:\Users\danitooo\Downloads\FRST.txt 2015-05-10 21:32 - 2015-05-10 21:32 - 00000000 ____D () C:\FRST 2015-05-10 21:31 - 2015-05-10 21:32 - 01141248 _____ (Farbar) C:\Users\danitooo\Downloads\FRST.exe 2015-05-10 03:56 - 2015-05-10 03:56 - 00006596 _____ () C:\Users\danitooo\Downloads\BabyGotBoobs - Anya Ivy.torrent 2015-05-10 03:55 - 2015-05-10 03:55 - 00011609 _____ () C:\Users\danitooo\Downloads\BigTitCreamPie - Peta Jensen.torrent 2015-05-10 03:53 - 2015-05-10 03:53 - 00016165 _____ () C:\Users\danitooo\Downloads\CFNMSecret - Annika Albrite, Peta Jensen.torrent 2015-05-10 03:50 - 2015-05-10 03:50 - 00019829 _____ () C:\Users\danitooo\Downloads\MyWifesHotFriend - August Ames.torrent 2015-05-10 01:43 - 2015-05-10 01:43 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-09 20:57 - 2015-05-09 20:57 - 00027840 _____ () C:\Users\danitooo\Downloads\American_Pie_UNRATED_1999_720p_BluRay_DTS_x264_CtrlHD.(subs.sab.bz).rar 2015-05-09 20:57 - 2015-05-09 20:57 - 00011287 _____ () C:\Users\danitooo\Downloads\American.Pie.1999.UNRATED.BRRip.XviD.AC3.YeeP.torrent 2015-05-09 20:52 - 2015-05-09 20:52 - 00011918 _____ () C:\Users\danitooo\Downloads\American.Pie.6.Beta.House.2007.DVDRip.XviD.AC3.BGAUDIO-SlzD.torrent 2015-05-09 02:22 - 2015-05-09 02:22 - 00014536 _____ () C:\Users\danitooo\Downloads\BigTitsAtSchool - Madison Ivy, Monique Alexander (Are You Staring At Your Teacher's Tits).torrent 2015-05-09 02:19 - 2015-05-09 02:19 - 00014836 _____ () C:\Users\danitooo\Downloads\Neighbor Affair - Monique Alexander.torrent 2015-05-09 02:16 - 2015-05-09 02:16 - 00011521 _____ () C:\Users\danitooo\Downloads\[MonstersOfCock] - Monique Alexander - Monique Alexander swallows black cock [bangBros] - NEW 18 NOVEMBER 2014 NEW.torrent 2015-05-09 02:13 - 2015-05-09 02:13 - 00018416 _____ () C:\Users\danitooo\Downloads\2csthollymoniquejohnny_mobile.mp4.torrent 2015-05-07 22:27 - 2015-05-07 22:27 - 00011566 _____ () C:\Users\danitooo\Downloads\MommyGotBoobs - Diamond Jackson - Busted and Busty.torrent 2015-05-07 22:26 - 2015-05-07 22:26 - 00014777 _____ () C:\Users\danitooo\Downloads\MomsInControl - Tia Layne & Tina Hot (Movie Night) NEW February 9 2015 SD MP4s.torrent 2015-05-07 22:23 - 2015-05-07 22:23 - 00017990 _____ () C:\Users\danitooo\Downloads\Massaging Your Mum's Muff - Vanilla Deville , Michael Vegas.torrent 2015-05-07 22:21 - 2015-05-07 22:21 - 00028141 _____ () C:\Users\danitooo\Downloads\AssHoleFever - Anastasia Squirt -Cock-hungry slut.torrent 2015-05-07 11:25 - 2015-05-07 11:25 - 00159880 _____ () C:\Windows\Minidump\050715-29967-01.dmp 2015-05-06 23:51 - 2015-05-07 00:48 - 00000000 ____D () C:\Users\danitooo\AppData\Roaming\HearthstoneDeckTracker 2015-05-06 17:24 - 2015-05-06 17:24 - 00013496 _____ () C:\Users\danitooo\Downloads\Shes Gonna Squirt - Jayden Lee.torrent 2015-05-06 17:19 - 2015-05-06 17:19 - 00020411 _____ () C:\Users\danitooo\Downloads\PublicBang - Sharon Lee.torrent 2015-05-06 17:19 - 2015-05-06 17:19 - 00013445 _____ () C:\Users\danitooo\Downloads\PublicBang - Sharon Lee - Big Tit Asian Chick Fucked In Public.torrent 2015-05-06 17:17 - 2015-05-06 17:17 - 00012113 _____ () C:\Users\danitooo\Downloads\TeensLikeItBig - Kalina Ryu & Morgan Lee (Rub N Tug Trainee) NEW April 25 2015 SD MP4s (1).torrent 2015-05-06 15:07 - 2015-05-10 01:30 - 00000726 _____ () C:\Windows\PFRO.log 2015-05-06 15:07 - 2015-05-10 01:30 - 00000336 _____ () C:\Windows\setupact.log 2015-05-06 15:07 - 2015-05-06 15:07 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-06 03:12 - 2015-05-06 03:12 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-05-06 03:12 - 2015-05-06 03:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-05-06 03:10 - 2015-05-06 03:10 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-05 02:06 - 2015-05-05 02:06 - 00013881 _____ () C:\Users\danitooo\Downloads\MommyGotBoobs - Kendra Lust.torrent 2015-05-05 02:05 - 2015-05-05 02:05 - 00020882 _____ () C:\Users\danitooo\Downloads\MilfsLikeItBig - Ashton Blake (Dont Fuck With This Milf) NEW December 5, 2014 480p sd.torrent 2015-05-03 03:19 - 2015-05-03 03:19 - 00017484 _____ () C:\Users\danitooo\Downloads\hot_and_ready_big.mp4.torrent 2015-05-02 18:29 - 2015-05-02 18:29 - 00012245 _____ () C:\Users\danitooo\Downloads\Pounding Out The Project - Reena Sky & Johnny Sins (720p).torrent 2015-05-02 18:25 - 2015-05-02 18:25 - 00016331 _____ () C:\Users\danitooo\Downloads\Your Dad Doesn't Understand - Amirah Adara, Mercedes Carrera & Xander Corvus (720p).torrent 2015-05-02 02:09 - 2015-05-02 02:09 - 00013822 _____ () C:\Users\danitooo\Downloads\The New Porno Order - Peta Jensen & Johnny Sins (720p).torrent 2015-05-02 02:03 - 2015-05-02 02:03 - 00012703 _____ () C:\Users\danitooo\Downloads\Brazzers House Episode Five (720p).torrent 2015-05-02 02:01 - 2015-05-02 02:01 - 00013262 _____ () C:\Users\danitooo\Downloads\iktg_kitana_lure_fa121814_480p_1000.mp4.torrent 2015-05-01 01:57 - 2015-05-01 01:57 - 00014908 _____ () C:\Users\danitooo\Downloads\That Fucking Bitch Part Two - Jessica Jaymes, Jaclyn Taylor & Johnny Sins (720p).torrent 2015-04-30 22:29 - 2015-04-30 22:29 - 00011637 _____ () C:\Users\danitooo\Downloads\Mirrors.2.2010.720p.BRRip.XviD.AC3-ViSiON.torrent 2015-04-30 21:51 - 2015-04-30 21:51 - 02359350 _____ () C:\Users\danitooo\Downloads\de_dustlands0000.bmp 2015-04-30 21:50 - 2015-04-30 21:50 - 02359350 _____ () C:\Users\danitooo\Downloads\de_dustlands0002.bmp 2015-04-30 21:49 - 2015-04-30 21:49 - 02359350 _____ () C:\Users\danitooo\Downloads\de_dustlands0003.bmp 2015-04-30 21:47 - 2015-04-30 21:48 - 02359350 _____ () C:\Users\danitooo\Downloads\de_dustlands0004.bmp 2015-04-30 00:31 - 2015-04-30 00:31 - 00004604 _____ () C:\Users\danitooo\Downloads\MySistersHotFriend - Nicole Aniston.torrent 2015-04-30 00:29 - 2015-04-30 00:29 - 00005550 _____ () C:\Users\danitooo\Downloads\Housewife1On1 - Monique Alexander.torrent 2015-04-29 00:48 - 2015-04-29 00:48 - 00015306 _____ () C:\Users\danitooo\Downloads\Teaching Her How To Cum - Peta Jensen & Johnny Sins (720p).torrent 2015-04-28 23:51 - 2015-04-28 23:51 - 00659277 _____ () C:\Users\danitooo\Downloads\cs-3284-de_prodigy32.zip 2015-04-28 23:12 - 2015-04-28 23:12 - 10454957 _____ () C:\Users\danitooo\Downloads\cs-655-de_fog.rar 2015-04-28 23:12 - 2015-04-28 23:12 - 04858531 _____ () C:\Users\danitooo\Downloads\cs-928-de_sultan.rar 2015-04-28 23:12 - 2015-04-28 23:12 - 01877616 _____ () C:\Users\danitooo\Downloads\cs-1676-de_luxor.rar 2015-04-28 23:11 - 2015-04-28 23:11 - 05472107 _____ () C:\Users\danitooo\Downloads\cs-2541-de_abou.zip 2015-04-28 23:11 - 2015-04-28 23:11 - 02739085 _____ () C:\Users\danitooo\Downloads\cs-1713-de_suntower.rar 2015-04-28 23:11 - 2015-04-28 23:11 - 01867140 _____ () C:\Users\danitooo\Downloads\cs-1797-de_zima.rar 2015-04-28 23:10 - 2015-04-28 23:10 - 03795544 _____ () C:\Users\danitooo\Downloads\cs-2790-de_hell.zip 2015-04-28 23:10 - 2015-04-28 23:10 - 00953946 _____ () C:\Users\danitooo\Downloads\cs-1723-de_vengeance.rar 2015-04-28 23:10 - 2015-04-28 23:10 - 00646009 _____ () C:\Users\danitooo\Downloads\cs-1814-de_train_32.rar 2015-04-28 23:09 - 2015-04-28 23:09 - 08438785 _____ () C:\Users\danitooo\Downloads\cs-3013-de_austria.zip 2015-04-28 12:37 - 2015-04-28 12:37 - 00160384 _____ () C:\Windows\Minidump\042815-53211-01.dmp 2015-04-27 23:47 - 2015-04-27 23:47 - 00014640 _____ () C:\Users\danitooo\Downloads\Marta LaCroft - Sexy Tourist Fucks in the Bathroom SD.torrent 2015-04-27 23:45 - 2015-04-27 23:46 - 00016895 _____ () C:\Users\danitooo\Downloads\Piper Perri - Tiny Teen Fucks Her Massive Man SD.torrent 2015-04-26 23:49 - 2015-04-26 23:49 - 00012113 _____ () C:\Users\danitooo\Downloads\TeensLikeItBig - Kalina Ryu & Morgan Lee (Rub N Tug Trainee) NEW April 25 2015 SD MP4s.torrent 2015-04-26 23:45 - 2015-04-26 23:46 - 00013772 _____ () C:\Users\danitooo\Downloads\Mandingo The King Of Interracial XXX 2015 DVDRip x264.torrent 2015-04-25 02:05 - 2015-04-25 02:05 - 00015963 _____ () C:\Users\danitooo\Downloads\RealWifeStories - Christy Mack.torrent 2015-04-25 02:04 - 2015-04-25 02:04 - 00010902 _____ () C:\Users\danitooo\Downloads\First DP for Christy Mack!.torrent 2015-04-25 01:58 - 2015-04-25 01:58 - 00017348 _____ () C:\Users\danitooo\Downloads\Housewife1on1 - Peta Jensen NEW April 23 2015 SD MP4s.torrent 2015-04-25 01:58 - 2015-04-25 01:58 - 00012913 _____ () C:\Users\danitooo\Downloads\HardX - Isabella De Santos (Hot Anal Latina) NEW April 2015 SD MP4s.torrent 2015-04-24 01:57 - 2015-04-24 01:57 - 00016553 _____ () C:\Users\danitooo\Downloads\Porn Pros Cumshots Only 2.torrent 2015-04-24 01:27 - 2015-04-24 01:28 - 00016638 _____ () C:\Users\danitooo\Downloads\Porn Pros - Sexy Aerobic Workout - August Ames HD.torrent 2015-04-23 12:29 - 2015-04-23 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2015-04-23 01:36 - 2015-04-23 01:36 - 00013090 _____ () C:\Users\danitooo\Downloads\CuckoldSessions - Madelyn Monroe NEW April 2015 SD MP4s.torrent 2015-04-23 01:35 - 2015-04-23 01:35 - 00010854 _____ () C:\Users\danitooo\Downloads\TeensLikeItBig - Piper Perri (Piper Meets Mr.Creep) NEW April SD MP4s.torrent 2015-04-22 22:34 - 2015-04-22 22:34 - 02158866 _____ () C:\Users\danitooo\Downloads\cs-3267-de_cliffcabin.zip 2015-04-21 15:08 - 2015-04-21 15:08 - 00017598 _____ () C:\Users\danitooo\Downloads\Hardcore Gamer Chick (05.03.2015) 1080p (Jayden Lee & Preston Parker).mp4.torrent 2015-04-20 19:55 - 2015-04-20 19:55 - 00000000 ____D () C:\Program Files\Common Files\Java 2015-04-20 18:53 - 2015-04-20 18:54 - 48041760 _____ (IObit) C:\Users\danitooo\Downloads\advanced-systemcare-setup (1).exe 2015-04-20 18:13 - 2015-04-20 18:13 - 00011029 _____ () C:\Users\danitooo\Downloads\TeensLikeItBig - Ariana Marie (I Think We Should Bang Other People Part One) NEW April 18 2015 SD MP4s.torrent 2015-04-20 18:12 - 2015-04-20 18:12 - 00025106 _____ () C:\Users\danitooo\Downloads\Linda Swet - Hands on Hardcore - Bachelor's Gangbang DP DAP TP TRIPLE PENETRATION.torrent 2015-04-20 18:11 - 2015-04-20 18:11 - 00012060 _____ () C:\Users\danitooo\Downloads\MonstersofCock - Piper Perri (Piper Perri Takes on the McPipe) NEW April 2015 SD MP4s.torrent 2015-04-20 18:11 - 2015-04-20 18:11 - 00011296 _____ () C:\Users\danitooo\Downloads\Julia De Lucia - Spanish Student Down to Fuck SD.torrent 2015-04-20 00:42 - 2015-04-20 00:43 - 00018740 _____ () C:\Users\danitooo\Downloads\MyNaughtyMassage - Nicole Aniston NEW April 10 2015 SD MP4s.torrent 2015-04-19 01:45 - 2015-04-19 01:45 - 75689994 _____ () C:\Users\danitooo\Desktop\ Original.flv 2015-04-19 01:43 - 2015-04-19 01:44 - 79595643 _____ () C:\Users\danitooo\Desktop\AMV Tokyo Ghoul - We Are 2015-04-19 01:42 - 2015-04-19 01:43 - 78377720 _____ () C:\Users\danitooo\Desktop\Tokyo Ghoul AMV - Desire ᴵᴹᴲ Original.flv 2015-04-17 19:36 - 2015-04-17 19:36 - 00000000 ____D () C:\ProgramData\Battle.net 2015-04-17 13:13 - 2015-04-17 13:13 - 00155072 _____ () C:\Windows\Minidump\041715-29468-01.dmp 2015-04-16 13:01 - 2015-04-16 13:01 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-15 23:26 - 2015-04-02 02:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 23:26 - 2015-03-13 06:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 23:26 - 2015-03-13 06:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 23:26 - 2015-03-13 06:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 23:26 - 2015-03-13 06:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 23:26 - 2015-03-13 06:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 23:26 - 2015-03-13 06:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 23:26 - 2015-03-13 06:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 23:26 - 2015-03-13 06:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 23:26 - 2015-03-13 06:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 23:26 - 2015-03-13 06:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 23:26 - 2015-03-13 06:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 23:26 - 2015-03-13 06:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 23:26 - 2015-03-13 06:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 23:26 - 2015-03-13 06:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 23:26 - 2015-03-13 06:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 23:26 - 2015-03-13 06:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 23:26 - 2015-03-13 06:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 23:26 - 2015-03-13 06:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 23:26 - 2015-03-13 05:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 23:26 - 2015-03-13 05:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 23:26 - 2015-03-13 05:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 23:26 - 2015-03-13 05:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 23:26 - 2015-03-13 05:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 23:26 - 2015-03-13 05:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 23:26 - 2015-03-13 05:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 23:26 - 2015-03-13 05:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 23:26 - 2015-03-13 05:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 23:26 - 2015-03-13 05:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 23:26 - 2015-03-13 05:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 23:26 - 2015-03-13 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 23:15 - 2015-03-23 06:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 23:15 - 2015-03-23 06:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 23:15 - 2015-03-23 06:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 23:15 - 2015-03-23 06:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 23:15 - 2015-03-23 06:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 23:15 - 2015-03-23 06:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 23:15 - 2015-03-23 05:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 23:15 - 2015-01-28 02:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-04-15 23:14 - 2015-03-23 06:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 23:11 - 2015-03-17 08:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-04-15 23:11 - 2015-03-17 08:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 23:11 - 2015-03-17 08:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-15 23:11 - 2015-03-17 08:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-15 23:11 - 2015-03-17 07:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-15 23:11 - 2015-03-17 07:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-15 23:11 - 2015-03-17 07:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-15 23:11 - 2015-03-17 07:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-15 23:11 - 2015-03-17 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-15 23:11 - 2015-03-04 07:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 23:11 - 2015-03-04 07:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 23:10 - 2015-03-17 07:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-15 23:10 - 2015-03-17 07:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-15 23:10 - 2015-03-17 07:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-15 23:10 - 2015-03-17 07:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-15 23:10 - 2015-03-17 07:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-15 23:10 - 2015-03-17 07:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-15 23:10 - 2015-03-17 07:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-15 23:10 - 2015-03-17 07:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-15 23:10 - 2015-03-17 07:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-15 23:10 - 2015-03-17 07:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-15 23:10 - 2015-03-17 07:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-15 23:10 - 2015-03-05 07:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 23:09 - 2015-03-25 06:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 23:09 - 2015-03-25 06:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 23:09 - 2015-03-25 06:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 23:09 - 2015-02-25 06:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-15 23:03 - 2015-03-10 06:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 23:03 - 2015-03-10 06:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-15 01:39 - 2015-05-08 00:30 - 00000771 _____ () C:\Users\danitooo\Desktop\PC.txt 2015-04-13 00:24 - 2015-04-13 00:24 - 06400680 _____ (Electronic Arts ) C:\Users\danitooo\Downloads\setup_nfsw.exe 2015-04-11 18:56 - 2015-05-07 11:25 - 229322499 _____ () C:\Windows\MEMORY.DMP 2015-04-11 18:56 - 2015-04-11 18:56 - 00160384 _____ () C:\Windows\Minidump\041115-41808-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-10 21:33 - 2014-04-07 20:06 - 00000000 ____D () C:\Users\danitooo\AppData\Roaming\Skype 2015-05-10 21:31 - 2014-04-07 21:13 - 00000000 ____D () C:\Users\danitooo\AppData\Roaming\uTorrent 2015-05-10 21:27 - 2014-10-22 23:09 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-10 20:52 - 2014-09-20 11:17 - 00000382 _____ () C:\Windows\Tasks\update-sys.job 2015-05-10 20:25 - 2014-09-20 11:17 - 00000382 _____ () C:\Windows\Tasks\update-S-1-5-21-3170674983-682481904-2544561987-1001.job 2015-05-10 19:55 - 2014-08-06 19:41 - 00000000 ____D () C:\Users\danitooo\AppData\Local\Battle.net 2015-05-10 03:44 - 2014-12-09 23:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-10 03:43 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\tracing 2015-05-10 02:40 - 2015-01-21 20:43 - 01392384 _____ () C:\Windows\WindowsUpdate.log 2015-05-10 01:43 - 2014-12-09 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-10 01:43 - 2014-12-09 23:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-05-10 01:37 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-10 01:37 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-10 01:32 - 2014-10-22 23:09 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-10 01:30 - 2014-06-24 23:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2015-05-10 01:30 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-10 01:29 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Vss 2015-05-09 02:09 - 2014-11-09 16:46 - 00000591 _____ () C:\Users\danitooo\Desktop\n.txt 2015-05-08 11:12 - 2014-08-06 19:41 - 00000000 ____D () C:\Program Files\Battle.net 2015-05-07 20:30 - 2014-04-07 20:04 - 00000000 ____D () C:\ProgramData\Skype 2015-05-07 20:29 - 2015-04-08 01:22 - 00000000 ___RD () C:\Program Files\Skype 2015-05-07 11:25 - 2014-08-30 11:15 - 00000000 ____D () C:\Windows\Minidump 2015-05-06 15:07 - 2014-04-07 13:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-06 03:21 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-06 02:54 - 2014-04-07 13:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-05-06 02:54 - 2014-04-07 13:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-05-06 02:53 - 2014-10-22 23:07 - 00000000 ____D () C:\Users\danitooo\AppData\Local\Adobe 2015-04-30 00:08 - 2009-07-14 07:53 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-28 12:39 - 2014-05-17 18:16 - 00000000 ____D () C:\ProgramData\ProductData 2015-04-23 12:29 - 2014-09-20 11:17 - 00000412 _____ () C:\Users\danitooo\AppData\Local\UserProducts.xml 2015-04-21 19:39 - 2014-04-07 21:22 - 00000000 ___RD () C:\Users\danitooo\Desktop\New folder 2015-04-21 13:28 - 2014-08-06 19:41 - 00000000 ____D () C:\Users\danitooo\AppData\Roaming\Battle.net 2015-04-20 20:00 - 2015-01-25 15:23 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-20 19:53 - 2014-11-07 01:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-04-20 19:53 - 2014-04-12 00:28 - 00000000 ____D () C:\Program Files\Java 2015-04-20 19:02 - 2014-08-14 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-04-19 16:58 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\rescache 2015-04-17 20:19 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-04-17 19:56 - 2014-04-07 23:18 - 00000000 ____D () C:\Program Files\WinRAR 2015-04-17 19:55 - 2014-11-05 16:16 - 00000000 ____D () C:\Program Files\PokerStars.BG 2015-04-17 19:55 - 2014-09-20 11:17 - 00000000 ____D () C:\Program Files\Skillbrains 2015-04-17 19:55 - 2014-08-18 13:33 - 00000000 ____D () C:\Program Files\Webteh 2015-04-17 19:55 - 2014-04-07 23:38 - 00000000 ____D () C:\Program Files\vloader-bg 2015-04-17 19:55 - 2014-04-07 21:09 - 00000000 ____D () C:\Program Files\The KMPlayer 2015-04-17 19:55 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Sidebar 2015-04-17 19:53 - 2014-04-07 20:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-04-17 19:51 - 2015-03-18 22:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services 2015-04-17 19:51 - 2015-03-18 22:36 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2015-04-17 19:51 - 2015-03-18 22:28 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-04-17 19:51 - 2014-04-11 22:23 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-04-17 19:48 - 2014-06-20 11:28 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2015-04-17 19:48 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Microsoft Games 2015-04-17 19:47 - 2014-08-09 16:26 - 00000000 ____D () C:\Program Files\IObit 2015-04-17 19:46 - 2014-08-17 21:53 - 00000000 ____D () C:\Program Files\GRETECH 2015-04-17 19:45 - 2015-04-08 01:22 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-04-17 19:45 - 2015-01-28 19:37 - 00000000 ____D () C:\Program Files\EaseUS 2015-04-17 19:45 - 2014-10-22 23:08 - 00000000 ____D () C:\Program Files\Google 2015-04-17 19:45 - 2014-06-04 21:34 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-04-17 19:45 - 2014-04-07 20:56 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine 2015-04-17 19:45 - 2009-07-14 05:37 - 00000000 ____D () C:\Program Files\Common Files\Services 2015-04-17 19:45 - 2009-07-14 05:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-04-17 19:44 - 2015-03-18 22:39 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-04-17 19:44 - 2015-03-09 22:58 - 00000000 ____D () C:\Program Files\Common Files\Gretech Corporation 2015-04-17 19:44 - 2015-01-25 15:14 - 00000000 ____D () C:\Program Files\Common Files\IObit 2015-04-17 19:44 - 2015-01-21 20:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-04-17 19:44 - 2014-08-06 19:41 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment 2015-04-17 19:43 - 2014-05-11 18:24 - 00000000 ____D () C:\Program Files\CCleaner 2015-04-17 19:39 - 2015-03-18 22:28 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-17 19:39 - 2015-01-21 20:21 - 00000000 ____D () C:\Program Files\Adobe 2015-04-17 19:39 - 2014-04-07 20:21 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-17 19:39 - 2014-04-07 20:19 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-04-17 19:38 - 2015-04-08 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-17 19:38 - 2015-03-18 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-04-17 19:38 - 2015-03-04 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2015-04-17 19:38 - 2015-01-21 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit) 2015-04-17 19:38 - 2015-01-21 20:40 - 00000000 ____D () C:\ProgramData\Adobe 2015-04-17 19:38 - 2014-11-07 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-04-17 19:38 - 2014-11-07 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2 2015-04-17 19:38 - 2014-10-28 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 LH 2013 2015-04-17 19:38 - 2014-10-22 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-17 19:38 - 2014-09-06 04:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock 2015-04-17 19:38 - 2014-08-18 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player 2015-04-17 19:38 - 2014-08-18 01:09 - 00000000 ____D () C:\ProgramData\GRETECH 2015-04-17 19:38 - 2014-08-17 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2015-04-17 19:38 - 2014-08-09 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3 2015-04-17 19:38 - 2014-08-06 19:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2015-04-17 19:38 - 2014-08-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-04-17 19:38 - 2014-06-20 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-04-17 19:38 - 2014-06-19 11:26 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-04-17 19:38 - 2014-06-04 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-04-17 19:38 - 2014-06-02 21:29 - 00000000 ____D () C:\ProgramData\Blizzard 2015-04-17 19:38 - 2014-06-02 20:32 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2015-04-17 19:38 - 2014-05-17 18:12 - 00000000 ____D () C:\ProgramData\IObit 2015-04-17 19:38 - 2014-05-11 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-04-17 19:38 - 2014-05-06 14:46 - 00000000 ____D () C:\ProgramData\f6402c15d6c56be2 2015-04-17 19:38 - 2014-05-06 14:45 - 00000000 ____D () C:\ProgramData\InstallMate 2015-04-17 19:38 - 2014-04-16 03:19 - 00000000 ____D () C:\ProgramData\DFX 2015-04-17 19:38 - 2014-04-09 21:06 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite 2015-04-17 19:38 - 2014-04-07 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-17 19:38 - 2014-04-07 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2015-04-17 19:38 - 2014-04-07 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2015-04-17 19:38 - 2009-07-14 07:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-04-17 19:38 - 2009-07-14 05:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-17 19:38 - 2009-07-14 05:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-17 08:14 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat 2015-04-17 08:10 - 2014-04-07 20:31 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-04-16 13:01 - 2014-05-07 11:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-16 12:58 - 2014-04-08 22:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-16 12:47 - 2014-04-07 12:39 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-16 12:46 - 2010-11-21 00:01 - 00765280 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-14 19:34 - 2015-04-02 00:41 - 00000000 ____D () C:\Users\danitooo\AppData\Roaming\.minecraft 2015-04-14 09:37 - 2014-12-09 23:24 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-14 09:37 - 2014-12-09 23:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-14 09:37 - 2014-12-09 23:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-13 00:12 - 2014-04-17 21:14 - 00000000 ____D () C:\Users\danitooo\AppData\Local\Electronic_Arts_Inc 2015-04-12 23:54 - 2014-12-15 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall ==================== Files in the root of some directories ======= 2014-04-23 00:24 - 2014-06-09 21:13 - 0007597 _____ () C:\Users\danitooo\AppData\Local\resmon.resmoncfg 2014-09-20 11:17 - 2014-09-20 11:17 - 0000003 _____ () C:\Users\danitooo\AppData\Local\updater.log 2014-09-20 11:17 - 2015-04-23 12:29 - 0000412 _____ () C:\Users\danitooo\AppData\Local\UserProducts.xml 2014-12-11 18:20 - 2014-12-11 18:20 - 0000000 _____ () C:\Users\danitooo\AppData\Local\{2F611F14-7E37-4F01-8595-0817CBBBC0DA} 2015-01-22 19:24 - 2015-01-22 19:26 - 0000000 _____ () C:\Users\danitooo\AppData\Local\{9CCF26E7-557A-4E7C-8F41-47AB1935CF2C} 2014-07-11 16:58 - 2014-07-11 16:58 - 0000000 _____ () C:\Users\danitooo\AppData\Local\{E7F716F5-10E0-4185-9FCD-7CA02938F89B} 2014-05-17 18:58 - 2014-05-17 18:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-17 17:54 - 2014-05-17 17:54 - 5073168 _____ (PC Cleaners) C:\ProgramData\pclunst.exe 2014-08-14 18:49 - 2014-08-14 18:49 - 0000000 _____ () C:\ProgramData\spds90.txt Files to move or delete: ==================== C:\ProgramData\pclunst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-04 19:54 ==================== End Of Log ============================
  8. Здравейте. От скоро забелязах, че двата диска C и D се пълнят без известна за мен причина.Дори понякога при диск C нямаше и един килобайт свободно пространство.Почистих ги от ненужни файлове и програми, но нямаше голям ефект. По какви ли начини не пробвах - ефекта винаги беше минимален. Последно пробвах да изчистя с програмата CCleaner и успя да ми освободи голяма част пространства при диск C и за момента нямам проблеми с него ( не знам дали отново ще се напълни ), но при диск D нямаше резултат. В момента съм най-близо до истината, че в компютъра ми има зловреден софтуер. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01 Ran by User (administrator) on USER-PC on 16-11-2014 16:29:33 Running from C:\Users\User\Downloads Loaded Profile: User (Available profiles: User) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Български (България) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe () C:\Program Files\Mobogenie\MgAssist.exe (Mobogenie.com) C:\Program Files\Mobogenie3\MobogenieService.exe (TorchMedia Inc.) C:\Users\User\AppData\Local\Torch\Update\TorchCrashHandler.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe (Realtek Semiconductor Corp.) C:\Windows\RTHDCPL.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files\AVG SafeGuard toolbar\vprot.exe () C:\Program Files\Mobogenie\DaemonProcess.exe () C:\Program Files\Unlocker\UnlockerAssistant.exe (Bandoo Media Inc.) C:\Users\User\AppData\Local\iLivid\iLivid.exe (Softonic) C:\Users\User\AppData\Local\Softonic\Softonic.exe () C:\Program Files\Datecs\FlexType 2K\FType2K.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (mobogenie.com) C:\Program Files\Mobogenie3\mobogenieP2sp.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16116224 2007-02-06] (Realtek Semiconductor Corp.) HKLM\...\Run: [skyTel] => C:\Windows\SkyTel.EXE [2879488 2006-05-23] (Realtek Semiconductor Corp.) HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-10] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-06] () HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [748736 2014-06-01] () HKLM\...\Run: [kbdsprt] => [X] HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] () HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\User\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=cfe8a617691547d39ae0d154265d5fc8-89c0334d3c6a5b62b955185ab8fbc974c007b18e /CMPID=1213b HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\Run: [iLivid] => C:\Users\User\AppData\Local\iLivid\iLivid.exe [6827008 2013-09-09] (Bandoo Media Inc.) HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\Run: [softonic for Windows] => C:\Users\User\AppData\Local\Softonic\Softonic.exe [4170224 2014-04-29] (Softonic) HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd) HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\MountPoints2: {66178fc2-3664-11e3-b5d3-001d60b9b63b} - G:\setup.exe HKU\S-1-5-21-2270866911-400411527-1567922316-1000\...\MountPoints2: {e59f4acc-5383-11e4-95d6-001d60b9b63b} - F:\setup.exe AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\PROGRA~2\Wincert\WIN32C~1.DLL File Not Found IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FlexType 2K.lnk ShortcutTarget: FlexType 2K.lnk -> C:\Program Files\Datecs\FlexType 2K\FType2K.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Изрязване на екран и стартиране на OneNote 2007.lnk ShortcutTarget: Изрязване на екран и стартиране на OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1235&systemid=406&v=u11465-250&apn_uid=8953571358224052&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm073^YYA^bg&si=pconvIE&ptb=5C62C4C4-EBC7-46CC-89A9-1CDEDF560188&ind=2014050305&n=780bf801&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW&q={searchTerms} SearchScopes: HKCU - {0773FA4C-3093-46A9-9E15-92E8BB088A57} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94C1001D60B9B63B&affID=128129&tsp=5147 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={F4AB6EFA-9A33-4482-97C5-19776A4B5267}&mid=cfe8a617691547d39ae0d154265d5fc8-89c0334d3c6a5b62b955185ab8fbc974c007b18e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-0611:12:01&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1235&systemid=406&v=u11465-250&apn_uid=8953571358224052&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm073^YYA^bg&si=pconvIE&ptb=5C62C4C4-EBC7-46CC-89A9-1CDEDF560188&ind=2014050305&n=780bf801&psa=&st=sb&searchfor={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Zula Games -> {2A836234-186C-41A0-9863-40BECDEDED9F} -> C:\Program Files\Zula Games\ScriptHost.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Tcpip\..\Interfaces\{11412AFA-D2F1-4B36-B258-39C0F2202FC1}: [NameServer] 192.168.15.12,195.24.48.5 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tg6aayzy.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: webssearches FF SelectedSearchEngine: webssearches FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1404993434&from=amt&uid=ST3160815AS_5RA2LTSWXXXX5RA2LTSW FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll No File FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: TorchVLC -> C:\Users\User\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml FF Extension: VideoDownloadConverter - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tg6aayzy.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2014-11-12] FF Extension: Fast Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tg6aayzy.default\Extensions\faststartff@gmail.com [2014-07-13] FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tg6aayzy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-15] FF HKLM\...\Firefox\Extensions: [zulagames@ZulaGames.com] - C:\Users\User\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com FF Extension: Zula Games - C:\Users\User\AppData\Roaming\Mozilla\Extensions\zulagames@ZulaGames.com [2013-10-17] FF HKLM\...\Firefox\Extensions: [speedanalysis03@SpeedAnalysis.com] - C:\Users\User\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Extensions\speedanalysis03@SpeedAnalysis.com [2013-10-17] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-08-28] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tg6aayzy.default\extensions\faststartff@gmail.com Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (VideoDownloadConverter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeljlhkkoipjimklndofjoafhpccdfjo [2014-08-02] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-07] CHR HKLM\...\Chrome\Extension: [adldappccjhelkmbkpiibilgnnjakieg] - C:\Program Files\VideoDownloadConverter_4z Chrome Extension\bar\VideoDownloadConvert@mindspark.com.gen1 [] CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\User\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx [] CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [105664 2014-07-22] () R2 MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [116928 2014-11-12] (Mobogenie.com) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation) R2 TorchCrashHandler; C:\Users\User\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-11] (AVG Technologies) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-10-15] (Disc Soft Ltd) R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. ) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] () S1 MpKslb3189f59; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4CFFD5A-C876-4E80-B999-7C2C8B1B1C08}\MpKslb3189f59.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 16:28 - 2014-11-16 16:29 - 00022048 _____ () C:\Users\User\Downloads\Addition.txt 2014-11-16 16:27 - 2014-11-16 16:29 - 00022066 _____ () C:\Users\User\Downloads\FRST.txt 2014-11-16 16:26 - 2014-11-16 16:29 - 00000000 ____D () C:\FRST 2014-11-16 16:26 - 2014-11-16 16:26 - 01108992 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2014-11-16 16:13 - 2014-11-16 16:13 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-11-16 16:13 - 2014-11-16 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-11-16 16:12 - 2014-11-16 16:13 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-16 16:10 - 2014-11-16 16:11 - 04976136 _____ (Piriform Ltd) C:\Users\User\Downloads\ccsetup419pro.exe 2014-11-15 22:30 - 2014-11-15 22:30 - 00000011 ____R () C:\Windows\amunres.lsl 2014-11-15 22:12 - 2014-11-16 16:19 - 00000000 ____D () C:\Program Files\Steam 2014-11-15 22:10 - 2014-11-15 22:11 - 01142392 _____ () C:\Users\User\Downloads\SteamSetup.exe 2014-11-15 14:16 - 2014-11-15 14:16 - 38381556 _____ () C:\Users\User\Downloads\HideNSeek_BM.dem 2014-11-14 23:09 - 2014-11-15 13:09 - 48651703 _____ () C:\Users\User\Downloads\flipeR.dem 2014-11-13 01:53 - 2014-11-13 01:53 - 00000000 ____D () C:\Users\User\mobogenieP2sp 2014-11-06 22:11 - 2014-11-06 22:11 - 00000000 ____D () C:\ProgramData\Avg_Update_1114tb 2014-11-03 00:05 - 2014-11-03 00:05 - 00017101 _____ () C:\Users\User\Downloads\Deja.Vu.2006.480p.BRRip.AC3.BGAUDIO-SlzD.torrent 2014-11-01 14:41 - 2014-11-01 14:41 - 222995856 _____ () C:\Users\User\cstrike 2014-11-01 14-41-20-99.avi 2014-11-01 14:40 - 2014-11-01 14:40 - 220153856 _____ () C:\Users\User\cstrike 2014-11-01 14-40-25-02.avi 2014-11-01 14:39 - 2014-11-01 14:40 - 221507616 _____ () C:\Users\User\cstrike 2014-11-01 14-39-52-28.avi 2014-11-01 14:39 - 2014-11-01 14:39 - 224203344 _____ () C:\Users\User\cstrike 2014-11-01 14-39-19-88.avi 2014-11-01 14:38 - 2014-11-01 14:39 - 219093188 _____ () C:\Users\User\cstrike 2014-11-01 14-38-42-11.avi 2014-11-01 14:38 - 2014-11-01 14:38 - 215116608 _____ () C:\Users\User\cstrike 2014-11-01 14-38-09-40.avi 2014-11-01 14:37 - 2014-11-01 14:38 - 228522404 _____ () C:\Users\User\cstrike 2014-11-01 14-37-36-12.avi 2014-11-01 14:37 - 2014-11-01 14:37 - 212516652 _____ () C:\Users\User\cstrike 2014-11-01 14-37-03-47.avi 2014-11-01 14:36 - 2014-11-01 14:37 - 230608452 _____ () C:\Users\User\cstrike 2014-11-01 14-36-30-17.avi 2014-11-01 14:33 - 2014-11-01 14:33 - 16519164 _____ () C:\Users\User\cstrike 2014-11-01 14-33-08-79.avi 2014-11-01 14:31 - 2014-11-01 14:31 - 224039848 _____ () C:\Users\User\cstrike 2014-11-01 14-31-25-65.avi 2014-11-01 14:13 - 2014-11-16 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps 2014-11-01 14:13 - 2014-11-01 14:13 - 00036079 _____ (Beepa Pty Ltd) C:\Users\Fraps\uninstall.exe 2014-11-01 14:13 - 2014-11-01 14:13 - 00000000 ____D () C:\Users\Fraps\HELP 2014-11-01 14:12 - 2014-11-01 14:13 - 00000000 ____D () C:\Users\Fraps 2014-11-01 14:11 - 2014-11-01 14:12 - 02326976 _____ (Beepa Pty Ltd) C:\Users\User\Downloads\setup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-16 16:27 - 2013-10-16 15:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-11-16 16:22 - 2014-04-20 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2014 2014-11-16 16:22 - 2014-03-15 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Custom Strike 2014-11-16 16:22 - 2013-12-16 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2014-11-16 16:22 - 2013-12-12 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 2014-11-16 16:22 - 2013-10-30 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Casino at bet365 2014-11-16 16:22 - 2013-10-20 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker 2014-11-16 16:22 - 2013-10-17 15:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-11-16 16:22 - 2013-10-16 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2014-11-16 16:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-11-16 16:19 - 2013-12-21 14:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\TeamViewer 2014-11-16 16:19 - 2013-10-16 15:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent 2014-11-16 16:19 - 2013-10-16 15:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite 2014-11-16 16:18 - 2014-09-13 22:05 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2014-11-16 16:18 - 2013-10-16 15:49 - 00000000 ____D () C:\Windows\Panther 2014-11-16 15:59 - 2013-10-16 15:31 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-16 15:56 - 2013-10-16 15:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-16 14:37 - 2013-10-16 04:53 - 01106300 ____N () C:\Windows\WindowsUpdate.log 2014-11-16 07:55 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-16 07:55 - 2009-07-14 06:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-16 07:54 - 2010-11-20 23:01 - 00782154 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-16 07:48 - 2014-07-17 08:40 - 00000000 ____D () C:\Program Files\Mobogenie3 2014-11-16 07:48 - 2014-02-06 10:25 - 00000000 ____D () C:\ProgramData\TorchCrashHandler 2014-11-16 07:48 - 2013-10-16 16:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-16 07:48 - 2013-10-16 15:31 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-16 07:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-15 22:30 - 2014-09-05 03:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Software Informer 2014-11-15 22:12 - 2014-02-06 17:52 - 00000921 _____ () C:\Users\Public\Desktop\Steam.lnk 2014-11-14 22:22 - 2014-09-30 15:03 - 00000000 ____D () C:\Program Files\mozilla firefox 2014-11-13 23:56 - 2013-10-16 15:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-13 23:56 - 2013-10-16 15:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-10 23:06 - 2014-10-16 14:53 - 00000749 _____ () C:\Users\User\Desktop\Нов текстов документ.txt 2014-11-06 22:11 - 2014-08-28 13:53 - 00000000 ____D () C:\Program Files\AVG Security Toolbar 2014-11-05 10:54 - 2014-06-13 04:39 - 00002000 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2014-11-05 10:54 - 2014-06-13 04:39 - 00001998 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2014-11-05 10:54 - 2014-06-13 04:39 - 00001988 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2014-11-05 10:54 - 2014-01-27 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-04 10:51 - 2014-03-29 11:56 - 00000069 _____ () C:\Windows\NeroDigital.ini 2014-11-03 21:41 - 2014-02-06 10:24 - 00000000 ____D () C:\Users\User\AppData\Local\Torch 2014-11-03 21:40 - 2014-02-06 10:25 - 00001206 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk 2014-11-03 21:23 - 2013-11-28 23:17 - 00000000 ____D () C:\Windows\Minidump 2014-10-30 13:24 - 2013-10-16 15:28 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-27 23:55 - 2014-06-03 15:33 - 00002327 _____ () C:\Users\Public\Desktop\Google Chrome.lnk Files to move or delete: ==================== C:\Users\Fraps\fraps.exe C:\Users\Fraps\fraps32.dll C:\Users\Fraps\fraps64.dat C:\Users\Fraps\fraps64.dll C:\Users\Fraps\frapslcd.dll C:\Users\Fraps\uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-15 04:51 ==================== End Of Log ============================ Addition_16-11-2014_16-30-43.txt
  9. Здравейте,преди време ви писах за броблем със забавена система и забиващ браузър(за браузъра се оказа,че MBAM anti Expl. i Hitman Pro Alert си пречат) Но след оптимизация на системата,чистене,дефрагментация ситемата ми се струва бавна.Преди няколко дни след рестарт искаше да се стартира някакъв процес Reader.js или нещо подобно (от управлвние на потребителските акаунту дойде питането) иначе нямаше да разбера какво става.Стартирах под Save Mode МБАМ откри BDB.Backdoor (след рестарта изтрих карантината и логовете....без да искам и не помня пълното наименование) сканирах и с a-squared и намери Начало на проверката: 3.7.2014 г. 19:51:56C:UsersNightRiderAppDataRoamingc731200 Открити: Trojan-Downloader.Win32.Vespula (A) това го направих след сканирането с MBAM.............В момента никоя програма не открива нищо Системата пак е някак си тромава,ако се наложи ще преинсталирам............дано да не стигам до там ето логовете. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014Ran by NightRider (administrator) on OUTPOST on 05-07-2014 13:04:23Running from C:UsersNightRiderDesktopPlatform: Windows 7 Professional Service Pack 1 (X64) OS Language: Български (България)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(COMODO) C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe(SUPERAntiSpyware.com) C:Program FilesSUPERAntiSpywareSASCore64.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Exploitmbae-svc.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe() C:Program Files (x86)MSI AfterburnerMSIAfterburner.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Malwarembam.exe(COMODO) C:Program FilesCOMODOCOMODO Internet Securitycfp.exe() C:Program Files (x86)RocketDockRocketDock.exe(VIA) C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe(Malwarebytes Corporation) C:Program Files (x86)Malwarebytes Anti-Exploitmbae.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe(VMware, Inc.) D:Virtual MSvmware-authd.exe(Safer-Networking Ltd.) C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe(Microsoft Corporation) C:WindowsSystem32audiodg.exe==================== Registry (Whitelisted) ==================HKLM...Run: [COMODO Internet Security] => C:Program FilesCOMODOCOMODO Internet Securitycfp.exe [9577680 2012-11-07] (COMODO)HKLM-x32...Run: [HDAudDeck] => C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe [2792448 2009-12-04] (VIA)HKLM-x32...Run: [Malwarebytes Anti-Exploit] => C:Program Files (x86)Malwarebytes Anti-Exploitmbae.exe [382608 2014-06-04] (Malwarebytes Corporation)HKLM-x32...Run: [sDTray] => C:Program Files (x86)Spybot - Search & Destroy 2SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)WinlogonNotifySDWinLogon-x32: SDWinLogon.dll [X]HKUS-1-5-19...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRunHKUS-1-5-20...Run: [sidebar] => %ProgramFiles%Windows SidebarSidebar.exe /autoRunHKUS-1-5-21-2578195413-4270418453-1147072934-1000...Run: [RocketDock] => C:Program Files (x86)RocketDockRocketDock.exe [495616 2007-09-02] ()HKUS-1-5-21-2578195413-4270418453-1147072934-1000...PoliciesExplorer: [NoLowDiskSpaceChecks] 1AppInit_DLLs: C:Windowssystem32guard64.dll => C:Windowssystem32guard64.dll [390392 2012-11-07] (COMODO)AppInit_DLLs-x32: C:WindowsSysWOW64guard32.dll => C:WindowsSysWOW64guard32.dll [301264 2012-11-07] (COMODO)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================SearchScopes: HKLM-x32 - DefaultScope value is missing.Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpipParameters: [DhcpNameServer] 46.40.72.18 46.40.72.17Tcpip..Interfaces{4C832BE6-3FF0-476E-9DB5-AFC0F254BFC8}: [NameServer]198.153.192.40,198.153.194.40FireFox:========FF ProfilePath: C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultFF Plugin: @adobe.com/FlashPlayer - C:Windowssystem32MacromedFlashNPSWF64_14_0_0_125.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @adobe.com/FlashPlayer - C:WindowsSysWOW64MacromedFlashNPSWF32_14_0_0_125.dll ()FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchplugins911bg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsdiribg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginspe-bg.xmlFF SearchPlugin: C:Program Files (x86)mozilla firefoxbrowsersearchpluginsportalbgdict.xmlFF Extension: Element Hiding Helper for Adblock Plus - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensionselemhidehelper@adblockplus.org.xpi [2014-06-23]FF Extension: Ghostery - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensionsfirefox@ghostery.com.xpi [2014-04-10]FF Extension: NoScript - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-23]FF Extension: Adblock Plus - C:UsersNightRiderAppDataRoamingMozillaFirefoxProfiles9putosvv.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-10]==================== Services (Whitelisted) =================R2 !SASCORE; C:Program FilesSUPERAntiSpywareSASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)R2 cmdAgent; C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe [2828408 2012-11-07] (COMODO)R2 MbaeSvc; C:Program Files (x86)Malwarebytes Anti-Exploitmbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)R2 MBAMScheduler; C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 SDScannerService; C:Program Files (x86)Spybot - Search & Destroy 2SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:Program Files (x86)Spybot - Search & Destroy 2SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:Program Files (x86)Spybot - Search & Destroy 2SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 VMAuthdService; D:Virtual MSvmware-authd.exe [86744 2014-06-12] (VMware, Inc.)==================== Drivers (Whitelisted) ====================R1 A2DDA; D:PROGRAMSEMSISOFTRUNa2ddax64.sys [26176 2014-01-29] (Emsisoft GmbH)S3 cleanhlp; D:ProgramsEmsisoftRuncleanhlp64.sys [57024 2014-01-29] (Emsisoft GmbH)R1 cmderd; C:WindowsSystem32DRIVERScmderd.sys [22736 2012-11-07] (COMODO)R1 cmdGuard; C:WindowsSystem32DRIVERScmdguard.sys [584056 2012-11-07] (COMODO)R1 cmdHlp; C:WindowsSystem32DRIVERScmdhlp.sys [38144 2012-11-07] (COMODO)R1 ESProtectionDriver; C:Program Files (x86)Malwarebytes Anti-Exploitmbae64.sys [62392 2014-06-04] ()R1 inspect; C:WindowsSystem32DRIVERSinspect.sys [94288 2012-11-07] (COMODO)R3 MBAMProtector; C:Windowssystem32driversmbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:Windowssystem32driversMBAMSwissArmy.sys [122584 2014-07-05] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:Windowssystem32driversmwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 RTCore64; C:Program Files (x86)MSI AfterburnerRTCore64.sys [13368 2013-01-23] ()R1 SASDIFSV; C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 VMparport; C:Windowssystem32driversVMparport.sys [32472 2014-06-12] (VMware, Inc.)R0 vsock; C:WindowsSystem32driversvsock.sys [73296 2013-10-08] (VMware, Inc.)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-07-05 13:04 - 2014-07-05 13:04 - 00008294 _____ () C:UsersNightRiderDesktopFRST.txt2014-07-05 13:03 - 2014-07-05 13:04 - 00000000 ____D () C:FRST2014-07-05 13:03 - 2014-07-05 13:03 - 02084352 _____ (Farbar) C:UsersNightRiderDesktopFRST64.exe2014-07-05 12:55 - 2014-07-05 12:55 - 00000000 ____D () C:UsersNightRiderAppDataLocalTeknoGods2014-07-04 20:51 - 2014-07-04 22:24 - 00000794 _____ () C:WindowsPFRO.log2014-07-04 20:46 - 2014-07-05 12:51 - 00003640 _____ () C:Windowssetupact.log2014-07-04 20:46 - 2014-07-04 20:46 - 00058504 _____ () C:UsersNightRiderAppDataLocalGDIPFONTCACHEV1.DAT2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 _____ () C:Windowssetuperr.log2014-07-04 20:39 - 2014-07-04 20:39 - 00000000 ____D () C:UsersNightRiderDesktopAutoruns2014-07-04 12:22 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe2014-07-04 12:22 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:Windowssystem32Driversvmx86.sys2014-07-04 12:22 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:Windowssystem32vnetlib64.dll2014-07-04 12:22 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:WindowsSysWOW64vmnat.exe2014-07-04 12:22 - 2014-06-12 18:22 - 00032472 _____ (VMware, Inc.) C:Windowssystem32DriversVMparport.sys2014-07-04 12:22 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetuserif.sys2014-07-04 12:22 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:Windowssystem32DriversVMkbd.sys2014-07-04 12:22 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:Windowssystem32Driversvsock.sys2014-07-04 12:22 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:Windowssystem32vsocklib.dll2014-07-04 12:22 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:WindowsSysWOW64vsocklib.dll2014-07-04 12:21 - 2014-07-04 12:21 - 00001561 _____ () C:UsersPublicDesktopVMware Player.lnk2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:Program FilesCommon FilesVMware2014-07-04 12:21 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:Windowssystem32Drivershcmon.sys2014-07-04 12:21 - 2014-02-27 18:40 - 00038720 _____ (VMware, Inc.) C:Windowssystem32Driversvmusb.sys2014-07-04 03:55 - 2014-07-04 03:55 - 00000000 ____D () C:UsersNightRiderDocumentsProcAlyzer Dumps2014-07-02 03:49 - 2014-07-02 03:49 - 00001395 _____ () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk2014-07-02 03:49 - 2014-07-02 03:49 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy 22014-07-02 03:49 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:Windowssystem32sdnclean64.exe2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Exploit2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Exploit2014-06-23 01:35 - 2014-07-04 15:17 - 00000000 ____D () C:ProgramDataMalwarebytes Anti-Exploit2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:Windowssystem32vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:Windowssystem32vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:Windowssystem32Driversvmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetadapter.sys2014-06-10 23:41 - 2014-04-25 05:34 - 00801280 _____ (Microsoft Corporation) C:Windowssystem32usp10.dll2014-06-10 23:41 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:WindowsSysWOW64usp10.dll2014-06-10 23:41 - 2014-04-05 05:47 - 01903552 _____ (Microsoft Corporation) C:Windowssystem32Driverstcpip.sys2014-06-10 23:41 - 2014-04-05 05:47 - 00288192 _____ (Microsoft Corporation) C:Windowssystem32DriversFWPKCLNT.SYS2014-06-10 23:40 - 2014-03-26 17:44 - 02002432 _____ (Microsoft Corporation) C:Windowssystem32msxml6.dll2014-06-10 23:40 - 2014-03-26 17:44 - 01882112 _____ (Microsoft Corporation) C:Windowssystem32msxml3.dll2014-06-10 23:40 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32msxml6r.dll2014-06-10 23:40 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:Windowssystem32msxml3r.dll2014-06-10 23:40 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll2014-06-10 23:40 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll2014-06-10 23:40 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml6r.dll2014-06-10 23:40 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:WindowsSysWOW64msxml3r.dll2014-06-10 23:32 - 2014-05-08 12:32 - 03178496 _____ (Microsoft Corporation) C:Windowssystem32rdpcorets.dll2014-06-10 23:32 - 2014-05-08 12:32 - 00016384 _____ (Microsoft Corporation) C:Windowssystem32RdpGroupPolicyExtension.dll2014-06-10 19:26 - 2014-06-11 13:46 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox2014-06-10 03:25 - 2014-07-05 11:25 - 00922178 _____ () C:WindowsWindowsUpdate.log==================== One Month Modified Files and Folders =======2014-07-05 13:04 - 2014-07-05 13:04 - 00008294 _____ () C:UsersNightRiderDesktopFRST.txt2014-07-05 13:04 - 2014-07-05 13:03 - 00000000 ____D () C:FRST2014-07-05 13:03 - 2014-07-05 13:03 - 02084352 _____ (Farbar) C:UsersNightRiderDesktopFRST64.exe2014-07-05 13:02 - 2014-04-10 22:10 - 00000384 _____ () C:WindowsTasksWpsNotifyTask_NightRider.job2014-07-05 13:02 - 2014-04-10 18:40 - 01474832 _____ () C:Windowssystem32Driverssfi.dat2014-07-05 12:56 - 2014-04-10 22:10 - 00000384 _____ () C:WindowsTasksWpsUpdateTask_NightRider.job2014-07-05 12:55 - 2014-07-05 12:55 - 00000000 ____D () C:UsersNightRiderAppDataLocalTeknoGods2014-07-05 12:51 - 2014-07-04 20:46 - 00003640 _____ () C:Windowssetupact.log2014-07-05 12:44 - 2014-04-10 22:54 - 00000830 _____ () C:WindowsTasksAdobe Flash Player Updater.job2014-07-05 11:25 - 2014-06-10 03:25 - 00922178 _____ () C:WindowsWindowsUpdate.log2014-07-05 08:24 - 2014-05-17 02:22 - 00122584 _____ (Malwarebytes Corporation) C:Windowssystem32DriversMBAMSwissArmy.sys2014-07-05 02:27 - 2014-04-10 22:04 - 00000000 ____D () C:Program Files (x86)MSI Afterburner2014-07-05 00:30 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-07-05 00:30 - 2009-07-14 07:45 - 00021280 ____H () C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-07-05 00:22 - 2009-07-14 08:08 - 00000006 ____H () C:WindowsTasksSA.DAT2014-07-05 00:21 - 2014-04-10 22:05 - 00003030 _____ () C:WindowsSystem32TasksMSIAfterburner2014-07-04 22:40 - 2014-04-11 22:18 - 00000000 ____D () C:UsersNightRiderAppDataRoamingVMware2014-07-04 22:40 - 2014-04-11 22:18 - 00000000 ____D () C:UsersNightRiderAppDataLocalVMware2014-07-04 22:35 - 2014-04-10 22:09 - 00000000 ____D () C:UsersNightRiderAppDataRoamingWise Disk Cleaner2014-07-04 22:24 - 2014-07-04 20:51 - 00000794 _____ () C:WindowsPFRO.log2014-07-04 20:58 - 2014-04-10 22:12 - 00000000 ____D () C:ProgramDataTEMP2014-07-04 20:46 - 2014-07-04 20:46 - 00058504 _____ () C:UsersNightRiderAppDataLocalGDIPFONTCACHEV1.DAT2014-07-04 20:46 - 2014-07-04 20:46 - 00000000 _____ () C:Windowssetuperr.log2014-07-04 20:42 - 2014-04-10 22:30 - 00000000 ____D () C:UsersNightRiderAppDataRoaminguTorrent2014-07-04 20:39 - 2014-07-04 20:39 - 00000000 ____D () C:UsersNightRiderDesktopAutoruns2014-07-04 15:17 - 2014-06-23 01:35 - 00000000 ____D () C:ProgramDataMalwarebytes Anti-Exploit2014-07-04 12:22 - 2014-04-11 22:12 - 00000000 ____D () C:ProgramDataVMware2014-07-04 12:21 - 2014-07-04 12:21 - 00001561 _____ () C:UsersPublicDesktopVMware Player.lnk2014-07-04 12:21 - 2014-07-04 12:21 - 00000000 ____D () C:Program FilesCommon FilesVMware2014-07-04 12:21 - 2014-04-10 20:52 - 00789792 _____ () C:WindowsSysWOW64PerfStringBackup.INI2014-07-04 03:55 - 2014-07-04 03:55 - 00000000 ____D () C:UsersNightRiderDocumentsProcAlyzer Dumps2014-07-04 02:09 - 2014-04-10 18:36 - 00000000 ___HD () C:Program Files (x86)InstallShield Installation Information2014-07-03 18:10 - 2014-04-10 18:58 - 00000000 ____D () C:WindowsPanther2014-07-03 04:43 - 2009-07-14 08:08 - 00032580 _____ () C:WindowsTasksSCHEDLGU.TXT2014-07-02 03:53 - 2014-04-11 02:19 - 00000000 ____D () C:Program Files (x86)Spybot - Search & Destroy 22014-07-02 03:49 - 2014-07-02 03:49 - 00001395 _____ () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot-S&D Start Center.lnk2014-07-02 03:49 - 2014-07-02 03:49 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy 22014-07-02 03:49 - 2014-04-11 02:19 - 00000000 ____D () C:ProgramDataSpybot - Search & Destroy2014-07-02 03:47 - 2014-04-29 00:42 - 00000085 _____ () C:Windowswininit.ini2014-06-26 01:53 - 2014-04-10 22:12 - 00000000 ____D () C:Program Files (x86)SpywareBlaster2014-06-25 04:22 - 2009-07-14 05:34 - 00450709 ____R () C:Windowssystem32Driversetchosts.20140702-035526.backup2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes Anti-Exploit2014-06-24 00:19 - 2014-06-24 00:19 - 00000000 ____D () C:Program Files (x86)Malwarebytes Anti-Exploit2014-06-22 17:59 - 2014-04-11 01:40 - 00000024 _____ () C:UsersNightRiderDesktopНов текстов документ.txt2014-06-21 02:07 - 2014-04-10 22:54 - 00699056 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe2014-06-21 02:07 - 2014-04-10 22:54 - 00071344 _____ (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl2014-06-21 02:07 - 2014-04-10 22:54 - 00003768 _____ () C:WindowsSystem32TasksAdobe Flash Player Updater2014-06-19 15:10 - 2014-04-10 22:16 - 00000000 ____D () C:Program FilesSUPERAntiSpyware2014-06-17 12:44 - 2009-07-14 06:20 - 00000000 ____D () C:Windowssystem32NDF2014-06-16 02:45 - 2009-07-14 05:34 - 00450709 ____R () C:Windowssystem32Driversetchosts.20140625-042254.backup2014-06-12 18:23 - 2014-07-04 12:22 - 00359128 _____ (VMware, Inc.) C:WindowsSysWOW64vmnetdhcp.exe2014-06-12 18:23 - 2014-07-04 12:22 - 00064728 _____ (VMware, Inc.) C:Windowssystem32Driversvmx86.sys2014-06-12 18:22 - 2014-07-04 12:22 - 00931032 _____ (VMware, Inc.) C:Windowssystem32vnetlib64.dll2014-06-12 18:22 - 2014-07-04 12:22 - 00437976 _____ (VMware, Inc.) C:WindowsSysWOW64vmnat.exe2014-06-12 18:22 - 2014-07-04 12:22 - 00032472 _____ (VMware, Inc.) C:Windowssystem32DriversVMparport.sys2014-06-12 18:22 - 2014-07-04 12:22 - 00031448 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetuserif.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00080464 _____ (VMware, Inc.) C:Windowssystem32vmnetbridge.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00049232 _____ (VMware, Inc.) C:Windowssystem32vnetinst.dll2014-06-12 18:22 - 2014-06-12 18:22 - 00046160 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetbridge.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00024656 _____ (VMware, Inc.) C:Windowssystem32Driversvmnet.sys2014-06-12 18:22 - 2014-06-12 18:22 - 00020560 _____ (VMware, Inc.) C:Windowssystem32Driversvmnetadapter.sys2014-06-12 18:21 - 2014-07-04 12:22 - 00033496 _____ (VMware, Inc.) C:Windowssystem32DriversVMkbd.sys2014-06-11 13:46 - 2014-06-10 19:26 - 00000000 ____D () C:Program Files (x86)Mozilla Firefox2014-06-10 23:34 - 2014-04-10 20:05 - 00000000 ____D () C:Windowssystem32MRT2014-06-10 23:33 - 2014-04-10 20:05 - 95414520 _____ (Microsoft Corporation) C:Windowssystem32MRT.exe2014-06-10 00:54 - 2014-05-07 21:29 - 00000000 ____D () C:UsersNightRiderAppDataRoamingSumatraPDF==================== Bamital & volsnap Check =================C:WindowsSystem32winlogon.exe => File is digitally signedC:WindowsSystem32wininit.exe => File is digitally signedC:WindowsSysWOW64wininit.exe => File is digitally signedC:Windowsexplorer.exe => File is digitally signedC:WindowsSysWOW64explorer.exe => File is digitally signedC:WindowsSystem32svchost.exe => File is digitally signedC:WindowsSysWOW64svchost.exe => File is digitally signedC:WindowsSystem32services.exe => File is digitally signedC:WindowsSystem32User32.dll => File is digitally signedC:WindowsSysWOW64User32.dll => File is digitally signedC:WindowsSystem32userinit.exe => File is digitally signedC:WindowsSysWOW64userinit.exe => File is digitally signedC:WindowsSystem32rpcss.dll => File is digitally signedC:WindowsSystem32Driversvolsnap.sys => File is digitally signedLastRegBack: 2014-06-28 12:09==================== End Of Log ============================ Addition.txt
  10. Здравейте. Доколото разбрах от http://www.kaldata.com/forums/topic/223338-странен-проблем-с-компютъра-ми/ ме препратиха при вас. От два дни компютърът ми не може да отваря повечето интернет сайтове - facebook, yahoo.com, В vbox7 и novatv.bg клиповете не вървят. Същото беше и с youtube.com - сега там вървят, но зареждат ужасно бавно. Пуснах 3 пъти антивирусната ми програма Eset Nod 32, първия път откри два инфектирани файла, сега показва, че няма вируси. Когато не е в интернет, компютърът ми си работи много бързо и добре, включително с записи на клипове и филми. Използвах браузер Google Crome, но снощи го изтрих. Сега използвам Internet Explorer, положението е същото. Опитвам се да инсталирам пак Google Crome, но страницата му дори не се отваря. В момента успявам да отворя dir.bg, elmaz.com, abv.bg и някои по-леки предимно текстови сайтове. Обадих се да проверят интернет връзката, казаха ми, че в момента е оправена и е супер. Единствената промяна при мен беше, че можех да гледам клипове във vbox7, а в youtube.com не - сега е обратното! Не виждам никаква логика. Нещо се случва с компютъра ми.
  11. Здравейте! На скоро прихванах тая гадинка KillAV.dr. Антивирусната я засича и я трие но без успех. Създава копия на C:\Users\Public\ и всички директории във нея. Изтрих цялата Public папка с надеждата че просто няма да има къде да създава файлове но то пак си я създаде и продължи просто да създава: Public.exe Public.rar Public.txt Public.bat и тн. със всички възможни разширения. Mawlarebytes и Avast! го намират и трият но предполагам че въпросните копия не са самия вирус и той се крие някъде другаде.
  12. Здравейте.Надявам се някой да помогне за следното. При стартиране на Уиндоуса се забавя много връзката с интернет(активиране на иконката с монитора на тулбара). Бях с браузър Chrome,когато се появи това.След което се появи друг проблем.При стартиране на произволен сайт се появяваха много реклами(изкачащи в същата страница и отварящи се нови страници).Най-лесното за мен решение беше да изтрия Chrome и инсталирах Mozilla.Проблемът с рекламите изчезна,но бавната връзка при стартирането си остана и при този браузър.Прави ми впечатление и това,че при отваряне на страница с разни снимки,преди да се заредят,виждам бели прозорчета с хиксчето в горния ъгъл-това при Chrome го нямаше.Каво мислите за това? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Admin (administrator) on ADMIN-PC on 03-02-2015 15:34:25 Running from D:\Downloads Loaded Profiles: Admin (Available profiles: Admin) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files (x86)\Vtune\TBPANEL.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.) HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKU\S-1-5-21-2122364038-41154087-1698926458-1000\...\Run: [TBPanel] => C:\Program Files (x86)\Vtune\TBPanel.exe [2248704 2011-08-02] () HKU\S-1-5-21-2122364038-41154087-1698926458-1000\...\MountPoints2: {0eede1f3-49d2-11e1-bd08-f46d04dd4de0} - G:\setup.exe HKU\S-1-5-21-2122364038-41154087-1698926458-1000\...\MountPoints2: {1dcf16fe-a399-11e4-a5d9-f46d04dd4de0} - F:\setup.exe HKU\S-1-5-21-2122364038-41154087-1698926458-1000\...\MountPoints2: {49fdbb18-1857-11e1-81f0-f46d04dd4de0} - F:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=fp-yie11 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/?fr=fp-yie11 HKU\S-1-5-21-2122364038-41154087-1698926458-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2122364038-41154087-1698926458-1000 -> {A2B1F8D8-D31B-4BF5-8B06-6117C3E997CF} URL = https://delicious.com/search?p={searchTerms} SearchScopes: HKU\S-1-5-21-2122364038-41154087-1698926458-1000 -> {A2F03616-3CC6-479C-947D-56D368A2AC64} URL = https://www.flickr.com/search/?q={searchTerms} SearchScopes: HKU\S-1-5-21-2122364038-41154087-1698926458-1000 -> {A715C782-AB21-47F2-A97C-1B458A9E4953} URL = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11 BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2122364038-41154087-1698926458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 46.40.72.18 46.40.72.17 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4zmyxi5d.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2015-01-17] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2015-01-17] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2015-01-17] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2015-01-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] () R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] () R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed] R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-01-28] () R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] () S3 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation) S2 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows ® Server 2003 DDK provider) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation) R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation) R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation) S3 TBPanel; No ImagePath S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare) S1 jfdlhuqz; \??\C:\Windows\system32\drivers\jfdlhuqz.sys [X] S3 NPF; system32\drivers\NPF.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 15:33 - 2015-02-03 15:34 - 00000000 ____D () C:\FRST 2015-02-03 14:02 - 2015-02-03 14:02 - 00003352 ____N () C:\bootsqm.dat 2015-01-31 19:27 - 2015-01-31 19:27 - 00000813 _____ () C:\Users\Admin\Desktop\µTorrent.lnk 2015-01-31 19:27 - 2015-01-31 19:27 - 00000793 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-01-31 19:26 - 2015-01-31 19:26 - 00000000 ____D () C:\ProgramData\APN 2015-01-31 17:56 - 2015-01-31 17:56 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2015-01-31 17:49 - 2015-01-31 17:56 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-31 17:36 - 2015-02-03 14:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-31 17:36 - 2015-01-31 17:36 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-31 17:36 - 2015-01-31 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-31 17:36 - 2015-01-31 17:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-31 17:36 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-31 17:36 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-31 17:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-27 12:47 - 2015-01-27 12:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Macromedia 2015-01-27 12:44 - 2015-02-03 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-27 12:44 - 2015-01-27 12:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla 2015-01-27 12:44 - 2015-01-27 12:44 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-27 12:44 - 2015-01-27 12:44 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-27 12:44 - 2015-01-27 12:44 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-27 12:44 - 2015-01-27 12:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 10:47 - 2014-12-13 07:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-01-27 10:47 - 2014-12-13 05:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-01-27 10:43 - 2015-01-27 10:43 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList 2015-01-27 02:40 - 2014-11-27 03:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-01-27 02:40 - 2014-11-27 03:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-01-27 02:40 - 2014-11-22 05:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-01-27 02:40 - 2014-11-22 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-01-27 02:40 - 2014-11-22 05:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-01-27 02:40 - 2014-11-22 04:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-01-27 02:40 - 2014-11-22 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-01-27 02:40 - 2014-11-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-01-27 02:40 - 2014-11-22 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-01-27 02:40 - 2014-11-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-01-27 02:40 - 2014-11-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-01-27 02:40 - 2014-11-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-01-27 02:40 - 2014-11-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-01-27 02:40 - 2014-11-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-01-27 02:40 - 2014-11-22 04:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-01-27 02:40 - 2014-11-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-01-27 02:40 - 2014-11-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-01-27 02:40 - 2014-11-22 04:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-01-27 02:40 - 2014-11-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-01-27 02:40 - 2014-11-22 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-01-27 02:40 - 2014-11-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-01-27 02:40 - 2014-11-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-01-27 02:40 - 2014-11-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-01-27 02:40 - 2014-11-22 04:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-01-27 02:40 - 2014-11-22 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-01-27 02:40 - 2014-11-22 04:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-01-27 02:40 - 2014-11-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-01-27 02:40 - 2014-11-22 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-01-27 02:40 - 2014-11-22 04:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-01-27 02:40 - 2014-11-22 03:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-01-27 02:40 - 2014-11-22 03:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-01-27 02:40 - 2014-11-22 03:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-01-27 02:40 - 2014-11-22 03:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-01-27 02:40 - 2014-11-22 03:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-01-27 02:40 - 2014-11-22 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-01-27 02:40 - 2014-11-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-01-27 02:40 - 2014-11-22 03:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-01-27 02:40 - 2014-11-22 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-01-27 02:40 - 2014-11-22 03:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-01-27 02:40 - 2014-11-22 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-01-27 02:40 - 2014-11-22 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-01-27 02:40 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-01-27 02:40 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-01-27 02:40 - 2014-11-22 03:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-01-27 02:40 - 2014-11-22 03:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-01-27 02:40 - 2014-11-22 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-01-27 02:40 - 2014-11-22 03:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-01-27 02:40 - 2014-11-22 03:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-01-27 02:40 - 2014-11-22 03:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-01-27 02:40 - 2014-11-22 03:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-01-27 02:40 - 2014-11-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-01-27 02:40 - 2014-11-22 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-01-27 02:40 - 2014-11-22 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-01-27 02:40 - 2014-11-22 02:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-01-27 02:00 - 2015-02-01 10:07 - 00002726 _____ () C:\Windows\PFRO.log 2015-01-27 01:26 - 2015-02-03 14:03 - 00002744 _____ () C:\Windows\setupact.log 2015-01-27 01:26 - 2015-01-27 01:26 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-25 14:16 - 2015-01-25 14:16 - 00001193 _____ () C:\Windows\system32\1 hands FIPA SOCCER COACH ATHLETE embarrassing moments boner funny erectile dysfunction viagra sexual impotence photo picture cure remedy symptoms bulge men guy man top best hilarious medical procedur.lnk 2015-01-25 13:10 - 2015-01-25 14:10 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-21 11:05 - 2014-10-18 04:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-01-21 11:05 - 2014-10-18 03:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-01-21 11:05 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-01-21 11:05 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-01-21 11:05 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-01-21 11:05 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-01-21 11:05 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-01-21 11:05 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-01-21 11:05 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-01-21 11:05 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-01-21 10:56 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-21 10:56 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-21 10:56 - 2014-12-12 07:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-21 10:56 - 2014-12-12 07:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-21 10:56 - 2014-12-12 07:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-21 10:56 - 2014-12-12 07:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-21 10:56 - 2014-12-12 07:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-21 10:56 - 2014-12-12 07:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-21 10:56 - 2014-12-12 07:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-21 10:56 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-21 10:56 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-21 10:56 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-21 10:56 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-21 10:56 - 2014-11-11 05:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-01-21 10:56 - 2014-11-11 05:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-01-21 10:56 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2015-01-21 10:56 - 2014-11-11 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-01-21 10:56 - 2014-11-11 04:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-01-21 10:56 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2015-01-21 10:56 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-01-21 10:56 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-01-21 10:56 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-01-21 10:56 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2015-01-21 10:56 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2015-01-21 10:56 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-01-21 10:56 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-01-21 10:56 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-01-21 10:56 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-01-21 10:56 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-01-21 10:56 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-01-21 10:56 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-01-21 10:56 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-01-21 10:56 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-01-21 10:56 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-01-17 17:51 - 2015-01-17 17:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software 2015-01-17 17:51 - 2015-01-17 17:51 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software 2015-01-17 17:50 - 2015-01-17 17:52 - 00001332 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk 2015-01-17 17:50 - 2015-01-17 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2015-01-17 17:50 - 2015-01-17 17:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2015-01-17 17:49 - 2015-01-17 17:50 - 00000000 ____D () C:\Program Files (x86)\Freemake ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 15:10 - 2013-09-04 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-03 14:57 - 2011-11-21 21:49 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 14:29 - 2011-11-21 21:35 - 01498658 _____ () C:\Windows\WindowsUpdate.log 2015-02-03 14:17 - 2011-11-21 15:43 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{77122C95-C486-48DE-8C13-2BB165780A7B} 2015-02-03 14:12 - 2009-07-14 06:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-03 14:12 - 2009-07-14 06:45 - 00015008 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-03 14:03 - 2011-11-21 21:49 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-03 14:03 - 2011-11-21 15:43 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-03 14:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-03 13:15 - 2013-09-04 19:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 13:15 - 2013-09-04 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 13:15 - 2013-09-04 19:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-03 13:14 - 2014-09-25 22:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-02-03 10:33 - 2012-02-20 20:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent 2015-02-03 01:54 - 2014-10-20 21:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc 2015-02-02 23:54 - 2014-03-05 23:02 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc 2015-01-31 17:36 - 2013-01-22 20:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 17:19 - 2012-09-16 20:48 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies 2015-01-29 21:12 - 2011-12-10 22:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2015-01-27 19:17 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-27 13:56 - 2014-07-15 22:10 - 00000000 ____D () C:\Windows\rescache 2015-01-27 12:44 - 2014-04-27 15:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla 2015-01-27 11:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-27 02:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-27 02:09 - 2011-11-21 21:49 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google 2015-01-27 02:09 - 2011-11-21 21:49 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-26 23:20 - 2012-01-28 20:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite 2015-01-24 17:41 - 2011-11-26 20:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-01-21 11:09 - 2011-12-30 14:07 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-21 11:04 - 2013-07-20 23:53 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-17 17:53 - 2011-11-24 00:11 - 00001413 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-17 17:52 - 2014-03-31 00:44 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-01-17 17:50 - 2013-02-04 14:15 - 00000000 ____D () C:\ProgramData\Freemake 2015-01-08 09:55 - 2011-11-21 18:17 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2012-05-04 09:04 - 2012-05-04 09:04 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll 2014-09-22 11:05 - 2014-11-02 14:49 - 0000000 _____ () C:\Users\Admin\AppData\Roaming\Radio Sounds 2012-02-06 02:33 - 2012-06-29 00:10 - 0007601 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2014-03-08 21:42 - 2014-03-08 21:44 - 0299308 _____ () C:\Users\Admin\AppData\Local\rx_image32.Cache 2014-10-20 20:39 - 2014-10-20 20:39 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2012-06-04 14:37 - 2012-06-04 14:37 - 0034308 _____ () C:\ProgramData\mazuki.dll 2014-09-22 10:12 - 2014-09-22 10:49 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT 2014-09-22 11:05 - 2014-11-02 14:49 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2014-09-22 11:05 - 2014-11-02 14:49 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2014-09-22 11:05 - 2014-11-02 14:49 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT 2014-11-02 14:49 - 2014-11-02 14:49 - 0000000 _____ () C:\ProgramData\Plug-In Settings 2014-11-02 14:49 - 2014-11-02 14:49 - 0000000 _____ () C:\ProgramData\Quartz Composer 2012-07-30 22:10 - 2012-07-30 22:10 - 0002462 _____ () C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag Files to move or delete: ==================== C:\ProgramData\mazuki.dll Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\HitmanPro.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\utt3377.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 15:21 ==================== End Of Log ============================ Addition.txt
  13. Здравейте , Мисля,че съм заразен с въпросният вирус,защото като търся нещо в Google ме пренасочва към ipv4.google.com/sorry/... и трябва да въведа знаци (CAPTCHA) за да продължа напред. Сканирах с Аваст и Malwarebytes A-M, също така почистих с Ccleaner, но без никакъв резултат.Надявам се вие да ми помогнете FRST LOG: ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Windows\vsnp325.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe () C:\Windows\FixCamera.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [snp325] => C:\Windows\vsnp325.exe [835584 2007-05-10] () HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] () HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-1948220024-2437248343-2704207394-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd) HKU\S-1-5-21-1948220024-2437248343-2704207394-1000\...\Run: [uTorrent] => "C:\Users\D>744=\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Гроздан\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @raidcall.kr/RCplugin -> C:\Users\Гроздан\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-30] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-05-25] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-10-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-10-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-10-30] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-26] (DT Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 SNP325; C:\Windows\System32\DRIVERS\snp325.sys [10719104 2007-07-24] (Sonix Co. Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-16 19:04 - 2014-09-16 19:04 - 00009381 _____ () C:\Users\Гроздан\Desktop\FRST.txt 2014-09-16 19:03 - 2014-09-16 19:04 - 00000000 ____D () C:\FRST 2014-09-16 19:02 - 2014-09-16 19:03 - 02105856 _____ (Farbar) C:\Users\Гроздан\Desktop\FRST64.exe 2014-09-16 14:32 - 2014-09-16 14:32 - 00000000 ____D () C:\Users\Гроздан\AppData\Local\Adobe 2014-09-11 20:23 - 2014-09-11 20:23 - 00000000 ____D () C:\Users\Гроздан\AppData\Roaming\Grand Theft Auto IV 2014-09-11 20:23 - 2014-09-11 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2014-09-10 17:55 - 2014-08-15 18:48 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 17:55 - 2014-08-15 18:36 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 17:55 - 2014-08-15 18:35 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 17:55 - 2014-08-15 18:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 17:55 - 2014-08-15 18:31 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 17:55 - 2014-08-15 18:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 17:55 - 2014-08-15 18:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-10 17:55 - 2014-08-15 18:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 17:55 - 2014-08-15 18:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 17:55 - 2014-08-15 18:29 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-10 17:55 - 2014-08-15 18:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 17:55 - 2014-08-15 18:28 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 17:55 - 2014-08-15 18:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-10 17:55 - 2014-08-15 18:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-10 17:55 - 2014-08-15 17:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 17:55 - 2014-08-15 17:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 17:55 - 2014-08-15 17:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 17:55 - 2014-08-15 17:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 17:55 - 2014-08-15 17:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 17:55 - 2014-08-15 17:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 17:55 - 2014-08-15 17:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 17:55 - 2014-08-15 17:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 17:55 - 2014-08-15 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-09-10 17:55 - 2014-08-15 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 17:55 - 2014-08-15 17:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 17:55 - 2014-08-15 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 17:55 - 2014-08-15 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-09-10 17:55 - 2014-08-15 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-09-10 17:44 - 2014-08-01 14:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 17:44 - 2014-08-01 14:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 17:44 - 2014-07-07 05:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 17:44 - 2014-07-07 05:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 17:44 - 2014-07-07 04:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 17:44 - 2014-07-07 04:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 17:44 - 2014-07-07 04:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-03 12:26 - 2014-09-16 14:04 - 00003304 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Гроздан 2014-08-31 14:28 - 2014-08-31 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-28 12:24 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 12:24 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 12:24 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 13:20 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-22 13:20 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-22 13:20 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-22 13:20 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-22 13:20 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-22 13:20 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-22 13:20 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-22 13:20 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-22 13:20 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-22 13:20 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-22 13:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-22 13:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-22 13:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-22 13:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-16 19:04 - 2014-09-16 19:04 - 00009381 _____ () C:\Users\Гроздан\Desktop\FRST.txt 2014-09-16 19:04 - 2014-09-16 19:03 - 00000000 ____D () C:\FRST 2014-09-16 19:03 - 2014-09-16 19:02 - 02105856 _____ (Farbar) C:\Users\Гроздан\Desktop\FRST64.exe 2014-09-16 18:46 - 2014-01-21 01:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-16 18:17 - 2014-04-13 13:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-16 16:27 - 2012-11-26 21:32 - 00000000 ____D () C:\Users\Гроздан\AppData\Roaming\uTorrent 2014-09-16 14:32 - 2014-09-16 14:32 - 00000000 ____D () C:\Users\Гроздан\AppData\Local\Adobe 2014-09-16 14:17 - 2012-11-26 11:03 - 01193009 ____N () C:\Windows\WindowsUpdate.log 2014-09-16 14:11 - 2009-07-14 07:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-16 14:11 - 2009-07-14 07:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-16 14:05 - 2012-11-26 15:34 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-16 14:04 - 2014-09-03 12:26 - 00003304 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Гроздан 2014-09-16 14:04 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-14 17:43 - 2012-11-27 18:44 - 00000000 ____D () C:\Program Files (x86)\steam 2014-09-14 17:43 - 2012-11-26 21:48 - 00000000 ____D () C:\Users\Гроздан\AppData\Roaming\DAEMON Tools Pro 2014-09-13 21:31 - 2012-11-28 00:15 - 00000000 ____D () C:\Users\Гроздан\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-09-12 14:16 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-11 20:23 - 2014-09-11 20:23 - 00000000 ____D () C:\Users\Гроздан\AppData\Roaming\Grand Theft Auto IV 2014-09-11 20:23 - 2014-09-11 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2014-09-11 17:02 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache 2014-09-10 21:46 - 2014-01-21 01:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 21:46 - 2014-01-21 01:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-10 21:46 - 2014-01-21 01:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 18:02 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2014-09-10 18:02 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-09-10 17:54 - 2012-11-26 12:50 - 00769944 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 17:54 - 2009-07-14 08:13 - 00769944 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 17:53 - 2013-07-11 09:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 17:46 - 2012-11-26 12:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-07 15:47 - 2012-11-27 18:17 - 00000000 ____D () C:\Users\Гроздан\AppData\Roaming\Skype 2014-08-31 14:28 - 2014-08-31 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-08-31 14:28 - 2013-02-17 16:36 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-31 14:28 - 2012-11-27 18:17 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-08-31 14:28 - 2012-11-26 15:16 - 00000000 ____D () C:\ProgramData\Skype 2014-08-28 12:27 - 2009-07-14 07:45 - 00408224 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-25 22:52 - 2014-08-15 15:19 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-25 06:53 - 2010-11-21 06:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 05:07 - 2014-08-28 12:24 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 04:45 - 2014-08-28 12:24 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 03:59 - 2014-08-28 12:24 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 12:33 - 2009-07-14 08:08 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-07 17:58 ==================== End Of Log ============================ Addition.txt
  14. Здравейте имам съмнения от 1 файл който изтеглих и естествено отворих (Може да е от Dark Comet Cybergate или там каквито са..) . Не съм забелязвал машината да се държи странно,забавяния.. Ето и логовете от Farbar Recovery Scan Tool. (Пускам темата защото имам много важни неща на машината които са платени..)
  15. Здравейте, роднина ме помоли да му помогна ако мога с лаптопа. Проблема му е, че като цяло работи бавно и това, което ми направи на мен впечатление, е че онзи ден, когато свързах чисто нова флашка с лаптопа тя се зарази с вирус(по късно при пускане на флашката на друг компютър излезна проблемаю) Ето FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 03Ran by ADV (administrator) on DELL on 26-01-2014 22:47:53Running from C:Documents and SettingsADVMy DocumentsDownloadsMicrosoft Windows XP Professional Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 6Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) ===================() C:WINDOWSsystem32WLTRYSVC.EXE(Dell Inc.) C:WINDOWSsystem32BCMWLTRY.EXE(IDT, Inc.) C:Program FilesIDTXPM09_6047v002WDMstacsv.exe(ReviverSoft LLC) C:Program FilesReviverSoftRegistry ReviverRegistryReviver.exe(Dell Inc.) C:WINDOWSsystem32WLTRAY.EXE(MindSpark) C:Program FilesVideoDownloadConverter_4zbar1.bin4zSrchMn.exe(MindSpark) C:Program FilesFromDocToPDF_65bar1.bin65SrchMn.exe(RealNetworks, Inc.) C:Program FilesRealRealPlayerUpdaterealsched.exe(BitTorrent, Inc.) C:Program FilesuTorrentuTorrent.exe(SqueakyChocolate, LLC) C:Program FilesSqueakyChocolateUpdateCheckerUpdateCheckerApp.exe() C:WINDOWSDatecsFlex2K.exe(McAfee, Inc.) C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe(Apple Inc.) C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe(Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE(Apple Inc.) C:Program FilesBonjourmDNSResponder.exe(Ciela Soft And Publishing) C:Program FilesCielaCiela 5.0ServerCielaServer.exe(Firebird Project) C:Program FilesCielaCiela 5.0ServerFirebird-2.1.2.18118-0_Win32binfbserver.exe(Freemake) C:Documents and SettingsAll UsersApplication DataFreemakeFreemakeUtilsServiceFreemakeUtilsService.exe(Oracle Corporation) C:Program FilesJavajre7binjqs.exe(Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe() C:Program FilesT-MobileConnection ManagerBackgroundServiceServiceManager.exe() C:Program FilesHTCInternet Pass-ThroughPassThruSvr.exe(TuneUp Software) C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesService32.exe() C:Program FilesM-Tel NETAGENTAssistantServices.exe(TuneUp Software) C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesApp32.exe(Microsoft Corporation) C:WINDOWSsystem32wscntfy.exe(Mozilla Corporation) C:Program FilesMozilla Firefoxfirefox.exe(Mozilla Corporation) C:Program FilesMozilla Firefoxplugin-container.exe==================== Registry (Whitelisted) ==================HKLM...Run: [Broadcom Wireless Manager UI] - C:WINDOWSsystem32WLTRAY.exe [2289664 2008-11-26] (Dell Inc.)HKLM...Run: [VideoDownloadConverter Search Scope Monitor] - C:Program FilesVideoDownloadConverter_4zbar1.bin4zSrchMn.exe [44784 2013-09-29] (MindSpark)HKLM...Run: [FromDocToPDF Search Scope Monitor] - C:Program FilesFromDocToPDF_65bar1.bin65SrchMn.exe [42536 2013-04-07] (MindSpark)HKLM...Run: [TkBellExe] - C:Program FilesRealRealPlayerupdaterealsched.exe [295512 2013-11-02] (RealNetworks, Inc.)HKLM...Run: [APSDaemon] - C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKCU...Run: [uTorrent] - C:Program FilesuTorrentuTorrent.exe [1020816 2012-06-17] (BitTorrent, Inc.)HKCU...Run: [UpdateChecker] - C:Program FilesSqueakyChocolateUpdateCheckerUpdateCheckerApp.exe [7168 2013-08-25] (SqueakyChocolate, LLC)HKCU...Run: [NextLive] - C:Documents and SettingsADVApplication Datanewnext.menengine.dll [1283584 2013-11-14] (NewNextDotMe)MountPoints2: {1db17f4a-b2d1-11e1-895e-b25bfb460082} - I:NAUCIO///takabila.exeMountPoints2: {22d5ade4-5992-11e2-8a06-00225f8858e2} - D:MountPoints2: {27884e0c-7a98-11e1-8911-0023ae2b38ff} - D:AutoRun.exeMountPoints2: {358587e4-6522-11e1-88ee-00225f8858e2} - D:AutoRun.exeMountPoints2: {3acd81c4-5952-11e1-88de-00225f8858e2} - D:AutoRun.exeMountPoints2: {3acd81c7-5952-11e1-88de-00225f8858e2} - D:AutoRun.exeMountPoints2: {570884bd-8bca-11e1-8928-001e101feb89} - J:NAUCIO///takabila.exeMountPoints2: {5aa5ebd6-f775-11e2-8a81-00225f8858e2} - D:Autorun.exeMountPoints2: {5b634fb6-348d-11e1-88b7-00225f8858e2} - H:NAUCIO///takabila.exeMountPoints2: {5b634fb7-348d-11e1-88b7-00225f8858e2} - D:Install_Nokia_Ovi_Suite.exeMountPoints2: {613153bf-13d2-11e2-89cf-00225f8858e2} - H:NAUCIO///takabila.exeMountPoints2: {81d7875c-4121-11e1-88c2-00225f8858e2} - D:NAUCIO///takabila.exeMountPoints2: {bfecfe06-160a-11e2-89d6-00225f8858e2} - D:Startme.exeMountPoints2: {ec981daa-85c7-11e3-8b19-00225f8858e2} - D:NAUCIO///takabila.exeMountPoints2: {f077b58e-57c6-11e1-88da-00225f8858e2} - D:AutoRun.exeMountPoints2: {f077b591-57c6-11e1-88da-00225f8858e2} - D:AutoRun.exeStartup: C:Documents and SettingsADVStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE (Microsoft Corporation)Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupFlexType 2K.lnkShortcutTarget: FlexType 2K.lnk -> C:WINDOWSDatecsFlex2K.exe ()Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupMcAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe (McAfee, Inc.)==================== Internet (Whitelisted) ====================HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN40251725102757373&UM=2&ctid=CT3282309HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htmHKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeHKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://websearch.simplespeedy.info/URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No FileURLSearchHook: HKCU - (No Name) - {e5593220-bcaf-4b30-89fe-af988d0eacaa} - No FileURLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:Program FilesFromDocToPDF_65bar1.bin65SrcAs.dll (MindSpark)URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:Program FilesVideoDownloadConverter_4zbar1.bin4zSrcAs.dll (MindSpark)URLSearchHook: HKCU - FreemakeGoldTB Toolbar - {7295d29e-90f4-4fa5-99c1-0168b51ac61b} - C:Program FilesFreemakeGoldTBprxtbFre1.dll (Conduit Ltd.)SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282309&CUI=UN40251725102757373&UM=2SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=IJBME&o=102809&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=4M&apn_dtid=YYYYYYSHBG&apn_uid=E38D5369-293E-44B4-9EEA-3C8408B3E668&apn_sauid=E93915D2-5BA0-4693-A545-4C551EFF114DSearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282309&CUI=UN40251725102757373&UM=2SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = http://eu.ask.com/web?l=dis&o=APN10019&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^BG&apn_ptnrs=^A4L &apn_uid=7061540000194139&p2=^A4L ^YYYYYY^YY^BG&q={searchTerms}SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}SearchScopes: HKCU - {DCDBBF03-BC10-457D-911F-EFB0321D22BE} URL = ${SRCH_SCP_URL}BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:Program FilesMcAfee Security Scan3.8.130McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:Program FilesVideoDownloadConverter_4zbar1.bin4zbar.dll (MindSpark)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)BHO: FreemakeGoldTB Toolbar - {7295d29e-90f4-4fa5-99c1-0168b51ac61b} - C:Program FilesFreemakeGoldTBprxtbFre1.dll (Conduit Ltd.)BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:Program FilesFromDocToPDF_65bar1.bin65bar.dll (MindSpark)BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:Program FilesVideoDownloadConverter_4zbar1.bin4zSrcAs.dll (MindSpark)BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)BHO: SmileysWeLoveToolbar - {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - C:Program FilesSmileys We Love Toolbar for IEadxloader.dll ()BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:Program FilesFromDocToPDF_65bar1.bin65SrcAs.dll (MindSpark)Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:Program FilesFromDocToPDF_65bar1.bin65bar.dll (MindSpark)Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKLM - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:Program FilesVideoDownloadConverter_4zbar1.bin4zbar.dll (MindSpark)Toolbar: HKLM - FreemakeGoldTB Toolbar - {7295d29e-90f4-4fa5-99c1-0168b51ac61b} - C:Program FilesFreemakeGoldTBprxtbFre1.dll (Conduit Ltd.)Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:Program FilesSmileys We Love Toolbar for IEadxloader.dll ()Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:WINDOWSsystem32browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:WINDOWSsystem32SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - FromDocToPDF - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:Program FilesFromDocToPDF_65bar1.bin65bar.dll (MindSpark)Toolbar: HKCU - VideoDownloadConverter - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:Program FilesVideoDownloadConverter_4zbar1.bin4zbar.dll (MindSpark)Toolbar: HKCU - FreemakeGoldTB Toolbar - {7295D29E-90F4-4FA5-99C1-0168B51AC61B} - C:Program FilesFreemakeGoldTBprxtbFre1.dll (Conduit Ltd.)DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/bg/Core/Player/2020PlayerAX_IKEA_Win32.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)Winsock: Catalog5 04 C:Program FilesBonjourmdnsNSP.dll [121704] (Apple Inc.)TcpipParameters: [DhcpNameServer] 192.168.0.1Tcpip..Interfaces{AFE50EDA-3E77-414B-AA89-064FFBFFF515}: [NameServer]89.190.192.247,89.190.192.248FireFox:========FF ProfilePath: C:Documents and SettingsADVApplication DataMozillaFirefoxProfilesu4xk9lze.defaultFF user.js: detected! => C:Documents and SettingsADVApplication DataMozillaFirefoxProfilesu4xk9lze.defaultuser.jsFF DefaultSearchEngine: FreemakeGoldTB Customized Web SearchFF SelectedSearchEngine: FreemakeGoldTB Customized Web SearchFF Homepage: hxxp://search.conduit.com/?ctid=CT3282309&CUI=UN35247875342146228&UM=2&SearchSource=13FF Plugin: @adobe.com/FlashPlayer - C:WINDOWSsystem32MacromedFlashNPSWF32_11_9_900_170.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()FF Plugin: @FromDocToPDF_65.com/Plugin - C:Program FilesFromDocToPDF_65bar1.binNP65Stub.dll (MindSpark)FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:WINDOWSsystem32npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)FF Plugin: @mcafee.com/McAfeeMssPlugin - C:Program FilesMcAfee Security Scan3.8.130npMcAfeeMss.dll (McAfee, Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 - C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:Program FilesRealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:Program FilesRealRealPlayerNetscape6nprpplugin.dll (RealPlayer)FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:Program FilesVideoDownloadConverter_4zbar1.binNP4zStub.dll (MindSpark)FF Plugin: Adobe Reader - C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:Documents and SettingsADVApplication DataMozillaFirefoxProfilesu4xk9lze.defaultsearchpluginsaskcom.xmlFF SearchPlugin: C:Documents and SettingsADVApplication DataMozillaFirefoxProfilesu4xk9lze.defaultsearchpluginsconduit.xmlFF SearchPlugin: C:Program Filesmozilla firefoxsearchpluginsask.xmlFF Extension: FreemakeGoldTB - C:Documents and SettingsADVApplication DataMozillaFirefoxProfilesu4xk9lze.defaultExtensions{7295d29e-90f4-4fa5-99c1-0168b51ac61b} [2013-12-22]FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:Documents and SettingsADVApplication DataMozillaFirefoxProfilesu4xk9lze.defaultExtensionsjid1-vW9nopuIAJiRHw@jetpack.xpi [2013-11-02]FF HKLM...FirefoxExtensions: [65ffxtbr@FromDocToPDF_65.com] - C:Program FilesFromDocToPDF_65bar1.binFF Extension: FromDocToPDF - C:Program FilesFromDocToPDF_65bar1.bin [2013-04-07]FF HKLM...FirefoxExtensions: [ff-bmboc@bytemobile.com] - C:Program FilesT-MobileConnection ManageraddonFF Extension: Bytemobile Optimization Client - C:Program FilesT-MobileConnection Manageraddon [2013-07-28]FF HKLM...FirefoxExtensions: [4zffxtbr@VideoDownloadConverter_4z.com] - C:Program FilesVideoDownloadConverter_4zbar1.binFF Extension: VideoDownloadConverter - C:Program FilesVideoDownloadConverter_4zbar1.bin [2013-09-29]FF HKLM...FirefoxExtensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension []Chrome: =======CHR HomePage: hxxp://websearch.simplespeedy.info/CHR RestoreOnStartup: "hxxp://websearch.simplespeedy.info/"CHR Extension: (coaNtinuettosave) - C:Documents and SettingsADVLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsaehaadobfemdjkfmobancnblnpgkeecn [2013-03-10]CHR Extension: (Free Smileys & Emoticons) - C:Documents and SettingsADVLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfjbbjfdilbioabojmcplalojlmdngbjl [2013-11-02]CHR HKLM...ChromeExtension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:Documents and SettingsADVApplication DataBabSolutionCRDelta.crx [2013-09-29]========================== Services (Whitelisted) =================R2 CielaServerService; C:Program FilesCielaCiela 5.0ServerCielaServer.exe [208896 2009-09-07] (Ciela Soft And Publishing)R2 FirebirdServerFirebird 2.1 Ciela; C:Program FilesCielaCiela 5.0ServerFirebird-2.1.2.18118-0_Win32binfbserver.exe [2732032 2009-02-28] (Firebird Project)R2 Freemake Improver; C:Documents and SettingsAll UsersApplication DataFreemakeFreemakeUtilsServiceFreemakeUtilsService.exe [96768 2012-07-13] (Freemake)S2 FromDocToPDF_65Service; C:Program FilesFromDocToPDF_65bar1.bin65barsvc.exe [42504 2013-04-07] (COMPANYVERS_NAME)R2 JavaQuickStarterService; C:Program FilesJavajre7binjqs.exe [161768 2012-10-12] (Oracle Corporation)S3 McComponentHostService; C:Program FilesMcAfee Security Scan3.8.130McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)R2 Modem Device Helper; C:Program FilesT-MobileConnection ManagerBackgroundServiceServiceManager.exe [51576 2012-04-25] ()R2 PassThru Service; C:Program FilesHTCInternet Pass-ThroughPassThruSvr.exe [166912 2012-10-08] ()S3 Sony PC Companion; C:Program FilesSonySony PC CompanionPCCService.exe [155824 2013-02-04] (Avanquest Software)R2 STacSV; c:program filesidtxpm09_6047v002wdmSTacSV.exe [225362 2008-07-21] (IDT, Inc.)R2 TuneUp.UtilitiesSvc; C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesService32.exe [1729336 2013-12-10] (TuneUp Software)R2 UI Assistant Service; C:Program FilesM-Tel NETAGENTAssistantServices.exe [267088 2011-06-09] ()S2 VideoDownloadConverter_4zService; C:Program FilesVideoDownloadConverter_4zbar1.bin4zbarsvc.exe [42504 2013-09-29] (COMPANYVERS_NAME)R2 wltrysvc; C:WINDOWSSystem32bcmwltry.exe [2039808 2008-11-26] (Dell Inc.)R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x]==================== Drivers (Whitelisted) ====================R3 AESTAud; C:WINDOWSSystem32driversAESTAud.sys [108160 2008-07-11] (Andrea Electronics Corporation)R1 APPDRV; C:WINDOWSSYSTEM32DRIVERSAPPDRV.SYS [16128 2008-10-04] (Dell Inc)R3 BCM43XX; C:WINDOWSSystem32DRIVERSbcmwl5.sys [1391104 2008-11-26] (Broadcom Corporation)S3 CCDECODE; C:WINDOWSSystem32DRIVERSCCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)R0 imagedrv; C:WINDOWSSystem32Driversimagedrv.sys [5504 2004-03-02] (Ahead Software AG)R0 imagesrv; C:WINDOWSSystem32DRIVERSimagesrv.sys [125184 2004-03-02] (Ahead Software AG)S3 jrdusbser; C:WINDOWSSystem32DRIVERSjrdusbser.sys [105344 2011-08-05] (TCT International Mobile Ltd)S3 massfilter; C:WINDOWSSystem32driversmassfilter.sys [9216 2011-03-26] (MBB Incorporated)S3 NdisIP; C:WINDOWSSystem32DRIVERSNdisIP.sys [10880 2004-08-04] (Microsoft Corporation)R3 OA009Afx; C:WINDOWSsystem32DriversOA009Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)R3 OA009Ufd; C:WINDOWSSystem32DRIVERSOA009Ufd.sys [144544 2008-10-06] (Creative Technology Ltd.)R3 OA009Vid; C:WINDOWSSystem32DRIVERSOA009Vid.sys [268992 2008-10-07] (Creative Technology Ltd.)R3 RSUSBSTOR; C:WINDOWSSystem32DriversRTS5121.sys [157696 2008-08-26] (Realtek Semiconductor Corp.)S3 Secdrv; C:WINDOWSSystem32DRIVERSsecdrv.sys [27440 2004-07-17] ()R3 STHDA; C:WINDOWSSystem32driverssthda.sys [1384595 2008-07-21] (IDT, Inc.)R3 TuneUpUtilitiesDrv; C:Program FilesTuneUp Utilities 2013TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)R3 yukonwxp; C:WINDOWSSystem32DRIVERSyk51x86.sys [289664 2008-07-24] (Marvell)S3 ewusbnet; system32DRIVERSewusbnet.sys [x]S3 ew_hwusbdev; system32DRIVERSew_hwusbdev.sys [x]S3 huawei_enumerator; system32DRIVERSew_jubusenum.sys [x]S3 hwdatacard; system32DRIVERSewusbmdm.sys [x]S4 IntelIde; No ImagePathS3 Rts516xIR; system32DRIVERSRts516xIR.sys [x]S3 USBCCID; system32DRIVERSRts5161ccid.sys [x]U1 WS2IFSL; ==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-01-26 22:47 - 2014-01-26 22:47 - 00000000 ____D C:FRST2014-01-25 17:19 - 2014-01-25 17:19 - 00000264 _____ C:WINDOWSTasksPrismDowngrade.job2014-01-25 16:45 - 2014-01-26 22:40 - 00000320 _____ C:WINDOWSTasksStart Registry Reviver for DELL@ADV(logon).job2014-01-25 16:45 - 2014-01-25 16:45 - 00000903 _____ C:Documents and SettingsAll UsersDesktopRegistry Reviver.lnk2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Program FilesReviverSoft2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsAll UsersStart MenuProgramsReviverSoft2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataReviverSoft2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataRegistryReviver.exe2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsADVMy DocumentsAny Video Converter2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsADVApplication DataAnvSoft2014-01-25 16:44 - 2014-01-25 16:44 - 00000852 _____ C:Documents and SettingsADVDesktopAny Video Converter.lnk2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:Program FilesAnvSoft2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:Documents and SettingsAll UsersStart MenuProgramsAnvSoft2014-01-25 15:55 - 2014-01-25 15:56 - 00004754 _____ C:WINDOWSsetupapi.log2014-01-11 15:52 - 2014-01-11 15:52 - 00000000 ____D C:Program FilesCyrilla2014-01-11 15:52 - 2014-01-11 15:52 - 00000000 ____D C:Documents and SettingsADVStart MenuProgramsКирила Корект 20072014-01-04 22:47 - 2014-01-04 22:47 - 00000218 _____ C:Documents and SettingsADVLocal SettingsApplication Datarecently-used.xbel2013-12-31 14:25 - 2013-12-31 22:40 - 00000000 ____D C:Documents and SettingsADVApplication DataBitLord2013-12-31 14:25 - 2013-12-31 14:25 - 00000000 ____D C:Documents and SettingsADVApplication DataPython-Eggs2013-12-31 14:24 - 2014-01-26 22:42 - 00000000 ____D C:Documents and SettingsADVApplication Datanewnext.me2013-12-31 14:24 - 2014-01-12 12:51 - 00000000 ____D C:Documents and SettingsADVLocal SettingsApplication DataMobogenie2013-12-31 14:24 - 2014-01-12 12:48 - 00000000 ____D C:Documents and SettingsADVLocal SettingsApplication Datagenienext2013-12-31 14:24 - 2014-01-11 20:22 - 00000000 ____D C:Documents and SettingsADVLocal SettingsApplication Datacache2013-12-31 14:24 - 2014-01-10 09:13 - 00001455 _____ C:Documents and SettingsADVdaemonprocess.txt2013-12-31 14:24 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADVMy DocumentsMobogenie2013-12-31 14:24 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADV.android2013-12-31 14:23 - 2014-01-19 15:54 - 00000000 ____D C:Documents and SettingsADVStart MenuProgramsMobogenie2013-12-31 14:23 - 2014-01-04 22:47 - 00000000 ____D C:Documents and SettingsADVMy DocumentsBitLord2013-12-31 14:23 - 2013-12-31 14:23 - 00001664 _____ C:Documents and SettingsADVDesktopBitLord.lnk2013-12-31 14:23 - 2013-12-31 14:23 - 00000000 ____D C:Program FilesBitLord 22013-12-31 14:23 - 2013-12-31 14:23 - 00000000 ____D C:Documents and SettingsADVStart MenuProgramsBitLord2013-12-30 01:04 - 2014-01-03 02:55 - 00271658 _____ C:Documents and SettingsLocalServiceLocal SettingsApplication DataWPFFontCache_v0400-S-1-5-21-1715567821-1647877149-725345543-1003-0.dat==================== One Month Modified Files and Folders =======2014-01-26 22:47 - 2014-01-26 22:47 - 00000000 ____D C:FRST2014-01-26 22:46 - 2012-01-07 15:43 - 00000000 ____D C:Documents and SettingsADVApplication DatauTorrent2014-01-26 22:42 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADVApplication Datanewnext.me2014-01-26 22:42 - 2013-11-02 15:24 - 00000274 _____ C:WINDOWSTasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-1647877149-725345543-1003.job2014-01-26 22:42 - 2012-01-05 11:22 - 00000430 _____ C:WINDOWSsystem32Driversetchosts.ics2014-01-26 22:41 - 2011-12-05 23:08 - 01802541 _____ C:WINDOWSWindowsUpdate.log2014-01-26 22:40 - 2014-01-25 16:45 - 00000320 _____ C:WINDOWSTasksStart Registry Reviver for DELL@ADV(logon).job2014-01-26 22:40 - 2011-12-06 00:58 - 00000157 _____ C:WINDOWSwiadebug.log2014-01-26 22:40 - 2011-12-06 00:58 - 00000052 _____ C:WINDOWSwiaservc.log2014-01-26 22:40 - 2011-12-05 23:12 - 00000006 ____H C:WINDOWSTasksSA.DAT2014-01-26 22:40 - 2001-08-23 14:00 - 00002206 _____ C:WINDOWSsystem32wpa.dbl2014-01-25 23:14 - 2013-08-11 22:31 - 00000830 _____ C:WINDOWSTasksAdobe Flash Player Updater.job2014-01-25 19:30 - 2011-12-05 23:12 - 00032620 _____ C:WINDOWSSchedLgU.Txt2014-01-25 17:19 - 2014-01-25 17:19 - 00000264 _____ C:WINDOWSTasksPrismDowngrade.job2014-01-25 16:45 - 2014-01-25 16:45 - 00000903 _____ C:Documents and SettingsAll UsersDesktopRegistry Reviver.lnk2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Program FilesReviverSoft2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsAll UsersStart MenuProgramsReviverSoft2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataReviverSoft2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataRegistryReviver.exe2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsADVMy DocumentsAny Video Converter2014-01-25 16:45 - 2014-01-25 16:45 - 00000000 ____D C:Documents and SettingsADVApplication DataAnvSoft2014-01-25 16:44 - 2014-01-25 16:44 - 00000852 _____ C:Documents and SettingsADVDesktopAny Video Converter.lnk2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:Program FilesAnvSoft2014-01-25 16:44 - 2014-01-25 16:44 - 00000000 ____D C:Documents and SettingsAll UsersStart MenuProgramsAnvSoft2014-01-25 16:44 - 2013-09-29 14:03 - 00000000 ____D C:Documents and SettingsADVApplication DataOpenCandy2014-01-25 16:16 - 2013-11-02 15:24 - 00000282 _____ C:WINDOWSTasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-1647877149-725345543-1003.job2014-01-25 16:01 - 2013-04-14 11:32 - 00065536 _____ C:WINDOWSsystem32configTuneUp.evt2014-01-25 16:01 - 2011-12-05 23:13 - 00000178 ___SH C:Documents and SettingsADVntuser.ini2014-01-25 15:56 - 2014-01-25 15:55 - 00004754 _____ C:WINDOWSsetupapi.log2014-01-23 19:22 - 2013-03-05 20:06 - 00000000 ____D C:Documents and SettingsADVApplication DataPriceGong2014-01-21 10:22 - 2013-09-29 14:03 - 00000258 _____ C:WINDOWSTasksEPUpdater.job2014-01-19 18:15 - 2012-06-03 12:05 - 00000000 ____D C:Documents and SettingsADVApplication DataSkype2014-01-19 15:54 - 2013-12-31 14:23 - 00000000 ____D C:Documents and SettingsADVStart MenuProgramsMobogenie2014-01-14 20:46 - 2013-04-14 11:31 - 00000000 ____D C:Program FilesTuneUp Utilities 20132014-01-12 12:51 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADVLocal SettingsApplication DataMobogenie2014-01-12 12:48 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADVLocal SettingsApplication Datagenienext2014-01-11 20:22 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADVLocal SettingsApplication Datacache2014-01-11 15:52 - 2014-01-11 15:52 - 00000000 ____D C:Program FilesCyrilla2014-01-11 15:52 - 2014-01-11 15:52 - 00000000 ____D C:Documents and SettingsADVStart MenuProgramsКирила Корект 20072014-01-11 15:52 - 2011-12-06 09:38 - 00000000 ___HD C:Program FilesInstallShield Installation Information2014-01-11 15:26 - 2012-02-02 13:41 - 00000000 ____D C:WINDOWSDatecs2014-01-10 09:13 - 2013-12-31 14:24 - 00001455 _____ C:Documents and SettingsADVdaemonprocess.txt2014-01-05 15:13 - 2011-12-08 13:56 - 00000000 ____D C:Documents and SettingsADVApplication DataAdobe2014-01-05 14:47 - 2013-11-02 15:21 - 00000000 ____D C:Documents and SettingsADVLocal SettingsApplication DataFreemakeGoldTB2014-01-04 22:47 - 2014-01-04 22:47 - 00000218 _____ C:Documents and SettingsADVLocal SettingsApplication Datarecently-used.xbel2014-01-04 22:47 - 2013-12-31 14:23 - 00000000 ____D C:Documents and SettingsADVMy DocumentsBitLord2014-01-03 02:55 - 2013-12-30 01:04 - 00271658 _____ C:Documents and SettingsLocalServiceLocal SettingsApplication DataWPFFontCache_v0400-S-1-5-21-1715567821-1647877149-725345543-1003-0.dat2014-01-03 02:55 - 2013-11-02 17:08 - 00271658 _____ C:Documents and SettingsLocalServiceLocal SettingsApplication DataWPFFontCache_v0400-System.dat2013-12-31 22:40 - 2013-12-31 14:25 - 00000000 ____D C:Documents and SettingsADVApplication DataBitLord2013-12-31 14:25 - 2013-12-31 14:25 - 00000000 ____D C:Documents and SettingsADVApplication DataPython-Eggs2013-12-31 14:24 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADVMy DocumentsMobogenie2013-12-31 14:24 - 2013-12-31 14:24 - 00000000 ____D C:Documents and SettingsADV.android2013-12-31 14:24 - 2011-12-05 23:13 - 00000000 ____D C:Documents and SettingsADV2013-12-31 14:23 - 2013-12-31 14:23 - 00001664 _____ C:Documents and SettingsADVDesktopBitLord.lnk2013-12-31 14:23 - 2013-12-31 14:23 - 00000000 ____D C:Program FilesBitLord 22013-12-31 14:23 - 2013-12-31 14:23 - 00000000 ____D C:Documents and SettingsADVStart MenuProgramsBitLord2013-12-31 13:41 - 2011-12-06 17:03 - 00000000 ____D C:Documents and SettingsADVApplication DataMedia Player Classic==================== Bamital & volsnap Check =================C:Windowsexplorer.exe[2004-08-04 00:56] - [2004-08-04 00:56] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64 C:WindowsSystem32winlogon.exe[2004-08-04 00:56] - [2004-08-04 00:56] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe C:WindowsSystem32svchost.exe[2004-08-04 00:56] - [2004-08-04 00:56] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 C:WindowsSystem32services.exe[2004-08-04 00:56] - [2009-02-06 19:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de C:WindowsSystem32User32.dll[2004-08-04 00:56] - [2004-08-04 00:56] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4 C:WindowsSystem32userinit.exe[2004-08-04 00:56] - [2004-08-04 00:56] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff C:WindowsSystem32rpcss.dll[2004-08-04 00:56] - [2004-08-04 00:56] - 0395776 ____N (Microsoft Corporation) 5c83a4408604f737717ab96371201680 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:WindowsSystem32Driversvolsnap.sys[2004-08-03 23:00] - [2004-08-03 23:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b ==================== End Of Log ============================Ето и Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-01-2014 03Ran by ADV at 2014-01-26 22:48:21Running from C:Documents and SettingsADVMy DocumentsDownloadsBoot Mode: Normal============================================================================== Security Center ============================================ Installed Programs ======================µTorrent (Version: 3.1.0 - )Ace Utilities (Version: 5.2.5 - Acelogix Software)Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Reader 9.5.5 - Bulgarian (Version: 9.5.5 - Adobe Systems Incorporated)Angry Birds Star Wars (Version: 1.3.0 - Rovio Entertainment Ltd.)Any Video Converter 5.5.4 (Version: - Any-Video-Converter.com)Apple Application Support (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (Version: 2.1.3.127 - Apple Inc.)Ask Toolbar (Version: 1.15.4.0 - Ask.com) <==== ATTENTIONATI - Software Uninstall Utility (Version: 6.14.10.1022 - )BitLord 2.3 (Version: 2.3.2-245 - House of Life)Bonjour (Version: 3.0.0.10 - Apple Inc.)BulgarianPhonetic XP by G. Atanasov (Version: - )CCleaner (Version: 4.00 - Piriform)Ciela 5.0 (Version: 5.00.0000 - Ciela soft and publishing)Connection Manager (Version: - TCT Mobile Limited)Cyriilization 2007 (HKCU Version: 2.00.0000 - БиЕмДжи ООД)Cyriilization 2007 (Version: 2.00.0000 - БиЕмДжи ООД) HiddenDell Resource CD (Version: 1.00.0000 - Dell Inc.)Dell Wireless WLAN Card Utility (Version: 5.10.38.30 - Dell Inc.)Delta Chrome Toolbar (Version: - Visual Tools) <==== ATTENTIONFlexType 2K (Version: - )Free Audio Converter version 2.3.4.920 (Version: - DVDVideoSoft Ltd.)Freemake Audio Converter version 1.1.0 (Version: 1.1.0 - Ellora Assets Corporation)FreemakeGoldTB Toolbar for IE (Version: 6.17.1.25 - FreemakeGoldTB)FromDocToPDF Toolbar (Version: - Mindspark Interactive Network)High Definition Audio Driver Package - KB835221 (Version: 20040219.000000 - Microsoft Corporation)IDT Audio (Version: 1.0.6047.0 - IDT)Integrated Webcam Driver (1.01.01.1007) (Version: - )Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation)IPTInstaller (Version: 4.0.4 - HTC)iTunes (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 7 (Version: 7.0.70 - Oracle)Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) HiddenK-Lite Codec Pack 9.8.5 (Standard) (Version: 9.8.5 - )Marvell Miniport Driver (Version: 10.63.3.3 - Marvell)McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Base Smart Card Cryptographic Service Provider Package (Version: - Microsoft Corporation)Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) HiddenMicrosoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)Microsoft WinUsb 2.0 (Version: - Microsoft Corporation)Minecraft1.4.7 (Version: - )Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (Version: 26.0 - Mozilla)MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)M-Tel NETAGENT (Version: 1.0.0.1 - ZTE Corporation)Nero 6 Ultra Edition (Version: - )Prism Video File Converter (Version: 2.01 - NCH Software)QuickSet (Version: 9.1.5 - Dell Computer Corporation)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (Version: 16.0.3 - RealNetworks)Realtek Card Reader (Version: 6.0.6000.72 - Realtek)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenRegistry Reviver (Version: 3.0.1.144 - ReviverSoft LLC)Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.)Smileys We Love Toolbar for IE (Version: 3.0.19 - SqueekyChocolate, LLC)Sony Ericsson Update Engine (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)Sony PC Companion 2.10.165 (Version: 2.10.165 - Sony)The KMPlayer (remove only) (Version: - )TuneUp Utilities 2013 (Version: 13.0.4000.181 - TuneUp Software)TuneUp Utilities 2013 (Version: 13.0.4000.181 - TuneUp Software) HiddenTuneUp Utilities Language Pack (en-US) (Version: 13.0.4000.181 - TuneUp Software) HiddenUpdate for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)UpdateChecker (Version: - SqueakyChocolate, LLC) <==== ATTENTIONVideoDownloadConverter Firefox Toolbar (Version: - Mindspark Interactive Network) <==== ATTENTIONVideoDownloadConverter Internet Explorer Toolbar (Version: - Mindspark Interactive Network) <==== ATTENTIONWebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWindows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)Windows Installer 3.1 (KB893803) (Version: 3.1 - Microsoft Corporation)Windows Media Format 11 runtime (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWinRAR archiver (Version: - )==================== Restore Points =========================02-11-2013 14:25:23 Installed Windows XP WIC.02-11-2013 14:27:40 Installed Windows KB954550-v5.02-11-2013 14:27:46 Printer Driver Microsoft XPS Document Writer Installed02-11-2013 14:27:54 Printer Driver Microsoft XPS Document Writer Installed02-11-2013 14:56:31 Removed Ask Toolbar.02-11-2013 14:56:51 Removed Ask Toolbar.03-11-2013 15:11:29 System Checkpoint09-11-2013 12:34:24 Removed Apple Application Support09-11-2013 12:35:36 Removed Apple Mobile Device Support09-11-2013 12:35:42 Removed Apple Mobile Device Support10-11-2013 12:41:29 System Checkpoint11-11-2013 15:16:36 System Checkpoint16-11-2013 12:05:47 System Checkpoint17-11-2013 18:02:31 System Checkpoint23-11-2013 19:11:56 System Checkpoint28-12-2013 16:51:58 System Checkpoint29-12-2013 18:04:06 System Checkpoint31-12-2013 12:23:51 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.2102202-01-2014 19:54:34 System Checkpoint04-01-2014 12:26:13 System Checkpoint05-01-2014 13:36:19 System Checkpoint10-01-2014 18:45:13 System Checkpoint11-01-2014 13:43:15 Инсталиран Cyriilization 200721-01-2014 08:15:55 System Checkpoint25-01-2014 15:11:37 System Checkpoint==================== Hosts content: ==========================2001-08-23 14:00 - 2013-08-15 19:12 - 00000733 ____A C:WINDOWSsystem32Driversetchosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: C:WINDOWSTasksAdobe Flash Player Updater.job => C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exeTask: C:WINDOWSTasksAppleSoftwareUpdate.job => C:Program FilesApple Software UpdateSoftwareUpdate.exeTask: C:WINDOWSTasksEPUpdater.job => C:DOCUME~1ADVAPPLIC~1BABSOL~1SharedBabMaint.exe <==== ATTENTIONTask: C:WINDOWSTasksPrismDowngrade.job => C:Program FilesNCH SoftwarePrismprism.exeTask: C:WINDOWSTasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-1647877149-725345543-1003.job => C:Program FilesRealRealUpgraderealupgrade.exeTask: C:WINDOWSTasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-1647877149-725345543-1003.job => C:Program FilesRealRealUpgraderealupgrade.exeTask: C:WINDOWSTasksStart Registry Reviver for DELL@ADV(logon).job => C:Program FilesReviverSoftRegistry ReviverRegistryReviver.exe==================== Loaded Modules (whitelisted) =============2011-12-06 16:26 - 2008-11-26 11:39 - 00753664 _____ () C:WINDOWSSystem32bcm1xsup.dll2012-02-02 13:41 - 2000-12-13 00:55 - 00028672 _____ () C:WINDOWSsystem32newdll.dll2009-02-27 18:36 - 2009-02-27 18:36 - 00311296 _____ () C:Program FilesCommon FilesAdobeAcrobatActiveXPDFShell.BGR2012-01-28 02:02 - 2012-01-28 02:02 - 00111256 _____ () C:Program FilesAce Utilitieswipext.dll2011-12-06 17:14 - 2005-10-07 15:05 - 00125440 _____ () C:Program FilesWinRARrarext.dll2011-12-06 16:26 - 2008-11-26 11:39 - 00143360 _____ () C:WINDOWSsystem32preflib.dll2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:Program FilesCommon FilesAppleApple Application Supportlibxml2.dll2013-11-02 16:34 - 2013-11-02 16:34 - 00003584 _____ () C:WINDOWSMicrosoft.NETFrameworkv2.0.50727Temporary ASP.NET Filesroot1e3356b61809e7d1App_global.asax.6qf7p0k8.dll2013-12-10 20:11 - 2013-12-10 20:11 - 00500024 _____ () C:Program FilesTuneUp Utilities 2013avgreplibx.dll2013-12-23 14:50 - 2013-12-23 14:50 - 03559024 _____ () C:Program FilesMozilla Firefoxmozjs.dll2013-12-22 20:30 - 2013-12-22 20:30 - 16242056 _____ () C:WINDOWSsystem32MacromedFlashNPSWF32_11_9_900_170.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:Documents and SettingsAll UsersApplication DataTEMP:E965A533==================== Safe Mode (whitelisted) ===================HKLMSYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys => ""="Driver"HKLMSYSTEMCurrentControlSetControlSafeBootNetworkWdf01000.sys => ""="Driver"==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (01/22/2014 10:04:09 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2801047Error: (01/22/2014 10:04:09 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 2801047Error: (01/22/2014 10:04:09 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (01/22/2014 09:17:32 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4000Error: (01/22/2014 09:17:32 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4000Error: (01/22/2014 09:17:32 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (01/22/2014 09:17:30 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 2047Error: (01/22/2014 09:17:30 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 2047Error: (01/22/2014 09:17:30 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (01/22/2014 08:49:52 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 134922System errors:=============Error: (01/26/2014 10:42:07 PM) (Source: Service Control Manager) (User: )Description: The Freemake Improver service hung on starting.Error: (01/26/2014 10:40:46 PM) (Source: Service Control Manager) (User: )Description: The Microsoft TV/Video Connection service failed to start due to the following error: %%1058Error: (01/26/2014 10:40:46 PM) (Source: Service Control Manager) (User: )Description: The HUAWEI USB-NDIS miniport service failed to start due to the following error: %%2Error: (01/25/2014 09:51:32 PM) (Source: Service Control Manager) (User: )Description: The UI Assistant Service service terminated unexpectedly. It has done this 1 time(s).Error: (01/25/2014 09:51:26 PM) (Source: Service Control Manager) (User: )Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).Error: (01/25/2014 08:31:43 PM) (Source: ipnathlp) (User: )Description: The DHCP allocator has disabled itself on IP address 77.70.89.22,since the IP address is outside the 192.168.0.0/255.255.255.0 scopefrom which addresses are being allocated to DHCP clients.To enable the DHCP allocator on this IP address,please change the scope to include the IP address,or change the IP address to fall within the scope.Error: (01/25/2014 04:16:14 PM) (Source: Service Control Manager) (User: )Description: The Freemake Improver service hung on starting.Error: (01/25/2014 04:14:52 PM) (Source: Service Control Manager) (User: )Description: The Microsoft TV/Video Connection service failed to start due to the following error: %%1058Error: (01/25/2014 04:14:52 PM) (Source: Service Control Manager) (User: )Description: The HUAWEI USB-NDIS miniport service failed to start due to the following error: %%2Error: (01/25/2014 03:16:29 PM) (Source: Service Control Manager) (User: )Description: The Freemake Improver service hung on starting.Microsoft Office Sessions:=========================Error: (03/25/2012 04:11:34 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15868 seconds with 3600 seconds of active time. This session ended with a crash.==================== Memory info =========================== Percentage of memory in use: 33%Total physical RAM: 3034.29 MBAvailable physical RAM: 2016.95 MBTotal Pagefile: 4920.29 MBAvailable Pagefile: 4055.79 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1958.85 MB==================== Drives ================================Drive c: () (Fixed) (Total:97.65 GB) (Free:36.52 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive e: () (Fixed) (Total:200.43 GB) (Free:175.42 GB) NTFSDrive f: (LG_RC590M) (CDROM) (Total:2.03 GB) (Free:0 GB) UDF==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: ADED2F29)Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)==================== End Of Log ============================
  16. Това е компютърът на сина ми. Оплакванията му са че върви бавно и често забива. След като поправихме нещата с лаптопа го посъветвах да си провери неговия компютър. В темата ще пише той, но през моя профил. Ето и логовете: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 01Ran by Veliko (administrator) on USER-BB177F7E59 on 26-01-2014 13:50:15Running from C:Documents and SettingsVelikoDesktopMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) ===================(Microsoft Corporation) C:WINXPsystem32smss.exe(Microsoft Corporation) C:WINXPsystem32csrss.exe(Microsoft Corporation) C:WINXPsystem32winlogon.exe(Microsoft Corporation) C:WINXPsystem32services.exe(Microsoft Corporation) C:WINXPsystem32lsass.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Microsoft Corporation) C:WINXPexplorer.exe(AVAST Software) C:Program FilesAVAST SoftwareAvastAvastSvc.exe(AVAST Software) C:Program FilesAVAST SoftwareAvastafwServ.exe(Microsoft Corporation) C:WINXPsystem32spoolsv.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Sun Microsystems, Inc.) C:Program FilesJavajre6binjqs.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Microsoft Corporation) C:WINXPsystem32alg.exe(Microsoft Corporation) C:WINXPsystem32ctfmon.exe(Microsoft Corporation) C:WINXPsystem32wuauclt.exe(Microsoft Corporation) C:WINXPsystem32msiexec.exe(Microsoft Corporation) C:WINXPsystem32svchost.exe(Realtek Semiconductor Corp.) C:WINXPsoundman.exe(Microsoft Corporation) C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe() C:Program FilesRazerKraitrazerhid.exe(Sun Microsystems, Inc.) C:Program FilesCommon FilesJavaJava Updatejusched.exe(Razer Inc.) C:Program FilesRazerKraitrazerofa.exe(AVAST Software) C:Program FilesAVAST SoftwareAvastAvastUI.exe(Google Inc.) C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe(DT Soft Ltd) C:Program FilesDAEMON Tools LiteDTLite.exe(Mozilla Corporation) C:Program FilesMozilla Firefoxfirefox.exe(Microsoft Corporation) C:WINXPSoftwareDistributionDownloadInstallndp20sp2-kb2833940-x86.exe(Microsoft Corporation) D:77df2147218acd3260e0fe6174550b7cHotFixInstaller.exe(Microsoft Corporation) C:WINXPsystem32msiexec.exe(Sun Microsystems, Inc.) C:Program FilesCommon FilesJavaJava Updatejucheck.exe(Microsoft Corporation) C:WINXPMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe(Microsoft Corporation) C:WINXPsystem32wbemwmiprvse.exe(Microsoft Corporation) C:WINXPMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe==================== Registry (Whitelisted) ==================HKLM...Run: [soundMan] - C:WINXPSOUNDMAN.EXE [577536 2006-08-02] (Realtek Semiconductor Corp.)HKLM...Run: [NvMediaCenter] - C:WINXPsystem32NvMcTray.dll [86016 2006-10-22] (NVIDIA Corporation)HKLM...Run: [GrooveMonitor] - C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)HKLM...Run: [Krait] - C:Program FilesRazerKraitrazerhid.exe [147456 2006-01-24] ()HKLM...Run: [sunJavaUpdateSched] - C:Program FilesCommon FilesJavaJava Updatejusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)HKLM...Run: [AvastUI.exe] - C:Program FilesAVAST SoftwareAvastAvastUI.exe [3764024 2014-01-04] (AVAST Software)HKLM...Run: [DWQueuedReporting] - C:Program FilesCommon FilesMicrosoft SharedDWDWTRIG20.EXE [435096 2008-11-04] (Microsoft Corporation)HKLM...Winlogon: [userinit] C:WINXPsystem32userinit.exe,HKLM...Winlogon: [shell] Explorer.exe [x ] ()HKLM...Winlogon: [uIHost] logonui.exe [x ] ()WinlogonNotifycrypt32chain: C:WINXPsystem32crypt32.dll (Microsoft Corporation)WinlogonNotifycryptnet: C:WINXPsystem32cryptnet.dll (Microsoft Corporation)WinlogonNotifycscdll: C:WINXPsystem32cscdll.dll (Microsoft Corporation)WinlogonNotifydimsntfy: %SystemRoot%System32dimsntfy.dll [X]WinlogonNotifyScCertProp: C:WINXPsystem32wlnotify.dll (Microsoft Corporation)WinlogonNotifySchedule: C:WINXPsystem32wlnotify.dll (Microsoft Corporation)WinlogonNotifysclgntfy: C:WINXPsystem32sclgntfy.dll (Microsoft Corporation)WinlogonNotifySensLogn: C:WINXPsystem32WlNotify.dll (Microsoft Corporation)WinlogonNotifytermsrv: C:WINXPsystem32wlnotify.dll (Microsoft Corporation)WinlogonNotifywlballoon: C:WINXPsystem32wlnotify.dll (Microsoft Corporation)HKCU...Run: [CTFMON.EXE] - C:WINXPsystem32ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)HKCU...Run: [Google Update] - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [136176 2011-09-09] (Google Inc.)HKCU...Run: [DAEMON Tools Lite] - C:Program FilesDAEMON Tools LiteDTLite.exe [4910912 2011-08-02] (DT Soft Ltd)HKCU...Run: [Media Finder] - "C:Program FilesMedia FinderMedia Finder.exe" /opentotrayHKUDefault User...Run: [CTFMON.EXE] - C:WINXPsystem32CTFMON.EXE [ 2008-04-14] (Microsoft Corporation)SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%system32SHELL32.dll No FileSSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%system32SHELL32.dll No File==================== Internet (Whitelisted) ====================HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINXPsystem32blank.htmHKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINXPsystem32blank.htmURLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:Program FilesuTorrentControl2prxtbuTo0.dll (Conduit Ltd.)SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:Program FilesuTorrentControl2prxtbuTo0.dll (Conduit Ltd.)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:Documents and SettingsVelikoApplication DataMedia FinderExtensionsgencrawler_gc.dll ()BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (Sun Microsystems, Inc.)BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:Program FilesYontooYontooIEClient.dll (Yontoo LLC)Toolbar: HKLM - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:Program FilesuTorrentControl2prxtbuTo0.dll (Conduit Ltd.)Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileToolbar: HKCU - uTorrentControl2 Toolbar - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:Program FilesuTorrentControl2prxtbuTo0.dll (Conduit Ltd.)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabHandler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:WINXPsystem32urlmon.dll (Microsoft Corporation)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%system32inetcomm.dll No FileHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:WINXPsystem32wiascr.dll (Microsoft Corporation)Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%system32SHELL32.dll No FileTcpipParameters: [DhcpNameServer] 212.25.58.2 212.25.58.8FireFox:========FF ProfilePath: C:Documents and SettingsVelikoApplication DataMozillaFirefoxProfileshjn2ho05.defaultFF Plugin: @adobe.com/FlashPlayer - C:WINXPsystem32MacromedFlashNPSWF32_12_0_0_43.dll ()FF Plugin: @java.com/JavaPlugin - C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 - C:WINXPMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)FF Plugin: @pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)FF Plugin: @tools.google.com/Google Update;version=3 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:Program FilesGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)FF Plugin: @unity3d.com/UnityPlayer - C:Program FilesUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleUpdate1.3.22.3npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)FF Extension: General Crawler - C:Documents and SettingsVelikoApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}gencrawler@some.com [2012-05-18]FF Extension: 1Click Downloader - C:Documents and SettingsVelikoApplication DataMozillaFirefoxprofilesextensionsOneClickDownloader@OneClickDownloader.com.xpi [2012-05-31]FF Extension: WOT - C:Documents and SettingsVelikoApplication DataMozillaFirefoxProfileshjn2ho05.defaultExtensions{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-24]FF Extension: Adblock Plus - C:Documents and SettingsVelikoApplication DataMozillaFirefoxProfileshjn2ho05.defaultExtensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]FF HKLM...FirefoxExtensions: [jqs@sun.com] - C:Program FilesJavajre6libdeployjqsffFF Extension: Java Quick Starter - C:Program FilesJavajre6libdeployjqsff [2012-02-08]FF HKLM...FirefoxExtensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:WINXPMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:WINXPMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension []FF HKLM...FirefoxExtensions: [wrc@avast.com] - C:Program FilesAVAST SoftwareAvastWebRepFFFF Extension: avast! Online Security - C:Program FilesAVAST SoftwareAvastWebRepFF [2011-09-08]Chrome:=======CHR HomePage: about:blankCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeApplication32.0.1700.76ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeApplication32.0.1700.76pdf.dll ()CHR Plugin: (Shockwave Flash) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeApplication32.0.1700.76gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll No FileCHR Plugin: (Adobe Acrobat) - C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U27) - C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (Microsoft® DRM) - C:Program FilesWindows Media Playernpdrmv2.dll (Microsoft Corporation)CHR Plugin: (Microsoft® DRM) - C:Program FilesWindows Media Playernpwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:Program FilesWindows Media Playernpdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Google Update) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleUpdate1.3.21.111npGoogleUpdate3.dll No FileCHR Plugin: (Pando Web Plugin) - C:Program FilesPando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)CHR Plugin: (Unity Player) - C:Program FilesUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)CHR Plugin: (Windows Presentation Foundation) - C:WINXPMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)CHR Extension: (WOT) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsbhmmomiinigofkjcapegjjndpbikblnp [2014-01-07]CHR Extension: (Adblock Plus) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscfhdojbkjhnklbpkdaibdccddilifddb [2014-01-07]CHR Extension: (Look of Disapproval) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionscmomlddchhdnchpieaalgkpgaafohlbn [2012-05-20]CHR Extension: (Fun Switcher) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsddeoimiimmmfddbiggnbipkjomlalanb [2012-05-20]CHR Extension: (Game of Thrones: Stark) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsdlbafmmdkmpcojanmmfaehohbhdcilag [2013-09-25]CHR Extension: (Sumo Paint) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsdpgjihldbpodlmnjolekemlfbcajnmod [2012-05-20]CHR Extension: (Spartan Warfare) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsgbhoeifpbfimlcjcldnfmgglgcplockk [2012-05-20]CHR Extension: (avast! Online Security) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsgomekmidlodglbbmalcneegieacbdmki [2013-06-12]CHR Extension: (Songstr - Search music everywhere) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjcnkffbppdcibidkcjfgindlmekhaoep [2013-05-17]CHR Extension: (Nyan Cat) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsneimpplmbdhflkfojgmplkgflkgmodpd [2012-05-20]CHR Extension: (Google Wallet) - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR HKLM...ChromeExtension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:Documents and SettingsVelikoApplication DataMedia FinderExtensionsgencrawler_gc.crx [2012-05-18]CHR HKLM...ChromeExtension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:Program FilesBabylonBabylon-ProUtilsBabylonChrome.crx [2012-05-18]CHR HKLM...ChromeExtension: [gomekmidlodglbbmalcneegieacbdmki] - C:Program FilesAVAST SoftwareAvastWebRepChromeaswWebRepChrome.crx [2014-01-04]CHR HKLM...ChromeExtension: [jplinpmadfkdgipabgcdchbdikologlh] - C:Program Files1ClickDownload1click12.crx [2014-01-04]CHR HKLM...ChromeExtension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:Documents and SettingsVelikoApplication DataMedia FinderExtensionsmf_plugin_gc.crx [2014-01-04]CHR HKLM...ChromeExtension: [niapdbllcanepiiimjjndipklodoedlc] - C:DOCUME~1VelikoLOCALS~1TempYontooLayers.crx [2012-05-18]CHR HKLM...ChromeExtension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:Documents and SettingsVelikoLocal SettingsApplication DataCREpacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]CHR HKCU...ChromeExtension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:Documents and SettingsVelikoLocal SettingsApplication DataCREpacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-17]CHR StartMenuInternet: Google Chrome - C:Documents and SettingsVelikoLocal SettingsApplication DataGoogleChromeApplicationchrome.exe========================== Services (Whitelisted) =================R2 avast! Antivirus; C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344 2014-01-04] (AVAST Software)R2 avast! Firewall; C:Program FilesAVAST SoftwareAvastafwServ.exe [113704 2014-01-04] (AVAST Software)R2 BITS; C:WINXPsystem32qmgr.dll [409088 2008-04-14] (Microsoft Corporation)R2 clr_optimization_v2.0.50727_32; C:WINXPMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [69632 2008-07-30] (Microsoft Corporation)S3 COMSysApp; C:WINXPsystem32dllhost.exe [5120 2008-04-14] (Microsoft Corporation)R3 EventSystem; C:WINXPsystem32es.dll [253952 2010-09-16] (Microsoft Corporation)S3 FontCache3.0.0.0; C:WINXPMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)S3 idsvc; C:WINXPMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [881664 2008-07-29] (Microsoft Corporation)S3 ImapiService; C:WINXPsystem32imapi.exe [150528 2008-04-14] (Microsoft Corporation)R2 JavaQuickStarterService; C:Program FilesJavajre6binjqs.exe [153376 2012-02-08] (Sun Microsystems, Inc.)S3 mnmsrvc; C:WINXPsystem32mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)S3 MSDTC; C:WINXPsystem32msdtc.exe [6144 2008-04-14] (Microsoft Corporation)S4 NetTcpPortSharing; C:WINXPMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)S3 RDSessMgr; C:WINXPsystem32sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)R2 srservice; C:WINXPsystem32srsvc.dll [171008 2008-04-14] (Microsoft Corporation)S3 SwPrv; C:WINXPsystem32dllhost.exe [5120 2008-04-14] (Microsoft Corporation)S4 TlntSvr; C:WINXPsystem32tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)R2 W32Time; C:WINXPsystem32w32time.dll [175104 2008-04-14] (Microsoft Corporation)S3 WmdmPmSN; C:WINXPsystem32mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation)S3 WmiApSrv; C:WINXPsystem32wbemwmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)R2 wuauserv; C:WINXPsystem32wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)S4 Alerter; %SystemRoot%system32alrsvc.dll [x]R3 ALG; %SystemRoot%System32alg.exe [x]S3 aspnet_state; %SystemRoot%Microsoft.NETFrameworkv2.0.50727aspnet_state.exe [x]R2 AudioSrv; %SystemRoot%System32audiosrv.dll [x]S2 Browser; %SystemRoot%System32browser.dll [x]S3 CiSvc; %SystemRoot%system32cisvc.exe [x]S4 ClipSrv; %SystemRoot%system32clipsrv.exe [x]R2 CryptSvc; %SystemRoot%System32cryptsvc.dll [x]R2 DcomLaunch; %SystemRoot%system32rpcss.dll [x]R2 Dhcp; %SystemRoot%System32dhcpcsvc.dll [x]S3 dmadmin; %SystemRoot%System32dmadmin.exe /com [x]R2 dmserver; %SystemRoot%System32dmserver.dll [x]R2 Dnscache; %SystemRoot%System32dnsrslvr.dll [x]S3 Dot3svc; %SystemRoot%System32dot3svc.dll [x]S3 EapHost; %SystemRoot%System32eapsvc.dll [x]R2 ERSvc; %SystemRoot%System32ersvc.dll [x]R2 Eventlog; %SystemRoot%system32services.exe [x]R3 FastUserSwitchingCompatibility; %SystemRoot%System32shsvcs.dll [x]R2 helpsvc; %WINDIR%PCHealthHelpCtrBinariespchsvc.dll [x]R2 HidServ; %SystemRoot%System32hidserv.dll [x]S3 hkmsvc; %SystemRoot%System32kmsvc.dll [x]R3 HTTPFilter; %SystemRoot%System32w3ssl.dll [x]R2 LanmanServer; %SystemRoot%System32srvsvc.dll [x]R2 lanmanworkstation; %SystemRoot%System32wkssvc.dll [x]R2 LmHosts; %SystemRoot%System32lmhsvc.dll [x]S4 Messenger; %SystemRoot%System32msgsvc.dll [x]R3 MSIServer; C:WINXPsystem32msiexec.exe /V [x]S3 napagent; %SystemRoot%System32qagentrt.dll [x]S4 NetDDE; %SystemRoot%system32netdde.exe [x]S4 NetDDEdsdm; %SystemRoot%system32netdde.exe [x]S3 Netlogon; %SystemRoot%system32lsass.exe [x]R3 Netman; %SystemRoot%System32netman.dll [x]R3 Nla; %SystemRoot%System32mswsock.dll [x]S3 NtLmSsp; %SystemRoot%system32lsass.exe [x]S3 NtmsSvc; %SystemRoot%system32ntmssvc.dll [x]R2 PlugPlay; %SystemRoot%system32services.exe [x]R2 PolicyAgent; %SystemRoot%system32lsass.exe [x]R2 ProtectedStorage; %SystemRoot%system32lsass.exe [x]S3 RasAuto; %SystemRoot%System32rasauto.dll [x]R3 RasMan; %SystemRoot%System32rasmans.dll [x]S4 RemoteAccess; %SystemRoot%System32mprdim.dll [x]R2 RemoteRegistry; %SystemRoot%system32regsvc.dll [x]S3 RpcLocator; %SystemRoot%system32locator.exe [x]R2 RpcSs; %SystemRoot%system32rpcss.dll [x]S3 RSVP; %SystemRoot%system32rsvp.exe [x]R2 SamSs; %SystemRoot%system32lsass.exe [x]S3 SCardSvr; %SystemRoot%System32SCardSvr.exe [x]R2 Schedule; %SystemRoot%system32schedsvc.dll [x]R2 seclogon; %SystemRoot%System32seclogon.dll [x]R2 SENS; %SystemRoot%system32sens.dll [x]R2 SharedAccess; %SystemRoot%System32ipnathlp.dll [x]R2 ShellHWDetection; %SystemRoot%System32shsvcs.dll [x]R2 Spooler; %SystemRoot%system32spoolsv.exe [x]R3 SSDPSRV; %SystemRoot%System32ssdpsrv.dll [x]R2 stisvc; %SystemRoot%system32wiaservc.dll [x]S3 SysmonLog; %SystemRoot%system32smlogsvc.exe [x]R3 TapiSrv; %SystemRoot%System32tapisrv.dll [x]R3 TermService; %SystemRoot%System32termsrv.dll [x]R2 Themes; %SystemRoot%System32shsvcs.dll [x]R2 TrkWks; %SystemRoot%system32trkwks.dll [x]S3 upnphost; %SystemRoot%System32upnphost.dll [x]S3 UPS; %SystemRoot%System32ups.exe [x]S3 VSS; %SystemRoot%System32vssvc.exe [x]R2 WebClient; %SystemRoot%System32webclnt.dll [x]R2 winmgmt; %SystemRoot%system32wbemWMIsvc.dll [x]S3 Wmi; %SystemRoot%System32advapi32.dll [x]R2 wscsvc; %SYSTEMROOT%system32wscsvc.dll [x]R2 WudfSvc; %SystemRoot%System32WUDFSvc.dll [x]R2 WZCSVC; %SystemRoot%System32wzcsvc.dll [x]S3 xmlprov; %SystemRoot%System32xmlprov.dll [x]==================== Drivers (Whitelisted) ====================R1 aswKbd; C:WINXPsystem32driversaswKbd.sys [26136 2014-01-04] (AVAST Software)R2 aswMonFlt; C:WINXPsystem32driversaswMonFlt.sys [67824 2014-01-04] (AVAST Software)R1 aswRdr; C:WINXPsystem32driversaswRdr.sys [54832 2014-01-04] (AVAST Software)R1 aswSnx; C:WINXPsystem32driversaswSnx.sys [775952 2014-01-04] (AVAST Software)R1 aswSP; C:WINXPsystem32driversaswSP.sys [410528 2014-01-04] (AVAST Software)R1 aswTdi; C:WINXPsystem32driversaswTdi.sys [57672 2014-01-04] (AVAST Software)R0 ACPI; system32DRIVERSACPI.sys [x]S4 ACPIEC; No ImagePathS3 aec; system32driversaec.sys [x]R1 AFD; SystemRootSystem32driversafd.sys [x]R3 ALCXWDM; system32driversALCXWDM.SYS [x]R1 AmdK7; system32DRIVERSamdk7.sys [x]S3 andnetadb; System32Driverslgandnetadb.sys [x]S3 AndNetDiag; system32DRIVERSlgandnetdiag.sys [x]S3 ANDNetModem; system32DRIVERSlgandnetmodem.sys [x]S3 andnetndis; system32DRIVERSlgandnetndis.sys [x]R0 aswRvrt; No ImagePathR0 aswVmm; No ImagePathS3 AsyncMac; system32DRIVERSasyncmac.sys [x]R0 atapi; system32DRIVERSatapi.sys [x]S3 ati2mtag; system32DRIVERSati2mtag.sys [x]S3 Atmarpc; system32DRIVERSatmarpc.sys [x]R3 audstub; system32DRIVERSaudstub.sys [x]R1 Beep; No ImagePathS4 cbidf2k; No ImagePathS1 Cdaudio; No ImagePathR4 Cdfs; No ImagePathR1 Cdrom; system32DRIVERScdrom.sys [x]R0 Disk; system32DRIVERSdisk.sys [x]S4 dmboot; System32driversdmboot.sys [x]R0 dmio; System32driversdmio.sys [x]R0 dmload; System32driversdmload.sys [x]S3 DMusic; system32driversDMusic.sys [x]S3 drmkaud; system32driversdrmkaud.sys [x]R1 dtsoftbus01; system32DRIVERSdtsoftbus01.sys [x]R4 Fastfat; No ImagePathR3 Fdc; system32DRIVERSfdc.sys [x]R1 Fips; No ImagePathR3 Flpydisk; system32DRIVERSflpydisk.sys [x]R0 FltMgr; system32DRIVERSfltMgr.sys [x]U1 Fs_Rec; No ImagePathR0 Ftdisk; system32DRIVERSftdisk.sys [x]S3 G400; system32DRIVERSG400m.sys [x]R3 gameenum; system32DRIVERSgameenum.sys [x]R3 Gpc; system32DRIVERSmsgpc.sys [x]R3 HidUsb; system32DRIVERShidusb.sys [x]R3 HTTP; System32DriversHTTP.sys [x]R1 i8042prt; system32DRIVERSi8042prt.sys [x]R1 Imapi; system32DRIVERSimapi.sys [x]S4 IntelIde; No ImagePathS3 Ip6Fw; system32DRIVERSIp6Fw.sys [x]S3 IpFilterDriver; system32DRIVERSipfltdrv.sys [x]S3 IpInIp; system32DRIVERSipinip.sys [x]R3 IpNat; system32DRIVERSipnat.sys [x]R1 IPSec; system32DRIVERSipsec.sys [x]S3 IRENUM; system32DRIVERSirenum.sys [x]R0 isapnp; system32DRIVERSisapnp.sys [x]R1 Kbdclass; system32DRIVERSkbdclass.sys [x]S1 kbdhid; system32DRIVERSkbdhid.sys [x]R3 kmixer; system32driverskmixer.sys [x]S3 krait03; System32Driverskrait.sys [x]R0 KSecDD; No ImagePathR1 mnmdd; No ImagePathS3 Modem; No ImagePathR1 Mouclass; system32DRIVERSmouclass.sys [x]R3 mouhid; system32DRIVERSmouhid.sys [x]R0 MountMgr; No ImagePathR3 MRxDAV; system32DRIVERSmrxdav.sys [x]R1 MRxSmb; system32DRIVERSmrxsmb.sys [x]R1 Msfs; No ImagePathS3 MSKSSRV; system32driversMSKSSRV.sys [x]S3 MSPCLOCK; system32driversMSPCLOCK.sys [x]S3 MSPQM; system32driversMSPQM.sys [x]R3 mssmbios; system32DRIVERSmssmbios.sys [x]R3 ms_mpu401; system32driversmsmpu401.sys [x]R0 Mup; No ImagePathR0 NDIS; No ImagePathR3 NdisTapi; system32DRIVERSndistapi.sys [x]R3 Ndisuio; system32DRIVERSndisuio.sys [x]R3 NdisWan; system32DRIVERSndiswan.sys [x]R3 NDProxy; No ImagePathR1 NetBIOS; system32DRIVERSnetbios.sys [x]R1 NetBT; system32DRIVERSnetbt.sys [x]R1 Npfs; No ImagePathR4 Ntfs; No ImagePathR1 Null; No ImagePathR3 nv; system32DRIVERSnv4_mini.sys [x]S3 NwlnkFlt; system32DRIVERSnwlnkflt.sys [x]S3 NwlnkFwd; system32DRIVERSnwlnkfwd.sys [x]R3 Parport; system32DRIVERSparport.sys [x]R0 PartMgr; No ImagePathR2 ParVdm; No ImagePathR0 PCI; system32DRIVERSpci.sys [x]S4 Pcmcia; No ImagePathR3 PptpMiniport; system32DRIVERSraspptp.sys [x]R3 PSched; system32DRIVERSpsched.sys [x]R3 Ptilink; system32DRIVERSptilink.sys [x]R0 PxHelp20; System32DriversPxHelp20.sys [x]R1 RasAcd; system32DRIVERSrasacd.sys [x]R3 Rasl2tp; system32DRIVERSrasl2tp.sys [x]R3 RasPppoe; system32DRIVERSraspppoe.sys [x]R3 Raspti; system32DRIVERSraspti.sys [x]R1 Rdbss; system32DRIVERSrdbss.sys [x]R1 RDPCDD; System32DRIVERSRDPCDD.sys [x]R3 rdpdr; system32DRIVERSrdpdr.sys [x]S3 RDPWD; No ImagePathR1 redbook; system32DRIVERSredbook.sys [x]R3 rtl8139; system32DRIVERSRTL8139.SYS [x]S3 Secdrv; system32DRIVERSsecdrv.sys [x]R3 serenum; system32DRIVERSserenum.sys [x]R1 Serial; system32DRIVERSserial.sys [x]S1 Sfloppy; No ImagePathS3 splitter; system32driverssplitter.sys [x]R0 sptd; SystemRootSystem32Driverssptd.sys [x]R0 sr; system32DRIVERSsr.sys [x]R3 Srv; system32DRIVERSsrv.sys [x]R3 swenum; system32DRIVERSswenum.sys [x]S3 swmidi; system32driversswmidi.sys [x]R3 sysaudio; system32driverssysaudio.sys [x]R1 Tcpip; system32DRIVERStcpip.sys [x]S3 TDPIPE; No ImagePathS3 TDTCP; No ImagePathR1 TermDD; system32DRIVERStermdd.sys [x]R0 uagp35; system32DRIVERSuagp35.sys [x]S4 Udfs; No ImagePathR3 Update; system32DRIVERSupdate.sys [x]S3 usbaudio; system32driversusbaudio.sys [x]S3 usbccgp; system32DRIVERSusbccgp.sys [x]R3 usbehci; system32DRIVERSusbehci.sys [x]R3 usbhub; system32DRIVERSusbhub.sys [x]S3 USBSTOR; system32DRIVERSUSBSTOR.SYS [x]R3 usbuhci; system32DRIVERSusbuhci.sys [x]R1 VgaSave; SystemRootSystem32driversvga.sys [x]R0 ViaIde; system32DRIVERSviaide.sys [x]R0 VolSnap; No ImagePathR3 Wanarp; system32DRIVERSwanarp.sys [x]S3 Wdf01000; system32DRIVERSWdf01000.sys [x]R3 wdmaud; system32driverswdmaud.sys [x]S3 WpdUsb; system32DRIVERSwpdusb.sys [x]U1 WS2IFSL;R0 WudfPf; system32DRIVERSWudfPf.sys [x]S3 WudfRd; system32DRIVERSwudfrd.sys [x]U3 atfgfhru; No ImagePath==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-01-26 13:50 - 2014-01-26 13:50 - 00029740 _____ C:Documents and SettingsVelikoDesktopFRST.txt2014-01-26 13:50 - 2014-01-26 13:50 - 00000000 ____D C:FRST2014-01-26 13:47 - 2014-01-26 13:48 - 01222144 _____ (Farbar) C:Documents and SettingsVelikoDesktopFRST.exe2014-01-26 13:39 - 2014-01-26 13:39 - 00000000 ____D C:WINXPLastGood2014-01-26 13:35 - 2014-01-26 13:35 - 00000000 ____D C:Documents and SettingsVelikoStart MenuProgramsGoogle Chrome2014-01-26 13:32 - 2014-01-26 13:32 - 00000000 ____D C:Program FilesYontoo2014-01-26 13:32 - 2014-01-26 13:32 - 00000000 ____D C:Documents and SettingsVelikoApplication DataPriceGong2014-01-26 00:55 - 2014-01-26 00:56 - 00001031 _____ C:WINXPsystem32PCloudCleanerService.log2014-01-25 23:39 - 2014-01-25 23:39 - 00000000 ____D C:Program FilesPanda Security2014-01-23 22:58 - 2014-01-23 22:58 - 00692616 _____ (Adobe Systems Incorporated) C:WINXPsystem32FlashPlayerApp.exe2014-01-23 22:58 - 2014-01-23 22:58 - 00071048 _____ (Adobe Systems Incorporated) C:WINXPsystem32FlashPlayerCPLApp.cpl2014-01-23 22:53 - 2014-01-23 22:53 - 00000730 _____ C:Documents and SettingsAll UsersStart MenuProgramsMozilla Firefox.lnk2014-01-23 22:53 - 2014-01-23 22:53 - 00000724 _____ C:Documents and SettingsAll UsersDesktopMozilla Firefox.lnk2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Program FilesMozilla Maintenance Service2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Program FilesMozilla Firefox2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Documents and SettingsVelikoLocal SettingsApplication DataMozilla2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataMozilla2014-01-19 18:22 - 2014-01-26 13:40 - 00012773 _____ C:WINXPsetupapi.log2014-01-19 18:22 - 2014-01-19 18:22 - 00000000 _____ C:WINXPsetuperr.log2014-01-19 18:22 - 2014-01-19 18:22 - 00000000 _____ C:WINXPsetupact.log2014-01-19 08:51 - 2014-01-26 13:15 - 00025154 _____ C:WINXPKB2481109.log2014-01-15 12:47 - 2014-01-15 12:47 - 00000000 __HDC C:WINXP$NtUninstallKB2914368$2014-01-11 02:17 - 2014-01-11 02:17 - 00007680 ___SH C:WINXPThumbs.db2014-01-04 15:51 - 2014-01-04 15:51 - 00000000 ____D C:Documents and SettingsVelikoApplication DataAVAST Software2014-01-04 14:46 - 2014-01-26 13:40 - 00001799 _____ C:Documents and SettingsAll UsersDesktopavast! SafeZone.lnk2014-01-04 14:46 - 2014-01-26 13:33 - 00000000 ____D C:Documents and SettingsAll UsersStart MenuProgramsAvast2014-01-04 14:37 - 2014-01-04 14:44 - 00252336 _____ (AVAST Software) C:WINXPsystem32DriversaswNdis2.sys2014-01-04 14:37 - 2013-12-19 15:11 - 00104752 _____ (AVAST Software) C:WINXPsystem32DriversaswFW.sys2014-01-04 14:37 - 2013-09-25 14:15 - 00012112 _____ (ALWIL Software) C:WINXPsystem32DriversaswNdis.sys2014-01-04 14:34 - 2014-01-26 13:40 - 00001739 _____ C:Documents and SettingsAll UsersDesktopavast! Internet Security.lnk==================== One Month Modified Files and Folders =======2014-01-26 13:50 - 2014-01-26 13:50 - 00029740 _____ C:Documents and SettingsVelikoDesktopFRST.txt2014-01-26 13:50 - 2014-01-26 13:50 - 00000000 ____D C:FRST2014-01-26 13:49 - 2012-03-12 16:22 - 00000000 ____D C:WINXPMicrosoft.NET2014-01-26 13:48 - 2014-01-26 13:47 - 01222144 _____ (Farbar) C:Documents and SettingsVelikoDesktopFRST.exe2014-01-26 13:44 - 2011-09-08 14:52 - 01718768 _____ C:WINXPWindowsUpdate.log2014-01-26 13:42 - 2011-09-08 17:38 - 00513788 _____ C:WINXPsystem32PerfStringBackup.INI2014-01-26 13:41 - 2012-11-10 00:23 - 00000256 _____ C:WINXPTasksWGASetup.job2014-01-26 13:40 - 2014-01-19 18:22 - 00012773 _____ C:WINXPsetupapi.log2014-01-26 13:40 - 2014-01-04 14:46 - 00001799 _____ C:Documents and SettingsAll UsersDesktopavast! SafeZone.lnk2014-01-26 13:40 - 2014-01-04 14:34 - 00001739 _____ C:Documents and SettingsAll UsersDesktopavast! Internet Security.lnk2014-01-26 13:40 - 2011-09-08 15:05 - 00000420 ____H C:WINXPTasksUser_Feed_Synchronization-{B9E23F3A-2888-4BC4-B5D6-2CFB599D5BE6}.job2014-01-26 13:39 - 2014-01-26 13:39 - 00000000 ____D C:WINXPLastGood2014-01-26 13:39 - 2012-09-07 15:50 - 00000316 ____H C:WINXPTasksavast! Emergency Update.job2014-01-26 13:39 - 2011-09-08 17:32 - 00000000 ____D C:WINXP2014-01-26 13:38 - 2012-03-12 17:13 - 00000159 _____ C:WINXPwiadebug.log2014-01-26 13:38 - 2012-03-12 17:13 - 00000052 _____ C:WINXPwiaservc.log2014-01-26 13:37 - 2011-11-12 14:04 - 00000982 _____ C:WINXPTasksGoogleUpdateTaskMachineCore.job2014-01-26 13:37 - 2011-09-08 14:57 - 00000006 ____H C:WINXPTasksSA.DAT2014-01-26 13:36 - 2011-09-08 15:02 - 00000000 ____D C:Documents and SettingsVeliko2014-01-26 13:36 - 2011-09-08 14:57 - 00000000 __SHD C:Documents and SettingsNetworkService2014-01-26 13:36 - 2011-09-08 14:57 - 00000000 __SHD C:Documents and SettingsLocalService2014-01-26 13:36 - 2011-09-08 14:49 - 00000000 ____D C:WINXPRegistration2014-01-26 13:35 - 2014-01-26 13:35 - 00000000 ____D C:Documents and SettingsVelikoStart MenuProgramsGoogle Chrome2014-01-26 13:33 - 2014-01-04 14:46 - 00000000 ____D C:Documents and SettingsAll UsersStart MenuProgramsAvast2014-01-26 13:33 - 2012-05-20 15:29 - 00000000 ____D C:Documents and SettingsVelikoLocal SettingsApplication DatauTorrentControl22014-01-26 13:33 - 2012-05-20 15:29 - 00000000 ____D C:Documents and SettingsVelikoLocal SettingsApplication DataConduit2014-01-26 13:32 - 2014-01-26 13:32 - 00000000 ____D C:Program FilesYontoo2014-01-26 13:32 - 2014-01-26 13:32 - 00000000 ____D C:Documents and SettingsVelikoApplication DataPriceGong2014-01-26 13:32 - 2012-05-20 15:29 - 00000000 ____D C:Program FilesuTorrentControl22014-01-26 13:31 - 2011-09-08 14:57 - 00032384 _____ C:WINXPSchedLgU.Txt2014-01-26 13:31 - 2011-09-08 14:50 - 00000000 ____D C:WINXPsystem32Restore2014-01-26 13:15 - 2014-01-19 08:51 - 00025154 _____ C:WINXPKB2481109.log2014-01-26 13:01 - 2011-11-12 14:04 - 00000986 _____ C:WINXPTasksGoogleUpdateTaskMachineUA.job2014-01-26 00:56 - 2014-01-26 00:55 - 00001031 _____ C:WINXPsystem32PCloudCleanerService.log2014-01-25 23:55 - 2013-11-16 19:02 - 00001744 _____ C:WINXPsystem32d3d9caps.dat2014-01-25 23:39 - 2014-01-25 23:39 - 00000000 ____D C:Program FilesPanda Security2014-01-25 14:14 - 2008-04-14 14:00 - 00002206 _____ C:WINXPsystem32wpa.dbl2014-01-25 01:24 - 2011-09-08 15:02 - 00000178 ___SH C:Documents and SettingsVelikontuser.ini2014-01-23 22:59 - 2011-12-01 19:43 - 00000000 ____D C:Documents and SettingsVelikoLocal SettingsApplication DataAdobe2014-01-23 22:58 - 2014-01-23 22:58 - 00692616 _____ (Adobe Systems Incorporated) C:WINXPsystem32FlashPlayerApp.exe2014-01-23 22:58 - 2014-01-23 22:58 - 00071048 _____ (Adobe Systems Incorporated) C:WINXPsystem32FlashPlayerCPLApp.cpl2014-01-23 22:53 - 2014-01-23 22:53 - 00000730 _____ C:Documents and SettingsAll UsersStart MenuProgramsMozilla Firefox.lnk2014-01-23 22:53 - 2014-01-23 22:53 - 00000724 _____ C:Documents and SettingsAll UsersDesktopMozilla Firefox.lnk2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Program FilesMozilla Maintenance Service2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Program FilesMozilla Firefox2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Documents and SettingsVelikoLocal SettingsApplication DataMozilla2014-01-23 22:53 - 2014-01-23 22:53 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataMozilla2014-01-19 18:22 - 2014-01-19 18:22 - 00000000 _____ C:WINXPsetuperr.log2014-01-19 18:22 - 2014-01-19 18:22 - 00000000 _____ C:WINXPsetupact.log2014-01-18 18:16 - 2011-09-09 18:11 - 00002293 _____ C:Documents and SettingsVelikoDesktopGoogle Chrome.lnk2014-01-18 16:40 - 2011-09-08 15:33 - 00000000 ____D C:Documents and SettingsVelikoApplication DataWinamp2014-01-18 16:40 - 2011-09-08 15:25 - 00000000 ____D C:WINXPMinidump2014-01-15 12:50 - 2013-08-19 12:15 - 00000000 ____D C:WINXPsystem32MRT2014-01-15 12:47 - 2014-01-15 12:47 - 00000000 __HDC C:WINXP$NtUninstallKB2914368$2014-01-15 12:47 - 2013-06-20 16:26 - 83425928 _____ (Microsoft Corporation) C:WINXPsystem32MRT.exe2014-01-15 12:47 - 2011-09-08 15:35 - 00000000 ____D C:Documents and SettingsVelikoApplication DatauTorrent2014-01-13 00:52 - 2013-06-23 22:43 - 00000000 ____D C:Documents and SettingsVelikoDesktopmsc2014-01-11 02:17 - 2014-01-11 02:17 - 00007680 ___SH C:WINXPThumbs.db2014-01-11 02:17 - 2011-09-09 17:58 - 00045568 _____ C:Documents and SettingsVelikoLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-01-11 02:16 - 2012-03-12 16:31 - 00000000 ____D C:Documents and SettingsVelikoLocal SettingsApplication DataPaint.NET2014-01-10 22:02 - 2013-10-01 19:59 - 00000000 ____D C:Documents and SettingsVelikoDesktopMy last Gba torent2014-01-10 00:47 - 2011-09-08 15:56 - 00000000 ____D C:Documents and SettingsVelikoMy DocumentsMax Payne Savegames2014-01-10 00:41 - 2013-11-16 19:16 - 00001632 _____ C:WINXPsystem32d3d8caps.dat2014-01-04 15:51 - 2014-01-04 15:51 - 00000000 ____D C:Documents and SettingsVelikoApplication DataAVAST Software2014-01-04 14:45 - 2013-03-17 22:25 - 00180248 _____ C:WINXPsystem32DriversaswVmm.sys2014-01-04 14:45 - 2013-03-17 22:25 - 00067824 _____ (AVAST Software) C:WINXPsystem32DriversaswMonFlt.sys2014-01-04 14:45 - 2013-03-17 22:25 - 00049944 _____ C:WINXPsystem32DriversaswRvrt.sys2014-01-04 14:45 - 2012-09-07 15:50 - 00026136 _____ (AVAST Software) C:WINXPsystem32DriversaswKbd.sys2014-01-04 14:45 - 2011-09-08 15:13 - 00775952 _____ (AVAST Software) C:WINXPsystem32DriversaswSnx.sys2014-01-04 14:45 - 2011-09-08 15:13 - 00410528 _____ (AVAST Software) C:WINXPsystem32DriversaswSP.sys2014-01-04 14:45 - 2011-09-08 15:13 - 00270240 _____ (AVAST Software) C:WINXPsystem32aswBoot.exe2014-01-04 14:45 - 2011-09-08 15:13 - 00057672 _____ (AVAST Software) C:WINXPsystem32DriversaswTdi.sys2014-01-04 14:45 - 2011-09-08 15:13 - 00054832 _____ (AVAST Software) C:WINXPsystem32DriversaswRdr.sys2014-01-04 14:45 - 2011-09-08 15:13 - 00043152 _____ (AVAST Software) C:WINXPavastSS.scr2014-01-04 14:44 - 2014-01-04 14:37 - 00252336 _____ (AVAST Software) C:WINXPsystem32DriversaswNdis2.sys2014-01-04 14:39 - 2011-09-08 15:13 - 00000000 ____D C:Documents and SettingsAll UsersApplication DataAVAST Software2014-01-04 14:37 - 2011-09-08 14:53 - 00002577 _____ C:WINXPsystem32CONFIG.NTSome content of TEMP:====================C:Documents and SettingsVelikoLocal SettingsTempfp_pl_pfs_installer.exe==================== Bamital & volsnap Check =================C:Windowsexplorer.exe IS MISSING <==== ATTENTION!.C:WindowsSystem32winlogon.exe IS MISSING <==== ATTENTION!.C:WindowsSystem32svchost.exe IS MISSING <==== ATTENTION!.C:WindowsSystem32services.exe IS MISSING <==== ATTENTION!.C:WindowsSystem32User32.dll IS MISSING <==== ATTENTION!.C:WindowsSystem32userinit.exe IS MISSING <==== ATTENTION!.C:WindowsSystem32rpcss.dll IS MISSING <==== ATTENTION!.C:WindowsSystem32Driversvolsnap.sys IS MISSING <==== ATTENTION!.==================== End Of Log ============================ Addition.txt
  17. преди 4 дена имах хакерска атака и ми напълниха и компа с вируси и исписва някакви грешки при пускане DDS (Ver_2011-09-30.01) - NTFS_AMD64Internet Explorer: 9.11.9600.16428Run by TheReaver at 16:00:18 on 2013-12-25Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.8167.4962 [GMT 2:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Program Files (x86)Common FilesCOMODOlauncher_service.exeC:Windowssystem32svchost.exe -k RPCSSC:Windowssystem32atiesrxx.exeC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k GPSvcGroupC:WindowsSysWOW64fsproflt2.exeC:Windowssystem32atieclxx.exeC:Windowssystem32svchost.exe -k NetworkServiceC:WindowsSystem32spoolsv.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkD:xamppapachebinhttpd.exeC:Program Files (x86)ComodoDragondragon_updater.exeC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationD:xamppfilezillaftpfilezillaserver.exeC:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exeC:Program FilesHide Folders 2012hf.exeC:Windowssystem32taskhost.exeC:Windowssystem32Dwm.exeC:Program FilesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinnsqlservr.exeC:WindowsExplorer.EXED:xamppapachebinhttpd.exeC:Windowssystem32taskeng.exeC:Program Files (x86)ASRock UtilityAXTUBinAsrXTU.exeC:Program FilesRealtekAudioHDARAVCpl64.exeC:Windowsvmsnap3.exeC:WindowsDomino.exeC:UsersTheReaverAppDataRoamingSearch ProtectionSearchProtection.exeC:UsersTheReaverAppDataRoaminguTorrentuTorrent.exeC:Program Files (x86)IM Magicianvicamon.exeC:Program Files (x86)IM Magicianvmonproc.exeC:Program Files (x86)AdTrustMediaPrivDog1.8.0.18trustedadssvc.exeC:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exeC:Program FilesCOMODOGeekBuddyunit_manager.exeC:Program FilesCOMODOGeekBuddyunit.exeC:Program Files (x86)RelevantKnowledgerlservice.exeC:WindowsSysWOW64rserver30RServer3.exeC:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exeC:Windowssystem32svchost.exe -k imgsvcC:WindowsSysWOW64rserver30FamItrfc.ExeC:WindowsSysWOW64rserver30FamItrfc.ExeC:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exeC:Windowssystem32SearchIndexer.exeC:Windowssystem32wbemwmiprvse.exeC:Program Files (x86)RelevantKnowledgerlvknlg.exeC:Windowssystem32wbemunsecapp.exeC:PROGRA~2RELEVA~1rlvknlg64.exeC:PROGRA~2RELEVA~1rlvknlg32.exeC:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exeC:WindowsSystem32svchost.exe -k secsvcsC:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exeC:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exeC:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exeD:CS 1.6 SERVERSDeathrun [4Fun] 4CS - For Servershlds.exeD:CS 1.6 SERVERSHNS 1CS - For Servershlds.exeD:CS 1.6 SERVERSSURF 4CS - For Servershlds.exeD:CS 1.6 SERVERSZOMBIE 3CS - For Servershlds.exeC:Program Files (x86)Mozilla Firefoxfirefox.exeC:Program Files (x86)Mozilla Firefoxplugin-container.exeC:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exeC:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_170.exeC:Program Files (x86)SkypePhoneSkype.exeC:Program Files (x86)OriginOrigin.exeC:Program FilesDAUMPotPlayerPotPlayerMini64.exeC:Windowssystem32SearchProtocolHost.exeC:Windowssystem32SearchFilterHost.exeC:Windowssystem32conhost.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:Program Files (x86)IObitSurfing ProtectionBrowerProtectASCPlugin_Protection.dllBHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:Program Files (x86)AdTrustMediaPrivDog1.8.0.18trustedads.dlluRun: [searchProtection] "C:UsersTheReaverAppDataRoamingSearch ProtectionSearchProtection.EXE" /autostartuRun: [uTorrent] "C:UsersTheReaverAppDataRoaminguTorrentuTorrent.exe" /MINIMIZEDuRun: [RSS] wscript "C:UsersTheReaverAppDataRoamingAdobeFlash PlayerFile Cachefile.vbs" "C:UsersTheReaverAppDataRoamingAdobeFlash PlayerFile Cacherss.bat"uRun: [KiwiGuard] C:UsersTheReaverDesktopKiwiGuard-CrackedKiwiGuard-CrackedKiwiGuard.exeuRun: [firebwall] C:Program Files (x86)fireBwallfireBwall.exemRun: [iMMON] "C:Program Files (x86)IM MagicianVicamon.exe"mRun: [iMMONSUPPORT] "C:Program Files (x86)IM Magicianvmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exemRun: [ComodoFSFirefox] "C:Program Files (x86)AdTrustMediaPrivDogFinalizeSetup.exe" /fmRun: [PrivDogService] "C:Program Files (x86)AdTrustMediaPrivDog1.8.0.18trustedadssvc.exe"mRun: [tvncontrol] "C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe" -controlservice -slaveStartupFolder: C:UsersTHEREA~1AppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupGAMERA~1.LNK - C:UsersTheReaverAppDataRoamingGameRangerGameRangerGameRanger.exeStartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSQLSER~1.LNK - C:Program Files (x86)Microsoft SQL Server80ToolsBinnscm.exeStartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSTARTG~1.LNK - C:Program FilesCOMODOGeekBuddylauncher.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:Program Files (x86)AdTrustMediaPrivDog1.8.0.18trustedads.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: Interfaces{90C7E2AA-A9AE-4207-95B0-24447E8CB857} : NameServer = 88.87.0.2,88.87.10.2Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication31.0.1650.63Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:Program Files (x86)IObitIObit UninstallerUninstallExplorer64.dllx64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:Program FilesAdTrustMediaPrivDog1.8.0.18trustedads.dllx64-Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -sx64-Run: [VMSnap3] C:WindowsVMSnap3.exex64-Run: [Domino] C:WindowsDomino.exex64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:Program FilesAdTrustMediaPrivDog1.8.0.18trustedads.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:UsersTheReaverAppDataRoamingMozillaFirefoxProfileso2bq2ky2.defaultFF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p=FF - plugin: C:Program Files (x86)GoogleUpdate1.3.22.3npGoogleUpdate3.dllFF - plugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dllFF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_9_900_170.dll.---- FIREFOX POLICIES ----FF - user.js: nglayout.initialpaint.delay - 750FF - user.js: content.notify.interval - 750000FF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.switch.threshold - 750000FF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.request.max-start-delay - 0FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: browser.turbo.enabled - trueFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.chrome.favicons - falseFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.cache.memory.capacity - 65536FF - user.js: content.notify.ontimer - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=32d9490d000000000000002522aa4cc7&q=FF - user.js: extensions.BabylonToolbar.id - 32d9490d000000000000002522aa4cc7FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}FF - user.js: extensions.BabylonToolbar.instlDay - 15726FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.222:44:07FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - baseFF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar_i.excTlbr - falseFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=117023&tt=0313_7FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar.autoRvrt - falseFF - user.js: extensions.BabylonToolbar.rvrt - falseFF - user.js: extensions.BabylonToolbar_i.newTab - false.============= SERVICES / DRIVERS ===============.R0 FSProFilter2;FSPro File Filter 2;C:WindowsSystem32driversFSPFltd2.sys [2013-11-20 57648]R1 CFRMD;CFRMD;C:WindowsSystem32driversCFRMD.sys [2013-5-7 37976]R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:WindowsSystem32drivershmd.sys [2013-10-7 14888]R1 ndisrd;WinpkFilter LightWeight Filter;C:WindowsSystem32driversndisrd.sys [2013-8-5 43088]R1 raddrvv3;raddrvv3;C:WindowsSysWOW64rserver30raddrvv3.sys [2009-10-9 68704]R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2013-8-31 239616]R2 Apache2.2;Apache2.2;D:xamppapachebinhttpd.exe [2008-12-10 24636]R2 CLPSLauncher;COMODO LPS Launcher;C:Program Files (x86)Common FilesCOMODOlauncher_service.exe [2013-12-13 70352]R2 DragonUpdater;COMODO Dragon Update Service;C:Program Files (x86)ComodoDragondragon_updater.exe [2013-11-11 2098880]R2 fsproflt2;FSPro Filter Service 2;C:WindowsSysWOW64fsproflt2.exe [2013-11-20 49512]R2 GeekBuddyRSP;GeekBuddyRSP Server;C:Program Files (x86)Common FilesCOMODOGeekBuddyRSP.exe [2013-12-13 2327248]R2 RelevantKnowledge;RelevantKnowledge;C:Program Files (x86)RelevantKnowledgerlservice.exe [2013-12-13 186136]R2 RServer3;Radmin Server V3;C:WindowsSysWOW64rserver30rserver3.exe [2009-10-9 1242504]R2 TeamViewer9;TeamViewer 9;C:Program Files (x86)TeamViewerVersion9TeamViewer_Service.exe [2013-12-20 5341536]R2 UNS;Intel® Management and Security Application User Notification Service;C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2013-11-20 2656280]R3 amdkmdag;amdkmdag;C:WindowsSystem32driversatikmdag.sys [2013-8-31 12528640]R3 amdkmdap;amdkmdap;C:WindowsSystem32driversatikmpag.sys [2013-8-31 618496]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:WindowsSystem32driversAtihdW76.sys [2013-7-5 96256]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:WindowsSystem32driversEtronHub3.sys [2011-2-8 39936]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:WindowsSystem32driversEtronXHCI.sys [2011-2-8 64512]R3 MEIx64;Intel® Management Engine Interface;C:WindowsSystem32driversHECIx64.sys [2013-11-20 56344]R3 mirrorv3;mirrorv3;C:WindowsSystem32driversrminiv3.sys [2012-12-18 5632]R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2013-11-20 344680]R3 vvftav303;vvftav303;C:WindowsSystem32driversvvftav303.sys [2013-12-13 308096]R3 ZSMC0303;A4 TECH PC Camera H;C:WindowsSystem32driversusbVM303.sys [2013-12-13 1494656]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2012-7-8 123856]S2 gupdate;Услуга на Google Актуализация (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-11-21 116648]S2 hlsm;HL Server Monitor;D:CS 1.6 SERVERSDEATHRUN [FUN] (6132)hlsm.exe --> D:CS 1.6 SERVERSDEATHRUN [FUN] (6132)hlsm.exe [?]S2 LiveUpdateSvc;LiveUpdate;C:Program Files (x86)IObitLiveUpdateLiveUpdate.exe [2013-11-20 2151232]S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2013-9-5 171680]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2013-11-20 257416]S3 dmvsc;dmvsc;C:WindowsSystem32driversdmvsc.sys [2011-4-12 71168]S3 gupdatem;Услуга на Google Актуализация (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2013-11-21 116648]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:WindowsSystem32ieetwcollector.exe [2013-12-13 111616]S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2013-11-20 119408]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2013-11-20 19456]S3 Revoflt;Revoflt;C:WindowsSystem32driversrevoflt.sys [2013-11-21 31800]S3 RTCore64;RTCore64;C:Program Files (x86)MSI AfterburnerRTCore64.sys [2013-1-23 13368]S3 Synth3dVsc;Synth3dVsc;C:WindowsSystem32driversSynth3dVsc.sys [2011-4-12 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:WindowsSystem32driversterminpt.sys [2013-11-20 29696]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2013-11-20 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2013-11-20 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2013-11-20 1255736]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:Program FilesMicrosoft SQL Server100Sharedsqladhlp.exe [2010-4-3 59744]S4 RsFx0153;RsFx0153 Driver;C:WindowsSystem32driversRsFx0153.sys [2012-6-29 321992]SUnknown tsusbhub;tsusbhub; [x].=============== Created Last 30 ================.2013-12-24 12:30:49 -------- d-----w- C:Program FilesHide Folders 20122013-12-24 10:04:12 10315576 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{9FC35C14-EFDF-4276-8687-A6985F460EBC}mpengine.dll2013-12-24 09:52:46 94208 ----a-w- C:WindowsDIIUnin.exe2013-12-24 09:52:46 2829 ----a-w- C:WindowsDIIUnin.pif2013-12-24 09:51:17 -------- d-----w- C:Program Files (x86)Diablo II2013-12-22 09:30:17 -------- d-----w- C:Program Files (x86)QS2013-12-21 09:49:11 -------- d-----w- C:UsersTheReaverAppDataRoamingComodo2013-12-21 07:51:23 -------- d-----w- C:Program Files (x86)Common FilesCOMODO2013-12-21 07:35:34 -------- d-----w- C:UsersTheReaverAppDataLocalAdTrustMedia2013-12-21 07:34:36 -------- d-----w- C:Program FilesAdTrustMedia2013-12-21 07:34:36 -------- d-----w- C:Program Files (x86)AdTrustMedia2013-12-21 07:34:35 -------- d-----w- C:ProgramDataAdtrustmedia2013-12-21 07:34:26 -------- d-----w- C:ProgramDataCOMODO2013-12-21 07:34:17 -------- d-----w- C:Program FilesCOMODO2013-12-21 07:34:10 -------- d-----w- C:UsersTheReaverAppDataLocalComodo2013-12-21 07:34:07 57096 ----a-w- C:WindowsSystem32certsentry.dll2013-12-21 07:34:07 48392 ----a-w- C:WindowsSysWow64certsentry.dll2013-12-21 07:34:02 -------- d-----w- C:Program Files (x86)Comodo2013-12-21 07:22:57 -------- d-----w- C:ISA Server 2006 SP1 Standard Edition CD2013-12-21 07:12:56 -------- d-----w- C:Program Files (x86)Sygate2013-12-21 07:12:39 -------- d-----w- C:Program Files (x86)Common FilesWise Installation Wizard2013-12-21 07:10:31 -------- d-----w- C:UsersTheReaverAppDataRoamingfirebwall2013-12-21 07:10:03 -------- d-----w- C:Program Files (x86)WinpkFilter2013-12-20 23:31:32 -------- d-----w- C:Program Files (x86)Everything2013-12-20 22:56:59 -------- d-----w- C:Program Files (x86)Anti DDoS Guardian 2.32013-12-20 22:39:34 36256 ----a-w- C:WindowsSystem32driversnblocker.sys2013-12-20 22:39:33 -------- d-----w- C:Program Files (x86)Anti DDoS Guardian 3.12013-12-18 17:56:22 -------- d-----w- C:WindowsCS 1.6 COOL EDiTiON2013-12-14 20:59:00 -------- d-----w- C:Program Files (x86)MSXML 4.02013-12-14 06:06:35 859416 ----a-w- C:WindowsSystem32rlls64.dll2013-12-14 06:06:35 593688 ----a-w- C:WindowsSysWow64rlls.dll2013-12-13 21:10:26 167424 ----a-w- C:Program FilesWindows Media Playerwmplayer.exe2013-12-13 21:10:26 164864 ----a-w- C:Program Files (x86)Windows Media Playerwmplayer.exe2013-12-13 21:10:26 12625920 ----a-w- C:WindowsSystem32wmploc.DLL2013-12-13 21:10:25 12625408 ----a-w- C:WindowsSysWow64wmploc.DLL2013-12-13 20:23:47 -------- d-----w- C:Program FilesCPUID2013-12-13 11:57:55 -------- d-----w- C:UsersTheReaverAppDataRoamingVimisoft Studio2013-12-13 11:57:47 77824 ----a-w- C:WindowsSysWow64vgf.dll2013-12-13 11:57:47 450560 ----a-w- C:WindowsSysWow64newlistview2.dll2013-12-13 11:57:47 -------- d-----w- C:Program Files (x86)Common FilesVimisoft Studio2013-12-13 11:57:30 -------- d-----w- C:Program Files (x86)Vimicro Corporation2013-12-13 11:57:16 -------- d-----w- C:Program Files (x86)IM Magician2013-12-13 11:49:04 -------- d-----w- C:WindowsEffectResources2013-12-12 22:32:08 -------- d-----w- C:Program Files (x86)RelevantKnowledge2013-12-12 22:31:34 -------- d-----w- C:Program Files (x86)Free EXE Lock2013-12-12 22:20:11 -------- d-----w- C:Program Files (x86)ELTIMA Software2013-12-12 10:10:15 -------- d-----w- C:UsersTheReaverAppDataRoamingLolClient2013-12-12 09:28:07 467984 ----a-w- C:WindowsSysWow64d3dx10_39.dll2013-12-12 09:28:07 1493528 ----a-w- C:WindowsSysWow64D3DCompiler_39.dll2013-12-12 09:28:06 3851784 ----a-w- C:WindowsSysWow64D3DX9_39.dll2013-12-12 09:27:55 -------- d-sh--w- C:WindowsSysWow64AI_RecycleBin2013-12-12 09:26:13 -------- d-----w- C:UsersTheReaverAppDataLocalPMB Files2013-12-12 09:26:12 -------- d-----w- C:ProgramDataPMB Files2013-12-12 09:26:09 -------- d-----w- C:Program Files (x86)Pando Networks2013-12-12 09:25:45 -------- d-----w- C:UsersTheReaverAppDataRoamingRiot Games2013-12-11 19:58:08 -------- d-----w- C:WindowsSysWow64directx2013-12-11 19:57:52 -------- d-----w- C:Program Files (x86)MSI Afterburner2013-12-11 11:37:34 -------- d-----w- C:Fraps2013-12-10 08:35:22 -------- d-----w- C:UsersTheReaverAppDataLocalApps2013-12-10 08:34:55 -------- d-----w- C:Program Files (x86)Active Data Recovery Software2013-12-10 08:25:13 -------- d-----w- C:UsersTheReaverAppDataLocalstorage2013-12-08 16:15:05 -------- d-----w- C:UsersTheReaverAppDataLocalMicrosoft_Corporation2013-12-08 16:13:31 57288 ----a-w- C:WindowsSysWow64perf-MSSQL10_50.MSSQLSERVER-sqlagtctr.dll2013-12-08 16:13:30 86984 ----a-w- C:WindowsSystem32perf-MSSQL10_50.MSSQLSERVER-sqlagtctr.dll2013-12-08 16:13:18 88520 ----a-w- C:WindowsSystem32perf-MSSQLSERVER-sqlctr10.52.4000.0.dll2013-12-08 16:13:18 82888 ----a-w- C:WindowsSysWow64perf-MSSQLSERVER-sqlctr10.52.4000.0.dll2013-12-08 16:12:11 -------- d-----w- C:WindowsSystem32RsFx2013-12-08 16:09:22 -------- d-----w- C:UsersTheReaverAppDataLocalMicrosoft Help2013-12-08 16:08:30 -------- d-----w- C:Program Files (x86)Microsoft Synchronization Services2013-12-08 16:08:16 -------- d-----w- C:Program Files (x86)Microsoft SQL Server Compact Edition2013-12-08 16:08:10 -------- d-----w- C:WindowsSysWow6410332013-12-08 16:08:10 -------- d-----w- C:WindowsSystem3210332013-12-08 16:04:43 -------- d-----w- C:WindowsPCHEALTH2013-12-08 16:02:41 -------- d-----w- C:Program FilesMicrosoft SQL Server2013-12-08 15:49:45 -------- d-----w- C:UsersTheReaverAppDataLocalDownloaded Installations2013-12-07 07:05:24 -------- d-----w- C:UsersTheReaverAppDataRoamingSearch Protection2013-12-07 07:05:17 -------- d-----w- C:ProgramDataYTD Video Downloader2013-12-07 07:05:04 -------- d-----w- C:Program Files (x86)GreenTree Applications2013-12-06 16:02:03 -------- d-----w- C:ProgramData{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}2013-12-06 16:02:03 -------- d-----w- C:ProgramData{D76294E6-03B8-4971-AF2E-3F846161A690}2013-12-05 20:05:47 -------- d-----w- C:Program Files (x86)VideoLAN2013-12-05 10:34:33 -------- d-----w- C:Program Files (x86)ASRock Utility2013-11-29 20:03:21 -------- d-----w- C:Program Files (x86)Unlocker2013-11-29 12:44:01 -------- d-----w- C:Program Files (x86)avpbg2013-11-29 12:40:47 -------- d-----w- C:ProgramDataKaspersky Lab2013-11-29 12:16:43 -------- d-----w- C:Program Files (x86)Kaspersky Lab2013-11-29 12:04:19 -------- d-s---w- C:WindowsSysWow64Microsoft2013-11-28 16:43:50 -------- d-----w- C:ProgramDataAMMYY2013-11-27 20:20:17 -------- d-----w- C:Program Files (x86)TeamViewer2013-11-27 18:59:11 -------- d-----w- C:Program Files (x86)Common FilesSteam2013-11-27 18:03:20 -------- d-----w- C:UsersTheReaverAppDataRoamingRadmin2013-11-27 11:13:35 99840 ----a-w- C:WindowsSystem32driversusbccgp.sys2013-11-27 11:13:35 52736 ----a-w- C:WindowsSystem32driversusbehci.sys2013-11-27 11:13:34 7808 ----a-w- C:WindowsSystem32driversusbd.sys2013-11-27 11:13:34 343040 ----a-w- C:WindowsSystem32driversusbhub.sys2013-11-27 11:13:34 325120 ----a-w- C:WindowsSystem32driversusbport.sys2013-11-27 11:13:34 30720 ----a-w- C:WindowsSystem32driversusbuhci.sys2013-11-27 11:13:34 25600 ----a-w- C:WindowsSystem32driversusbohci.sys2013-11-27 09:18:01 140288 ----a-w- C:WindowsSysWow64Comdlg32.ocx2013-11-27 09:18:00 1355776 ----a-w- C:WindowsSysWow64msvbvm50.dll2013-11-27 09:17:57 192569 ----a-w- C:WindowsSysWow64msrpjt40.dll2013-11-27 09:17:42 274489 ----a-w- C:WindowsSysWow64ntwdblib.dll2013-11-27 09:17:39 97552 ----a-w- C:WindowsSysWow64rdocurs.dll2013-11-27 09:17:39 376592 ----a-w- C:WindowsSysWow64msrdo20.dll2013-11-27 09:17:38 32830 ----a-w- C:WindowsSysWow64dbmsshrn.dll2013-11-27 09:17:13 -------- d-----w- C:Program Files (x86)Microsoft SQL Server2013-11-27 09:04:36 306688 ----a-w- C:WindowsIsUninst.exe2013-11-27 08:59:29 -------- d-----w- C:UsersTheReaverAppDataRoamingTeamViewer2013-11-27 08:48:29 -------- d-----w- C:WindowsSysWow64rserver302013-11-27 07:43:42 -------- d-sh--w- C:ProgramDataDSS2013-11-26 19:05:36 -------- d-----w- C:Program Files (x86)Origin Games2013-11-26 19:05:17 -------- d-----w- C:UsersTheReaverAppDataRoamingOrigin2013-11-26 19:05:16 -------- d-----w- C:UsersTheReaverAppDataLocalOrigin2013-11-26 19:03:58 -------- d-----w- C:ProgramDataOrigin2013-11-26 19:03:57 -------- d-----w- C:ProgramDataElectronic Arts2013-11-26 19:03:43 -------- d-----w- C:Program Files (x86)Origin2013-11-26 07:47:40 -------- d-----r- C:Program Files (x86)Skype2013-11-26 06:14:47 -------- d-----w- C:WindowsSystem32MRT.==================== Find3M ====================.2013-12-11 18:21:23 71048 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-12-11 18:21:23 692616 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-11-26 10:19:07 2724864 ----a-w- C:WindowsSystem32mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:WindowsSystem32ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:WindowsSystem32iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:WindowsSystem32ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:WindowsSysWow64mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:WindowsSystem32ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:WindowsSystem32ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:WindowsSystem32jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:WindowsSystem32jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:WindowsSysWow64jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:WindowsSysWow64jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:WindowsSystem32inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:WindowsSysWow64inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:WindowsSystem32wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:WindowsSysWow64wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:WindowsSysWow64WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:WindowsSystem32WMPhoto.dll2013-11-21 11:44:01 447888 ----a-w- C:WindowsSystem32driversaswNdisFlt.sys2013-11-20 17:05:45 197120 ----a-w- C:WindowsSystem32credui.dll2013-11-20 17:05:45 1930752 ----a-w- C:WindowsSystem32authui.dll2013-11-20 17:05:45 190464 ----a-w- C:WindowsSystem32SmartcardCredentialProvider.dll2013-11-20 17:05:45 1796096 ----a-w- C:WindowsSysWow64authui.dll2013-11-20 17:05:45 168960 ----a-w- C:WindowsSysWow64credui.dll2013-11-20 17:05:45 152576 ----a-w- C:WindowsSysWow64SmartcardCredentialProvider.dll2013-11-20 17:03:35 404480 ----a-w- C:WindowsSystem32gdi32.dll2013-11-20 17:03:35 311808 ----a-w- C:WindowsSysWow64gdi32.dll2013-11-20 17:02:43 1474048 ----a-w- C:WindowsSystem32crypt32.dll2013-11-20 17:02:43 1168384 ----a-w- C:WindowsSysWow64crypt32.dll2013-11-20 17:01:48 497152 ----a-w- C:WindowsSystem32driversafd.sys2013-11-20 16:59:21 30720 ----a-w- C:WindowsSystem32cryptdlg.dll2013-11-20 16:59:21 24576 ----a-w- C:WindowsSysWow64cryptdlg.dll2013-11-20 16:58:28 81920 ----a-w- C:WindowsSysWow64davclnt.dll2013-11-20 16:58:28 259584 ----a-w- C:WindowsSystem32WebClnt.dll2013-11-20 16:58:28 205824 ----a-w- C:WindowsSysWow64WebClnt.dll2013-11-20 16:58:28 140800 ----a-w- C:WindowsSystem32driversmrxdav.sys2013-11-20 16:58:28 102400 ----a-w- C:WindowsSystem32davclnt.dll2013-11-20 16:56:50 461312 ----a-w- C:WindowsSystem32scavengeui.dll2013-11-20 16:55:28 109824 ----a-w- C:WindowsSystem32driversUSBAUDIO.sys2013-11-20 16:55:28 100864 ----a-w- C:WindowsSystem32driversusbcir.sys2013-11-20 16:54:46 785624 ----a-w- C:WindowsSystem32driversWdf01000.sys2013-11-20 16:54:00 633856 ----a-w- C:WindowsSystem32comctl32.dll2013-11-20 16:54:00 530432 ----a-w- C:WindowsSysWow64comctl32.dll2013-11-20 16:53:19 76800 ----a-w- C:WindowsSystem32drivershidclass.sys2013-11-20 16:53:19 32896 ----a-w- C:WindowsSystem32drivershidparse.sys2013-11-20 16:52:32 70656 ----a-w- C:WindowsSysWow64fontsub.dll2013-11-20 16:52:32 46080 ----a-w- C:WindowsSystem32atmlib.dll2013-11-20 16:52:32 41472 ----a-w- C:WindowsSystem32lpk.dll2013-11-20 16:52:32 368128 ----a-w- C:WindowsSystem32atmfd.dll2013-11-20 16:52:32 34304 ----a-w- C:WindowsSysWow64atmlib.dll2013-11-20 16:52:32 295424 ----a-w- C:WindowsSysWow64atmfd.dll2013-11-20 16:52:32 25600 ----a-w- C:WindowsSysWow64lpk.dll2013-11-20 16:52:32 14336 ----a-w- C:WindowsSystem32dciman32.dll2013-11-20 16:52:32 10240 ----a-w- C:WindowsSysWow64dciman32.dll2013-11-20 16:52:32 100864 ----a-w- C:WindowsSystem32fontsub.dll2013-11-20 16:51:50 983488 ----a-w- C:WindowsSystem32driversdxgkrnl.sys2013-11-20 16:51:50 265064 ----a-w- C:WindowsSystem32driversdxgmms1.sys2013-11-20 16:51:50 144384 ----a-w- C:WindowsSystem32cdd.dll2013-11-20 16:48:18 124112 ----a-w- C:WindowsSystem32PresentationCFFRasterizerNative_v0300.dll2013-11-20 16:48:18 102608 ----a-w- C:WindowsSysWow64PresentationCFFRasterizerNative_v0300.dll2013-11-20 16:46:51 1887232 ----a-w- C:WindowsSystem32d3d11.dll2013-11-20 16:46:51 1505280 ----a-w- C:WindowsSysWow64d3d11.dll2013-11-20 16:46:05 327168 ----a-w- C:WindowsSystem32mswsock.dll2013-11-20 16:46:05 231424 ----a-w- C:WindowsSysWow64mswsock.dll2013-11-20 16:46:05 1903552 ----a-w- C:WindowsSystem32driverstcpip.sys2013-11-20 16:44:23 62976 ----a-w- C:WindowsSystem32TSWbPrxy.exe2013-11-20 16:41:21 155584 ----a-w- C:WindowsSystem32driversataport.sys2013-11-20 16:40:48 1888768 ----a-w- C:WindowsSystem32WMVDECOD.DLL2013-11-20 16:40:48 1620992 ----a-w- C:WindowsSysWow64WMVDECOD.DLL2013-11-20 16:37:55 663552 ----a-w- C:WindowsSysWow64rpcrt4.dll2013-11-20 16:37:55 1217024 ----a-w- C:WindowsSystem32rpcrt4.dll2013-11-20 16:37:18 288088 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS2013-11-20 16:36:46 39936 ----a-w- C:WindowsSystem32driverstssecsrv.sys2013-11-20 16:36:08 224256 ----a-w- C:WindowsSystem32wintrust.dll2013-11-20 16:36:08 184320 ----a-w- C:WindowsSystem32cryptsvc.dll2013-11-20 16:36:08 175104 ----a-w- C:WindowsSysWow64wintrust.dll2013-11-20 16:36:08 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll2013-11-20 16:36:08 139776 ----a-w- C:WindowsSystem32cryptnet.dll2013-11-20 16:36:08 103936 ----a-w- C:WindowsSysWow64cryptnet.dll2013-11-20 16:34:58 624128 ----a-w- C:WindowsSystem32qedit.dll2013-11-20 16:34:58 509440 ----a-w- C:WindowsSysWow64qedit.dll2013-11-20 16:29:24 751104 ----a-w- C:WindowsSystem32win32spl.dll2013-11-20 16:29:24 492544 ----a-w- C:WindowsSysWow64win32spl.dll2013-11-20 16:28:45 903168 ----a-w- C:WindowsSysWow64certutil.exe2013-11-20 16:28:45 52224 ----a-w- C:WindowsSystem32certenc.dll2013-11-20 16:28:45 43008 ----a-w- C:WindowsSysWow64certenc.dll2013-11-20 16:28:45 1192448 ----a-w- C:WindowsSystem32certutil.exe2013-11-20 16:26:26 70144 ----a-w- C:WindowsSystem32appinfo.dll2013-11-20 16:26:26 111448 ----a-w- C:WindowsSystem32consent.exe2013-11-20 16:25:51 48640 ----a-w- C:WindowsSystem32wwanprotdim.dll2013-11-20 16:25:51 230400 ----a-w- C:WindowsSystem32wwansvc.dll2013-11-20 16:25:26 474624 ----a-w- C:WindowsapppatchAcSpecfc.dll2013-11-20 16:25:26 350208 ----a-w- C:WindowsapppatchAppPatch64AcLayers.dll2013-11-20 16:25:26 308736 ----a-w- C:WindowsapppatchAppPatch64AcGenral.dll2013-11-20 16:25:26 2176512 ----a-w- C:WindowsapppatchAcGenral.dll2013-11-20 16:25:26 135168 ----a-w- C:WindowsapppatchAppPatch64AcXtrnal.dll2013-11-20 16:25:26 111104 ----a-w- C:WindowsapppatchAppPatch64acspecfc.dll2013-11-20 16:23:47 1656680 ----a-w- C:WindowsSystem32driversntfs.sys2013-11-20 16:22:41 223752 ----a-w- C:WindowsSystem32driversfvevol.sys.============= FINISH: 16:00:33,29 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-09-30.01).Microsoft Windows 7 UltimateBoot Device: DeviceHarddiskVolume1Install Date: 20.11.2013 г. 17:05:38System Uptime: 25.12.2013 г. 08:00:46 (8 hours ago).Motherboard: ASRock | | H67M-GEProcessor: Intel® Core i5-2400 CPU @ 3.10GHz | CPUSocket | 3101/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 100 GiB total, 46,398 GiB free.D: is FIXED (NTFS) - 831 GiB total, 364,807 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP102: 21.12.2013 г. 13:28:20 - Инсталиране на драйверен пакет за устройство: COMODO Мрежова услугаRP103: 24.12.2013 г. 12:03:54 - Windows Update.==== Installed Programs ======================.µTorrentA4 TECH PC Camera HActive@ UNDELETE 7 EnterpriseAdobe Flash Player 11 PluginAdobe Flash Player 9 ActiveXAIDA64 Business v4.00AMD Accelerated Video TranscodingAMD Catalyst Control CenterAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD Media Foundation DecodersASRock eXtreme Tuner v0.1.215Catalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerComodo DragonComponents SetupCounter-StrikeCPUID CPU-Z 1.67.1CS 1.6 COOL EDiTiONDaum PotPlayer 1.5.39659 x64 EditionDiablo IIDiablo II - Eastern SunEtron USB3.0 Host ControllerEverything 1.2.1.371EXE Password Protector 1.1.6.214FIFA 13foobar2000 v1.2.9Fraps (remove only)Free EXE Lock 5.4.5GameRangerGeekBuddyGoogle ChromeGoogle Update HelperHotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)IM MagicianInfinityMU SEASON 3Intel® Management Engine ComponentsIObit UninstallerK-Lite Mega Codec Pack 9.8.5League of LegendsMicrosoft .NET Framework 4.5Microsoft Application Error ReportingMicrosoft Report Viewer Redistributable 2008 (KB971119)Microsoft Report Viewer Redistributable 2008 SP1Microsoft SQL Server 2008 R2 (64-bit)Microsoft SQL Server 2008 R2 Native ClientMicrosoft SQL Server 2008 R2 PoliciesMicrosoft SQL Server 2008 R2 RsFx DriverMicrosoft SQL Server 2008 R2 Setup (English)Microsoft SQL Server 2008 Setup Support FilesMicrosoft SQL Server BrowserMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 Query Tools ENUMicrosoft SQL Server VSS WriterMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft Visual Studio Tools for Applications 2.0 - ENUMozilla Firefox 26.0 (x86 bg)Mozilla Maintenance ServiceMSI Afterburner 2.3.1MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetTools 5.0Notepad++OriginPando Media BoosterPowerISOPrivDogRadmin Server 3.4Realtek Ethernet Controller Driver For Windows 7Realtek High Definition Audio DriverRelevantKnowledgeRevo Uninstaller Pro 3.0.8Search ProtectionSecurity Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Security Update for Microsoft .NET Framework 4.5 (KB2861208)Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit)Skype™ 6.11SQL Server 2008 R2 SP2 Common FilesSQL Server 2008 R2 SP2 Database Engine ServicesSQL Server 2008 R2 SP2 Database Engine SharedSQL Server 2008 R2 SP2 Management StudioSql Server Customer Experience Improvement ProgramSurfing ProtectionTeamViewer 9Ubisoft Game LauncherUpdate for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)VLC media player 2.1.1WinPcap 3.0WinpkFilter Runtime & ToolsWinRAR 5.00 (64-битова версия)XAMPP 1.7.1YTD Video Downloader 4.7.1.==== Event Viewer Messages From Past Week ========.25.12.2013 г. 08:02:08, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).25.12.2013 г. 08:01:08, Error: Service Control Manager [7000] - The HL Server Monitor service failed to start due to the following error: The system cannot find the file specified.24.12.2013 г. 19:44:51, Error: Service Control Manager [7034] - The Apache2.2 service terminated unexpectedly. It has done this 1 time(s).24.12.2013 г. 18:55:27, Error: Service Control Manager [7034] - The HL Server Monitor service terminated unexpectedly. It has done this 1 time(s).24.12.2013 г. 18:04:43, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).24.12.2013 г. 18:03:54, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.24.12.2013 г. 18:03:54, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.24.12.2013 г. 10:06:42, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).24.12.2013 г. 10:06:10, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.24.12.2013 г. 10:06:10, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.24.12.2013 г. 08:55:09, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).24.12.2013 г. 08:54:28, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.24.12.2013 г. 08:54:28, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.24.12.2013 г. 08:02:09, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).22.12.2013 г. 13:54:34, Error: Service Control Manager [7030] - The HL Server Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.22.12.2013 г. 11:27:16, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).22.12.2013 г. 08:02:07, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 13:33:48, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 13:23:58, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 13:22:51, Error: Service Control Manager [7003] - The BeeThink IP Blocker Service service depends the following service: NBlocker. This service might not be installed.21.12.2013 г. 12:04:56, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 12:03:44, Error: Service Control Manager [7003] - The BeeThink IP Blocker Service service depends the following service: NBlocker. This service might not be installed.21.12.2013 г. 09:41:48, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 09:40:16, Error: Service Control Manager [7003] - The BeeThink IP Blocker Service service depends the following service: NBlocker. This service might not be installed.21.12.2013 г. 09:37:29, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 2 time(s).21.12.2013 г. 09:37:13, Error: Service Control Manager [7034] - The Advanced SystemCare Service 7 service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 09:36:39, Error: Service Control Manager [7030] - The Advanced SystemCare Service 7 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.21.12.2013 г. 09:36:18, Error: Service Control Manager [7034] - The AdvancedSystemCareAntivirus service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 09:19:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service.21.12.2013 г. 09:16:56, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 09:16:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Teefer wpsdrvnt21.12.2013 г. 09:15:51, Error: Service Control Manager [7003] - The BeeThink IP Blocker Service service depends the following service: NBlocker. This service might not be installed.21.12.2013 г. 09:15:51, Error: Service Control Manager [7000] - The SyGate for NT, wg6n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:15:51, Error: Service Control Manager [7000] - The SyGate for NT, wg5n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:15:51, Error: Service Control Manager [7000] - The SyGate for NT, wg4n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:15:51, Error: Service Control Manager [7000] - The SyGate for NT, wg3n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:15:51, Error: Application Popup [1060] - SystemRootSysWow64Driverswg6n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:15:51, Error: Application Popup [1060] - SystemRootSysWow64Driverswg5n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:15:51, Error: Application Popup [1060] - SystemRootSysWow64Driverswg4n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:15:51, Error: Application Popup [1060] - SystemRootSysWow64Driverswg3n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:15:40, Error: Application Popup [1060] - SystemRootSysWow64DriversTeefer.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:13:19, Error: Service Control Manager [7000] - The SyGate for NT, wg6n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:13:19, Error: Service Control Manager [7000] - The SyGate for NT, wg5n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:13:19, Error: Application Popup [1060] - SystemRootSysWow64Driverswg6n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:13:19, Error: Application Popup [1060] - SystemRootSysWow64Driverswg5n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:13:18, Error: Service Control Manager [7000] - The SyGate for NT, wg4n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:13:18, Error: Application Popup [1060] - SystemRootSysWow64Driverswg4n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:13:17, Error: Service Control Manager [7000] - The SyGate for NT, wg3n service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:13:17, Error: Application Popup [1060] - SystemRootSysWow64Driverswg3n.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:13:16, Error: Service Control Manager [7000] - The Teefer for NT service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:13:16, Error: Application Popup [1060] - SystemRootSysWow64DriversTeefer.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:13:02, Error: Service Control Manager [7000] - The wpsdrvnt service failed to start due to the following error: This driver has been blocked from loading21.12.2013 г. 09:13:02, Error: Service Control Manager [7000] - The Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.21.12.2013 г. 09:13:02, Error: Application Popup [1060] - SystemRootSysWow64driverswpsdrvnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.21.12.2013 г. 09:13:00, Error: Service Control Manager [7030] - The Sygate Personal Firewall Pro service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.21.12.2013 г. 08:02:08, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 08:01:03, Error: Service Control Manager [7003] - The BeeThink IP Blocker Service service depends the following service: NBlocker. This service might not be installed.21.12.2013 г. 05:29:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.21.12.2013 г. 04:49:33, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).21.12.2013 г. 04:48:29, Error: Service Control Manager [7003] - The BeeThink IP Blocker Service service depends the following service: NBlocker. This service might not be installed.20.12.2013 г. 23:36:55, Error: Service Control Manager [7034] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s).20.12.2013 г. 23:31:21, Error: Service Control Manager [7030] - The Radmin Server V3 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.20.12.2013 г. 23:25:01, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).20.12.2013 г. 23:19:23, Error: Service Control Manager [7030] - The Radmin Server V3 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.20.12.2013 г. 23:17:15, Error: Service Control Manager [7030] - The Radmin Server V3 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.20.12.2013 г. 23:06:03, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Рестартиране на услугата.20.12.2013 г. 21:27:31, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).20.12.2013 г. 21:21:25, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "5" Happened while starting this command: C:WindowsSysWOW64DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}20.12.2013 г. 21:14:26, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).20.12.2013 г. 21:14:23, Error: Service Control Manager [7034] - The SQL Server (MSSQLSERVER) service terminated unexpectedly. It has done this 1 time(s).20.12.2013 г. 20:36:14, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).20.12.2013 г. 13:48:24, Error: bowser [8003] - The master browser has received a server announcement from the computer GFDDGF-79E68F5A that believes that it is the master browser for the domain on transport NetBT_Tcpip_{90C7E2AA-A9AE-4207-95B0-24447E8CB857}. The master browser is stopping or an election is being forced.18.12.2013 г. 14:58:22, Error: bowser [8003] - The master browser has received a server announcement from the computer AKY-CCB1B381A4F that believes that it is the master browser for the domain on transport NetBT_Tcpip_{90C7E2AA-A9AE-4207-95B0-24447E8CB857}. The master browser is stopping or an election is being forced..==== End Of File ===========================
  18. Здравейте!!!Пиша Ви за пореден път, но този път не става въпрос за моята машина , а за тази на мой приятел. Проблема е следния, без да е отворен никакъв прозорец, лаптопа се товари на 80-100 % и вдига много висока температура. А когато тръне да зарежда примерно Експлорер, ужасно много бави. Ето и логовете: FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014 Ran by Dzhemal (administrator) on DZHEMAL-HP on 21-11-2014 21:29:56 Running from C:\Users\Dzhemal\Desktop Loaded Profile: Dzhemal (Available profiles: Dzhemal & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (Beijing ELEX Technology Co., Ltd.) C:\Program Files (x86)\Software Plate\svcgdp.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe () C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (SafeIP) C:\Program Files (x86)\SafeIP\SafeIPS.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Nullsoft) C:\Program Files (x86)\Winamp\winampa.exe () C:\Program Files (x86)\VIVACOM 3G USB MODEM\ModemListener.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [39424 2009-12-18] (Nullsoft) HKLM-x32\...\Run: [ModemListener] => C:\Program Files (x86)\VIVACOM 3G USB MODEM\ModemListener.exe [98304 2010-01-27] () HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\Run: [Google Update] => C:\Users\Dzhemal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-26] (Google Inc.) HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2283808 2013-11-11] (IObit) HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {29828cb2-d0cf-11e0-a9ce-2c27d7dba7d9} - F:\AutoRun.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {29828cc7-d0cf-11e0-a9ce-2c27d7dba7d9} - J:\AutoRun.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {3a1324f1-d301-11e0-ab1e-2c27d7dba7d9} - F:\AutoRun.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {41892756-f045-11e0-8c31-2c27d7dba7d9} - F:\AutoRun.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {41892759-f045-11e0-8c31-2c27d7dba7d9} - F:\AutoRun.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {50066d0f-265a-11e1-b5ec-2c27d7dba7d9} - I:\autorun.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {c37f0e3a-c19d-11e3-a6a1-2c27d7dba7d9} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\MountPoints2: {e165778e-d16b-11e0-8bcc-2c27d7dba7d9} - F:\AutoRun.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-966336249-240343522-4042860801-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/ URLSearchHook: HKLM-x32 - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) URLSearchHook: HKU\S-1-5-21-966336249-240343522-4042860801-1000 - Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKLM -> {903E9084-8050-4C90-870A-226613C1C2F5} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20131222185642776&tb_oid=22-12-2013&tb_mrud=22-12-2013 SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20131222185642776&tb_oid=22-12-2013&tb_mrud=22-12-2013 SearchScopes: HKU\S-1-5-21-966336249-240343522-4042860801-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-966336249-240343522-4042860801-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20131222185642776&tb_oid=22-12-2013&tb_mrud=22-12-2013 SearchScopes: HKU\S-1-5-21-966336249-240343522-4042860801-1000 -> {EF87F31E-38AE-4881-B513-151ED9619405} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Winamp Toolbar Loader -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Proxy Help -> {F386E548-C533-472E-8C61-C026FB14FEB9} -> C:\Windows\SysWow64\Newtabs_22find.dll (Newtabs. inc) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) Toolbar: HKU\S-1-5-21-966336249-240343522-4042860801-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://ebb.ubb.bg/CAPICOM/capicom.cab DPF: HKLM-x32 {B015B944-7316-49AE-AC84-ACCA9379EA32} http://77.85.205.2:90/IPCamPluginMJPEG.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-20] (EasyBits Software Corp.) Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [380608] (SafeIP) Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [380608] (SafeIP) Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [380608] (SafeIP) Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [380608] (SafeIP) Winsock: Catalog9 15 C:\Windows\SysWOW64\SafeIPs.dll [380608] (SafeIP) Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [540864] (SafeIP) Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [540864] (SafeIP) Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [540864] (SafeIP) Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [540864] (SafeIP) Winsock: Catalog9-x64 15 C:\Windows\system32\SafeIPs64.dll [540864] (SafeIP) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-966336249-240343522-4042860801-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dzhemal\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-966336249-240343522-4042860801-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dzhemal\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\IPSFF [2013-10-12] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\coFFPlgn [2014-11-21] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\Application\39.0.2171.65\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\Application\39.0.2171.65\pdf.dll () CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File CHR Profile: C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Диск) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09] CHR Extension: (YouTube) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01] CHR Extension: (Adblock Plus) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-22] CHR Extension: (Google Търсене) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-01] CHR Extension: (Skype Click to Call) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-05] CHR Extension: (Google Wallet) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Dzhemal\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-09-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit) R2 DeviceManager; C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe [40960 2009-11-17] () [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed] R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [3797184 2012-12-17] (SafeIP) R2 svcgdp; C:\Program Files (x86)\Software Plate\svcgdp.exe [224416 2012-07-02] (Beijing ELEX Technology Co., Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-16] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-23] (Symantec Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\IPSDefs\20141120.001\IDSvia64.sys [637656 2014-11-14] (Symantec Corporation) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [119680 2009-11-17] (TCT International Mobile Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\VirusDefs\20141109.003\ENG64.SYS [129752 2014-10-24] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.8.0.14\Definitions\VirusDefs\20141109.003\EX64.SYS [2137304 2014-10-24] (Symantec Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2012-01-03] () [File not signed] R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2012-04-17] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-24] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation) S3 utmxnjk0; No ImagePath S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] U2 wuaserv; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-21 21:28 - 2014-11-21 21:29 - 00030994 _____ () C:\Users\Dzhemal\Desktop\Addition.txt 2014-11-21 21:27 - 2014-11-21 21:30 - 00025889 _____ () C:\Users\Dzhemal\Desktop\FRST.txt 2014-11-21 21:27 - 2014-11-21 21:30 - 00000000 ____D () C:\FRST 2014-11-21 21:25 - 2014-11-21 21:27 - 02117632 _____ (Farbar) C:\Users\Dzhemal\Desktop\FRST64.exe 2014-11-21 00:25 - 2014-11-21 00:25 - 00000000 __SHD () C:\Users\Dzhemal\AppData\Local\EmieBrowserModeList 2014-11-21 00:11 - 2014-11-21 00:11 - 00007601 _____ () C:\Users\Dzhemal\AppData\Local\Resmon.ResmonCfg 2014-11-21 00:07 - 2014-11-21 00:07 - 00000056 _____ () C:\Windows\setupact.log 2014-11-21 00:07 - 2014-11-21 00:07 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-21 00:06 - 2014-11-21 00:06 - 00005986 _____ () C:\Windows\PFRO.log 2014-11-21 00:05 - 2014-11-21 00:05 - 00000000 _____ () C:\asc_rdflag 2014-11-20 23:26 - 2014-11-07 21:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-20 23:26 - 2014-11-07 21:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-20 23:26 - 2014-11-06 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-20 23:26 - 2014-11-06 06:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-20 23:26 - 2014-11-06 05:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-20 23:26 - 2014-11-06 05:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-20 23:26 - 2014-11-06 05:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-20 23:26 - 2014-11-06 05:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-20 23:26 - 2014-11-06 05:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-20 23:26 - 2014-11-06 05:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-20 23:26 - 2014-11-06 05:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-20 23:26 - 2014-11-06 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-20 23:26 - 2014-11-06 05:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-20 23:26 - 2014-11-06 05:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-20 23:26 - 2014-11-06 05:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-20 23:26 - 2014-11-06 05:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-20 23:26 - 2014-11-06 05:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-20 23:26 - 2014-11-06 05:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-20 23:26 - 2014-11-06 05:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-20 23:26 - 2014-11-06 05:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-20 23:26 - 2014-11-06 05:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-20 23:26 - 2014-11-06 05:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-20 23:26 - 2014-11-06 05:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-20 23:26 - 2014-11-06 04:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-20 23:26 - 2014-11-06 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-20 23:26 - 2014-11-06 04:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-20 23:26 - 2014-11-06 04:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-20 23:26 - 2014-11-06 04:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-20 23:26 - 2014-11-06 04:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-20 23:26 - 2014-11-06 04:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-20 23:26 - 2014-11-06 04:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-20 23:26 - 2014-11-06 04:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-20 23:26 - 2014-11-06 04:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-20 23:26 - 2014-11-06 04:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-20 23:26 - 2014-11-06 04:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-20 23:26 - 2014-11-06 04:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-20 23:26 - 2014-11-06 04:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-20 23:26 - 2014-11-06 04:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-20 23:26 - 2014-11-06 04:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-20 23:26 - 2014-11-06 04:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-20 23:26 - 2014-11-06 03:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-20 23:26 - 2014-11-06 03:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-20 23:26 - 2014-11-06 03:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-20 23:26 - 2014-11-06 03:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-20 23:25 - 2014-11-06 06:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-20 23:25 - 2014-11-06 05:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-20 23:25 - 2014-11-06 05:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-20 23:25 - 2014-11-06 05:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-20 23:25 - 2014-11-06 05:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-20 23:25 - 2014-11-06 05:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-20 23:25 - 2014-11-06 05:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-20 23:25 - 2014-11-06 05:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-20 23:25 - 2014-11-06 05:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-20 23:25 - 2014-11-06 04:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-20 23:25 - 2014-11-06 04:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-20 23:25 - 2014-11-06 04:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-20 21:38 - 2014-11-21 19:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-20 21:38 - 2014-11-20 21:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-20 21:38 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-20 21:38 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-20 19:36 - 2014-09-19 11:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-20 19:36 - 2014-09-19 11:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-20 19:36 - 2014-09-19 11:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-20 19:36 - 2014-09-19 11:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-20 19:36 - 2014-09-19 11:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-20 19:36 - 2014-09-19 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-20 19:36 - 2014-09-19 11:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-20 19:36 - 2014-09-19 11:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-20 19:36 - 2014-09-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-20 19:36 - 2014-09-19 11:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-20 19:36 - 2014-09-19 11:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-20 19:36 - 2014-09-19 11:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-20 19:24 - 2014-11-11 05:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-20 19:24 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-20 19:24 - 2014-11-11 04:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-20 19:24 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-20 19:24 - 2014-10-14 04:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-20 19:24 - 2014-10-14 04:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-20 19:24 - 2014-10-14 03:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-20 19:24 - 2014-10-14 03:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-20 19:23 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-20 19:23 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-20 19:20 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-20 19:20 - 2014-10-14 04:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-20 19:20 - 2014-10-14 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-20 19:20 - 2014-10-14 03:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-20 19:20 - 2014-10-14 03:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-20 18:41 - 2014-08-21 08:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-20 18:41 - 2014-08-21 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-20 18:41 - 2014-08-21 08:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-20 18:41 - 2014-08-21 08:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-20 18:36 - 2014-10-03 04:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-20 18:36 - 2014-10-03 04:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-20 18:36 - 2014-10-03 04:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-20 18:36 - 2014-10-03 04:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-20 18:36 - 2014-10-03 04:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-20 18:36 - 2014-10-03 03:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-20 18:36 - 2014-10-03 03:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-20 18:36 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-20 18:36 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-20 18:36 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-20 18:06 - 2014-10-10 02:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-20 16:57 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-20 16:57 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-20 16:52 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-20 16:52 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-19 23:59 - 2014-11-19 23:59 - 00000000 ____D () C:\Program Files (x86)\HTC 2014-11-19 23:57 - 2014-11-19 23:59 - 00000000 ____D () C:\Temp 2014-11-19 23:57 - 2014-11-19 23:57 - 00000000 ____D () C:\ProgramData\HTC 2014-11-19 23:57 - 2010-03-08 22:08 - 00121800 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\HtcVComV64.sys 2014-10-25 15:43 - 2014-10-25 15:43 - 00000000 ____D () C:\Program Files\Adblock Plus for IE 2014-10-24 23:47 - 2014-10-24 23:48 - 00000000 ____D () C:\Users\Dzhemal\Downloads\Salmon.Fishing.in.the.Yemen.2011.HDRip.XviD.BGAUDiO-SiSO 2014-10-24 17:12 - 2014-10-24 19:42 - 00000000 ____D () C:\g ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-21 21:12 - 2013-07-22 21:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-21 21:09 - 2011-08-19 21:05 - 00000000 ____D () C:\Users\Dzhemal\AppData\Roaming\Skype 2014-11-21 21:03 - 2012-06-26 16:50 - 00001016 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000UA.job 2014-11-21 20:43 - 2012-08-18 16:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-21 20:27 - 2011-05-30 09:52 - 01801248 _____ () C:\Windows\WindowsUpdate.log 2014-11-21 18:39 - 2013-01-28 16:19 - 00000000 ____D () C:\Users\Dzhemal\Desktop\Джемал Рупчев 2012 2014-11-21 18:27 - 2013-12-22 20:50 - 00000000 ____D () C:\Users\Dzhemal\AppData\Roaming\Winamp 2014-11-21 15:03 - 2012-06-26 16:50 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000Core.job 2014-11-21 11:50 - 2011-08-19 19:40 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-21 10:43 - 2009-07-14 07:13 - 00006260 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-21 09:43 - 2012-08-18 16:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-21 00:12 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-21 00:12 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-21 00:09 - 2014-01-07 09:43 - 00000000 ____D () C:\ProgramData\ProductData 2014-11-21 00:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-21 00:07 - 2009-07-14 06:45 - 00340568 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-21 00:05 - 2014-02-16 17:23 - 72785920 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-11-21 00:05 - 2014-02-16 17:23 - 00671744 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-11-21 00:05 - 2014-02-16 17:23 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-11-21 00:05 - 2014-02-16 17:23 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-11-21 00:05 - 2011-08-19 17:03 - 00000000 ____D () C:\Users\Dzhemal 2014-11-20 23:56 - 2013-07-25 19:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-20 23:47 - 2012-12-21 23:16 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-20 21:38 - 2013-07-22 18:33 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-20 21:38 - 2013-07-22 18:33 - 00000000 ____D () C:\Users\Dzhemal\AppData\Roaming\Malwarebytes 2014-11-20 21:38 - 2013-07-22 18:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-20 21:38 - 2013-07-22 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-11-20 16:03 - 2011-05-30 10:01 - 00000000 ____D () C:\ProgramData\Norton 2014-11-18 17:18 - 2014-04-10 06:30 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDzhemal 2014-11-18 17:18 - 2014-04-10 06:30 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDzhemal.job 2014-11-18 00:35 - 2014-01-07 09:51 - 00002205 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk 2014-11-18 00:34 - 2011-08-28 14:21 - 00000000 ____D () C:\Users\Dzhemal\AppData\Roaming\uTorrent 2014-11-17 01:28 - 2014-03-31 18:14 - 43892736 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak 2014-11-14 14:58 - 2012-06-26 16:50 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000UA 2014-11-14 14:58 - 2012-06-26 16:50 - 00003594 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000Core 2014-11-14 09:38 - 2012-08-18 16:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 09:38 - 2012-08-18 16:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-07 08:28 - 2012-08-21 11:02 - 00000000 ____D () C:\Users\Dzhemal\Desktop\Bambina 2014-11-05 21:17 - 2013-07-09 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-01 17:27 - 2013-05-09 08:36 - 00000000 ____D () C:\Users\Public\Downloads\Norton 2014-10-25 09:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-10-25 07:02 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-17 17:20 ==================== End Of Log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014 Ran by Dzhemal at 2014-11-21 21:30:55 Running from C:\Users\Dzhemal\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - ) µTorrent (HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.) 50 FREE MP3s +1 Free Audiobook! (HKLM-x32\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc) Adblock Plus за IE (32-битов и 64-битов) (HKLM\...\{04F1B8BC-8D13-48FB-9D17-A168BFA0A560}) (Version: 99.9 - Eyeo GmbH) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated) Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.0.6 - IObit) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Ashampoo Magical Optimizer 1.22 (HKLM-x32\...\Ashampoo Magical Optimizer_is1) (Version: 1.2.2 - Ashampoo GmbH & Co. KG) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.63.1071 - AB Team, d.o.o.) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.5.1228 - IObit) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 6.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.0 - ) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware, версия 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Nero 7 Premium (HKLM-x32\...\{FC98FBE9-E931-494C-8717-497185371033}) (Version: 7.02.4712 - Nero AG) NewTabs Uninstall (HKLM-x32\...\NewTabs) (Version: - ELEX Technology) <==== ATTENTION Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden SA Dictionary 2008 Beta 4 (HKLM-x32\...\{055A5AF0-9FEB-440D-B00A-18935C7C171C}) (Version: 6.6.12 - Stefan Angelov) SafeIP (HKLM-x32\...\SAFEIP_is1) (Version: - SafeIP) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden Software Plate (HKLM-x32\...\Software Plate) (Version: 1.0.1 - XingCloud) <==== ATTENTION Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated) The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden VIVACOM 3G USB MODEM (HKLM-x32\...\VIVACOM 3G USB MODEM ALCATEL_is1) (Version: - Alcatel) WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.57 - Nullsoft, Inc) Winamp Application Detect (HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winamp Toolbar (HKLM-x32\...\Winamp Toolbar) (Version: - ) <==== ATTENTION Winamp Toolbar (HKU\S-1-5-21-966336249-240343522-4042860801-1000\...\Winamp Toolbar) (Version: - ) <==== ATTENTION Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-966336249-240343522-4042860801-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dzhemal\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-966336249-240343522-4042860801-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dzhemal\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 02-11-2014 17:00:26 Windows Backup 09-11-2014 18:00:01 Windows Backup 16-11-2014 18:42:29 Windows Backup 17-11-2014 07:21:45 Windows Update 19-11-2014 21:47:34 Windows Update 20-11-2014 04:31:44 Windows Update 20-11-2014 21:45:07 Windows Update 21-11-2014 08:37:53 Windows Update 21-11-2014 09:34:30 Windows Update 21-11-2014 09:50:23 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-07-22 17:26 - 00000741 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3219DB7E-175F-4B87-8107-981363264FD7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation) Task: {3295386A-7074-4758-B958-E1289893B2D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-18] (Google Inc.) Task: {4244458F-6275-43A1-96A7-9E6D1A73D267} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {49CDAC2F-0D0A-4BFE-B501-C3AB44CDBA1D} - System32\Tasks\ASC7_SkipUac_Dzhemal => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-11-18] (IObit) Task: {57CA1EE8-5FB9-4E8E-A104-E0405DC70F0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard) Task: {7763808A-020E-4E55-AA5D-A528C2E856A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe Task: {7A2EF186-422E-444D-A394-1C25FC6ABFEA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink) Task: {84580A75-01D4-43F3-8772-E815648600DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-18] (Google Inc.) Task: {878BED2C-6AA2-4C05-97CE-B4AD9D1508E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000UA => C:\Users\Dzhemal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.) Task: {9D31538F-8BE4-42A1-9CA2-FDC7A3456732} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000Core => C:\Users\Dzhemal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-26] (Google Inc.) Task: {B58F9550-E595-4BE4-8D78-59DBD1B80F7A} - System32\Tasks\HPCeeScheduleForDzhemal => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {B7F35B8F-DFB7-4B6F-AEB0-03C8342E329B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22] (Adobe Systems Incorporated) Task: {BB7344DA-96B9-4934-B74A-40E023454747} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation) Task: {BF0C8C1F-2C36-461D-8DA0-8404076366C9} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-11-11] (IObit) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000Core.job => C:\Users\Dzhemal\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-966336249-240343522-4042860801-1000UA.job => C:\Users\Dzhemal\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForDzhemal.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-12-14 15:50 - 2009-11-17 10:44 - 00040960 _____ () C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe 2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2011-12-14 15:50 - 2010-01-27 11:08 - 00098304 _____ () C:\Program Files (x86)\VIVACOM 3G USB MODEM\ModemListener.exe 2014-01-07 09:51 - 2013-10-25 12:07 - 01120032 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe 2014-01-07 09:51 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-01-07 09:51 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll 2014-11-21 00:08 - 2014-11-21 00:08 - 00098816 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32api.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00110080 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\pywintypes27.dll 2014-11-21 00:08 - 2014-11-21 00:08 - 00364544 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\pythoncom27.dll 2014-11-21 00:08 - 2014-11-21 00:08 - 00045568 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\_socket.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 01160704 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\_ssl.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00320512 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32com.shell.shell.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00713216 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\_hashlib.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 01175040 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._core_.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00805888 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._gdi_.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00811008 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._windows_.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 01062400 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._controls_.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00735232 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._misc_.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00128512 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\_elementtree.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00127488 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\pyexpat.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00557056 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\pysqlite2._sqlite.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00087552 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\_ctypes.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00119808 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32file.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00108544 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32security.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00007168 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\hashobjs_ext.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00167936 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32gui.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00018432 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32event.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00038912 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32inet.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00011264 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32crypt.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00070656 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._html2.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00027136 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\_multiprocessing.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00035840 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32process.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00686080 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\unicodedata.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00122368 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._wizard.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00024064 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32pipe.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00025600 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32pdh.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00525640 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\windows._lib_cacheinvalidation.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00010240 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\select.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00017408 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32profile.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00022528 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\win32ts.pyd 2014-11-21 00:08 - 2014-11-21 00:08 - 00078336 _____ () C:\Users\Dzhemal\AppData\Local\Temp\_MEI41682\wx._animate.pyd 2014-01-07 09:51 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl 2014-01-07 09:51 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl 2014-01-07 09:51 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl 2014-10-25 07:15 - 2014-10-25 07:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll 2011-05-30 09:50 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" MSCONFIG\startupreg: DAEMON Tools Lite => MSCONFIG\startupreg: SunJavaUpdateSched => ========================= Accounts: ========================== Administrator (S-1-5-21-966336249-240343522-4042860801-500 - Administrator - Disabled) Dzhemal (S-1-5-21-966336249-240343522-4042860801-1000 - Administrator - Enabled) => C:\Users\Dzhemal Guest (S-1-5-21-966336249-240343522-4042860801-501 - Limited - Disabled) => C:\Users\Guest ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/21/2014 10:43:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service ASP.NET (ASP.NET) failed. The first DWORD in the Data section contains the error code. Error: (11/21/2014 10:43:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/21/2014 00:15:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/21/2014 00:15:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/21/2014 00:08:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 08:07:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/18/2014 08:07:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (11/18/2014 08:02:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2014 00:28:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (11/18/2014 00:28:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. System errors: ============= Error: (11/21/2014 08:48:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:48:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:48:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:48:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:48:08 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:36:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:36:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:36:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 08:11:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (11/21/2014 07:52:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Microsoft Office Sessions: ========================= Error: (12/11/2012 01:16:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8123 seconds with 3420 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel® Pentium® CPU B940 @ 2.00GHz Percentage of memory in use: 57% Total physical RAM: 4043.86 MB Available physical RAM: 1699.19 MB Total Pagefile: 8085.9 MB Available Pagefile: 5035.25 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:342.96 GB) (Free:250.13 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:13.51 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive g: (Local Disk) (Fixed) (Total:341.86 GB) (Free:140.32 GB) NTFS Drive h: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D91F86F8) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=199 MB) - (Type=42) Partition 3: (Not Active) - (Size=343 GB) - (Type=42) Partition 4: (Not Active) - (Size=355.5 GB) - (Type=42) ==================== End Of Log ============================ Благодаря!!!!
  19. Здравейте, имам лаптоп Toshiba Satellite L750D с win 7, 64битов. Имам съмнение за вирус, от вчера като пусна клипче в нета, тръгва и след известно време екрана става бял или черен и процесора удря 86 процента... плюс на моменти като цяло лаптопа ми се вижда по - бавен когато съм в интернет. Пуснах бързо сканиране с Malwarebytes Anti-Malware и ми намери 12 PUP. файла (registry key)....не знам дали наистина са за изтриване. Благодаря предварително! DDS (Ver_2011-09-30.01) - NTFS_AMD64Internet Explorer: 9.10.9200.16721 BrowserJavaVersion: 10.17.2Run by VESELA at 20:45:08 on 2013-12-17Microsoft Windows 7 Home Premium 6.1.7601.1.1251.359.1033.18.5607.3425 [GMT 2:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k RPCSSC:Windowssystem32atiesrxx.exeC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Program FilesWTouchWTouchService.exeC:Windowssystem32atieclxx.exeC:WindowsSYSTEM32WISPTIS.EXEC:Windowssystem32svchost.exe -k NetworkServiceC:Windowssystem32WLANExt.exeC:Program FilesAVAST SoftwareAvastAvastSvc.exeC:Windowssystem32conhost.exeC:WindowsSYSTEM32WISPTIS.EXEC:Program FilesCommon Filesmicrosoft sharedinkTabTip.exeC:Program FilesWTouchWTouchUser.exeC:Windowssystem32Dwm.exeC:WindowsSystem32spoolsv.exeC:Program Files (x86)Common FilesMicrosoft SharedInkTabTip32.exeC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Windowssystem32taskhost.exeC:WindowsExplorer.EXEC:Program Files (x86)Common FilesAdobeARM1.0armsvc.exeC:Program Files (x86)BonjourmDNSResponder.exeC:Program Files (x86)ConnectifyConnectifyService.exeC:Program Files (x86)ConnectifyConnectifyD.exeC:Windowssystem32conhost.exeC:Windowssystem32svchost.exe -k imgsvcC:Windowssystem32Pen_Tablet.exeC:Program FilesToshibaPower SaverTosCoSrv.exeC:WindowsSystem32svchost.exe -k secsvcsC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXEC:Program FilesTOSHIBATECOTecoService.exeC:Windowssystem32WTabletPen_TabletUser.exeC:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exeC:Windowssystem32Pen_Tablet.exeC:Windowssystem32svchost.exe -k NetworkServiceNetworkRestrictedC:Windowssystem32wbemwmiprvse.exeC:WindowsSystem32WUDFHost.exeC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:Program FilesToshibaPower SaverTPwrMain.exeC:Windowssystem32SearchIndexer.exeC:Program FilesToshibaFlashCardsTCrdMain.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:Program FilesToshibaTECOTeco.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program FilesWindows Sidebarsidebar.exeC:Program Files (x86)SkypePhoneSkype.exeC:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeC:Program Files (x86)TOSHIBABluetooth Toshiba StackItSecMng.exeC:Program FilesAVAST SoftwareAvastAvastUI.exeC:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exeC:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exec:Program Files (x86)NeroUpdateNASvc.exeC:Program FilesWindows Media Playerwmpnetwk.exeC:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exeC:Program FilesCommon FilesMicrosoft SharedInkInputPersonalization.exeC:WindowsSystem32svchost.exe -k LocalServicePeerNetC:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exeC:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exeC:Program FilesTOSHIBATPHMTPCHSrv.exeC:Windowssystem32svchost.exe -k SDRSVCC:Program FilesTOSHIBATPHMTPCHWMsg.exeC:Program Files (x86)Mozilla Firefoxfirefox.exeC:Windowssystem32taskmgr.exeC:Program Files (x86)Windows LivePhoto GalleryWLXPhotoGallery.exeC:WindowsSysWOW64ctfmon.exeC:Program FilesCommon Filesmicrosoft sharedinkTabTip.exeC:Windowssystem32DllHost.exeC:Windowssystem32conhost.exeC:Windowssystem32wbemwmiprvse.exeC:WindowsSystem32cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.babylon.com/?affID=119781&tt=gc_&babsrc=HP_ss_din2g&mntrId=B6C0E0CA947056E2BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLLBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program Files (x86)Microsoft OfficeOffice14URLREDIR.DLLTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:Program FilesAVAST SoftwareAvastaswWebRepIE.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dlluRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRunuRun: [skype] "C:Program Files (x86)SkypePhoneSkype.exe" /minimized /regrunuRun: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRunmRun: [iTSecMng] C:Program Files (x86)TOSHIBABluetooth Toshiba StackItSecMng.exe /STARTmRun: [avast] "C:Program FilesAVAST SoftwareAvastavastUI.exe" /noguimRunOnce: [Malwarebytes Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe /install /silentuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cabTCP: Interfaces{37EE4525-92BA-4103-B7D2-D63E938D54D2} : NameServer = 212.25.58.229 212.25.58.2TCP: Interfaces{EC987100-A9DD-4878-87F3-047D0A4FDECD}244534D2144435C4 : DHCPNameServer = 192.168.1.1TCP: Interfaces{EC987100-A9DD-4878-87F3-047D0A4FDECD}34F6E6E6563647966697D20527F626F6F6B6 : DHCPNameServer = 192.168.210.1TCP: Interfaces{EC987100-A9DD-4878-87F3-047D0A4FDECD}4657E6166737B696B697470264275656 : DHCPNameServer = 172.16.1.1TCP: Interfaces{EC987100-A9DD-4878-87F3-047D0A4FDECD}56936303 : DHCPNameServer = 192.168.1.1TCP: Interfaces{EC987100-A9DD-4878-87F3-047D0A4FDECD}777777E2E6564777F62787D22676E236F6D6D223 : DHCPNameServer = 212.25.58.8 212.25.58.2Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livesspmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:Program Files (x86)GoogleChromeApplication31.0.1650.63Installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft OfficeOffice14URLREDIR.DLLx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:Program FilesAVAST SoftwareAvastaswWebRepIE64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dllx64-Run: [TPwrMain] C:Program Files (x86)TOSHIBAPower SaverTPwrMain.EXEx64-Run: [HSON] C:Program Files (x86)TOSHIBATBSHSON.exex64-Run: [TCrdMain] C:Program Files (x86)TOSHIBAFlashCardsTCrdMain.exex64-Run: [synTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exex64-Run: [Teco] "C:Program Files (x86)TOSHIBATECOTeco.exe" /rx64-Run: [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exex64-Run: [TosWaitSrv] C:Program Files (x86)TOSHIBATPHMTosWaitSrv.exex64-Run: [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exex64-Run: [smartAudio] C:Program FilesCONEXANTSAIISAIICpl.exe /tx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program FilesMicrosoft OfficeOffice14ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program FilesMicrosoft OfficeOffice14ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program FilesMicrosoft OfficeOffice14GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:UsersVESELAAppDataRoamingMozillaFirefoxProfilesw9e33dcd.defaultFF - plugin: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLLFF - plugin: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLLFF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dllFF - plugin: C:Program Files (x86)GoogleUpdate1.3.22.3npGoogleUpdate3.dllFF - plugin: C:Program Files (x86)Javajre7binplugin2npjp2.dllFF - plugin: c:Program Files (x86)Microsoft Silverlight5.1.20913.0npctrlui.dllFF - plugin: C:Program Files (x86)TabletPluginsnpwacom.dllFF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dllFF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_9_900_170.dllFF - plugin: C:WindowsSysWOW64npDeployJava1.dllFF - plugin: C:WindowsSysWOW64npmproxy.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - b6c01fcb000000000000e0ca947056e2FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15855FF - user.js: extensions.delta.vrsn - 1.8.21.5FF - user.js: extensions.delta.vrsni - 1.8.21.5FF - user.js: extensions.delta.vrsnTs - 1.8.21.515:11:35FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.ffxUnstlRst - trueFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta_i.babTrack - affID=119781&tt=gc_FF - user.js: extensions.delta_i.babExt -FF - user.js: extensions.delta_i.srcExt - ssFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false..============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:WindowsSystem32driversaswRvrt.sys [2013-5-7 65336]R0 aswVmm;aswVmm;C:WindowsSystem32driversaswVmm.sys [2013-5-7 189936]R1 aswSnx;aswSnx;C:WindowsSystem32driversaswSnx.sys [2012-1-17 1030952]R1 aswSP;aswSP;C:WindowsSystem32driversaswSP.sys [2012-1-17 378944]R1 cnnctfy3;Connectify LightWeight Filter;C:WindowsSystem32driverscnnctfy3.sys [2013-11-16 35352]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:WindowsSystem32driversdtsoftbus01.sys [2011-12-16 279616]R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-14 59904]R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2013-5-9 65640]R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2011-10-10 204288]R2 aswFsBlk;aswFsBlk;C:WindowsSystem32driversaswFsBlk.sys [2012-1-17 33400]R2 aswMonFlt;aswMonFlt;C:WindowsSystem32driversaswMonFlt.sys [2012-1-17 80816]R2 avast! Antivirus;avast! Antivirus;C:Program FilesAVAST SoftwareAvastAvastSvc.exe [2013-6-5 46808]R2 Connectify;Connectify;C:Program Files (x86)ConnectifyConnectifyService.exe [2013-5-4 487936]R2 NAUpdate;Nero Update;C:Program Files (x86)NeroUpdateNASvc.exe [2011-3-29 598312]R2 TabletServicePen;TabletServicePen;C:WindowsSystem32Pen_Tablet.exe [2012-8-27 5556520]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:Program FilesToshibaTECOTecoService.exe [2011-4-7 294328]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:WindowsSystem32driversTVALZFL.sys [2009-6-19 14472]R2 WTouchService;WTouch Service;C:Program FilesWTouchWTouchService.exe [2012-8-27 127784]R3 amdkmdag;amdkmdag;C:WindowsSystem32driversatikmdag.sys [2011-10-10 9263616]R3 amdkmdap;amdkmdap;C:WindowsSystem32driversatikmpag.sys [2011-10-10 300544]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:WindowsSystem32driversAtihdW76.sys [2011-10-10 116752]R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:WindowsSystem32driversbtfilter.sys [2011-10-10 42096]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:WindowsSystem32driversL1C62x64.sys [2011-2-9 77424]R3 PGEffect;Pangu effect driver;C:WindowsSystem32driversPGEffect.sys [2011-10-10 38096]R3 QIOMem;Generic IO & Memory Access;C:WindowsSystem32driversQIOMem.sys [2009-6-15 12800]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:Program FilesToshibaTOSHIBA HDD SSD AlertTosSmartSrv.exe [2010-12-8 137632]R3 TPCHSrv;TPCH Service;C:Program FilesToshibaTPHMTPCHSrv.exe [2011-7-1 828856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2012-7-8 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2012-7-8 123856]S2 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-8-17 136176]S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2013-9-5 171680]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-3-30 257416]S3 ggflt;SEMC USB Flash Driver Filter;C:WindowsSystem32driversggflt.sys [2012-12-21 14448]S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-8-17 136176]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:Program FilesMicrosoft OfficeOffice14GROOVE.EXE [2012-9-20 50899608]S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-4-26 119408]S3 ose64;Office 64 Source Engine;C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2010-1-9 174440]S3 osppsvc;Office Software Protection Platform;C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2010-1-9 4925184]S3 Sony PC Companion;Sony PC Companion;C:Program Files (x86)SonySony PC CompanionPCCService.exe [2012-12-21 155824]S3 SrvHsfHDA;SrvHsfHDA;C:WindowsSystem32driversVSTAZL6.SYS [2009-7-14 292864]S3 SrvHsfV92;SrvHsfV92;C:WindowsSystem32driversVSTDPV6.SYS [2009-7-14 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:WindowsSystem32driversVSTCNXT6.SYS [2009-7-14 740864]S3 SwitchBoard;SwitchBoard;C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2010-11-21 31232]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:WindowsSystem32driversvwifimp.sys [2009-7-14 17920]S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2012-1-8 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-12-17 17:22:40 25928 ----a-w- C:WindowsSystem32driversmbam.sys2013-12-17 17:22:40 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware2013-11-27 16:11:29 -------- d-----w- C:UsersVESELAAppDataLocal{42811BCC-1CA5-4ED5-8B1D-877AFD84E550}.==================== Find3M ====================.2013-12-11 17:59:25 692616 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe2013-12-11 17:59:24 71048 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl2013-11-16 10:34:56 35352 ----a-w- C:WindowsSystem32driverscnnctfy3.sys2013-09-22 23:28:06 1767936 ----a-w- C:WindowsSysWow64wininet.dll2013-09-22 23:27:49 2876928 ----a-w- C:WindowsSysWow64jscript9.dll2013-09-22 23:27:48 61440 ----a-w- C:WindowsSysWow64iesetup.dll2013-09-22 23:27:48 109056 ----a-w- C:WindowsSysWow64iesysprep.dll2013-09-22 22:55:10 2241024 ----a-w- C:WindowsSystem32wininet.dll2013-09-22 22:54:51 3959296 ----a-w- C:WindowsSystem32jscript9.dll2013-09-22 22:54:50 67072 ----a-w- C:WindowsSystem32iesetup.dll2013-09-22 22:54:50 136704 ----a-w- C:WindowsSystem32iesysprep.dll2013-09-21 03:38:39 2706432 ----a-w- C:WindowsSystem32mshtml.tlb2013-09-21 03:30:24 2706432 ----a-w- C:WindowsSysWow64mshtml.tlb2013-09-21 02:48:36 89600 ----a-w- C:WindowsSystem32RegisterIEPKEYs.exe2013-09-21 02:39:47 71680 ----a-w- C:WindowsSysWow64RegisterIEPKEYs.exe.============= FINISH: 20:46:21.05 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-09-30.01).Microsoft Windows 7 Home PremiumBoot Device: DeviceHarddiskVolume1Install Date: 16/12/2011 20:27:51System Uptime: 17/12/2013 18:30:39 (2 hours ago).Motherboard: AMD | | TorpedoProcessor: AMD A6-3400M APU with Radeon HD Graphics | Socket FS1 | 1190/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 297 GiB total, 236.843 GiB free.D: is FIXED (NTFS) - 298 GiB total, 111.063 GiB free.E: is CDROM ()F: is CDROM ()G: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.µTorrentAdobe AIRAdobe Anchor Service CS3Adobe Asset Services CS3Adobe Bridge CS3Adobe Bridge Start MeetingAdobe Camera Raw 4.0Adobe Color Common SettingsAdobe ExtendScript Toolkit 2Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Help Viewer CS3Adobe Illustrator CS4Adobe Illustrator CS5Adobe InDesign CS3Adobe InDesign CS3 Icon HandlerAdobe Linguistics CS3Adobe Photoshop CS5Adobe Reader X (10.1.8) MUIAdobe SetupAdobe SING CS3Adobe Stock Photos CS3Adobe Update Manager CS3Adobe Version Cue CS3 ClientAdobe WinSoft Linguistics PluginAdobe XMP Panels CS3AMD VISION Engine Control CenterApple Application SupportApple Software UpdateArchiCAD 15 R1 INTArtlantis Studio 4.0Atheros Bluetooth Filter Driver PackageAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAtheros Driver Installation ProgramATI Catalyst Install Manageravast! Free AntivirusBambooBandisoft MPEG-1 DecoderBBC iPlayer DesktopBluetooth Stack for Windows by ToshibaBS.Player FREECatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerConexant HD AudioConnectifyControl ActiveX Windows Live Mesh pentru conexiuni la distan?aD3DX10DAEMON Tools LiteDefinition Update for Microsoft Office 2010 (KB982726) 64-Bit EditiondoPDF 7.2 printerDTS+AC3 FilterFotogalerija Windows LiveFTDownloaderGalerie foto Windows LiveGOM PlayerGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHigh-Definition Video PlaybackJava 7 Update 17Java Auto UpdaterJunk Mail filter updateK-Lite Codec Pack 5.5.0 (64-bit)Kontrola Windows Live Mesh ActiveX za daljinske vezeKontrolnik Windows Live Mesh ActiveX za oddaljene povezaveMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4.5Microsoft Application Error ReportingMicrosoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Primary Interoperability Assemblies 2005Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106MiniLyricsMozilla Firefox 26.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero 10 Movie ThemePack BasicNero BackItUp 10Nero BackItUp 10 Help (CHM)Nero BurnRights 10Nero BurnRights 10 Help (CHM)Nero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero Express 10Nero Express 10 Help (CHM)Nero InfoTool 10Nero InfoTool 10 Help (CHM)Nero Kwik MediaNero Multimedia Suite 10 EssentialsNero RescueAgent 10Nero RescueAgent 10 Help (CHM)Nero StartSmart 10Nero StartSmart 10 Help (CHM)Nero UpdateNeroKwikMedia Help (CHM)Networx-BG Помощник версия 0.2.8PlayReady PC Runtime amd64Posta Windows LivePowerArchiver 2010QuickTimeSecurity Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2804582)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Security Update for Microsoft .NET Framework 4.5 (KB2861208)Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687276) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 64-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2794707) 64-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 64-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 64-Bit EditionSkype™ 6.11Sony Ericsson Update EngineSony PC Companion 2.10.136Synaptics Pointing Device DriverTOSHIBA eco UtilityTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertTOSHIBA PC Health MonitorTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationTRORMCLauncherUpdate for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)Update for Microsoft Access 2010 (KB2553446) 64-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2589298) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 64-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 64-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 64-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit EditionUpdate for Microsoft Word 2010 (KB2827323) 64-Bit EditionWebTablet IE PluginWebTablet Netscape PluginWinampWinamp Detector Plug-inWindows Live Communications PlatformWindows Live EssentialsWindows Live Foto-galerijaWindows Live Galerija fotografijaWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live Mesh ActiveX kontrola za daljinske vezeWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live PostaWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWMV9/VC-1 Video Playback.==== Event Viewer Messages From Past Week ========.15/12/2013 19:41:02, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10..==== End Of File ===========================
  20. Здравейте отново, този път става въпрос за служебния компютър /стара машинка/. Работи много бавно, блокирани страници доста често. Знам, че има някакъв проблем, но какъв точно не ми е ясно. Разчитам с ваша помощ поне малко да го посъживим. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-09-30.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 7/27/2008 3:28:55 PMSystem Uptime: 11/27/2013 8:03:07 AM (2 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | 8I845GVMRZProcessor: Intel® Celeron® CPU 1.70GHz | Socket 478 | 1716/100mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 75 GiB total, 62.996 GiB free.D: is CDROM ()E: is CDROM ()N: is NetworkDisk (NTFS) - 194 GiB total, 98.003 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}Description: Multimedia Audio ControllerDevice ID: PCIVEN_8086&DEV_24C5&SUBSYS_A0021458&REV_023&13C0B0C5&0&FDManufacturer:Name: Multimedia Audio ControllerPNP Device ID: PCIVEN_8086&DEV_24C5&SUBSYS_A0021458&REV_023&13C0B0C5&0&FDService:.Class GUID: {50906CB8-BA12-11D1-BF5D-0000F805F530}Description:Device ID: ROOTMULTIPORTSERIAL0000Manufacturer:Name:PNP Device ID: ROOTMULTIPORTSERIAL0000Service:.==== System Restore Points ===================.RP1222: 11/18/2013 11:21:51 AM - Контролна точка на систематаRP1223: 11/19/2013 11:56:03 AM - Контролна точка на систематаRP1224: 11/20/2013 12:07:11 PM - Контролна точка на систематаRP1225: 11/21/2013 12:24:54 PM - Контролна точка на систематаRP1226: 11/22/2013 12:59:12 PM - Контролна точка на систематаRP1227: 11/25/2013 10:36:58 AM - Контролна точка на систематаRP1228: 11/26/2013 12:25:47 PM - Контролна точка на системата.==== Installed Programs ======================.ЗБУТ+ (Версия 2.11)Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.8)Avira Free AntivirusFar ManagerGoogle Toolbar for Internet ExplorerGoogle Update HelperHigh Definition Audio Driver Package - KB835221Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB976002-v5)Intel® Extreme Graphics DriverMalwarebytes Anti-Malware, версия 1.75.0.1300Microsoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office Professional Edition 2003Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Firefox 25.0.1 (x86 bg)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Pervasive System AnalyzerSecurity Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB2870699)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834904-v2)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219-v2)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135-v2)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982665)Skype™ 6.0Update for Microsoft Windows (KB971513)Update for Windows XP (KB2492386)Update for Windows XP (KB2749655)Update for Windows XP (KB2808679)Update for Windows XP (KB2863058)Update for Windows XP (KB898461)Update for Windows XP (KB942763)Update for Windows XP (KB951978)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB973815)WebFldrs XPWindows Internet Explorer 7Windows Internet Explorer 7 Language Interface Pack (BGR)Windows Media Format 11 runtimeWindows Media Player 11Xerox Phaser 3124Yahoo! Toolbar.==== Event Viewer Messages From Past Week ========.11/26/2013 8:24:07 AM, error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.11/26/2013 8:24:05 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.11/21/2013 7:55:09 AM, error: Service Control Manager [7000] - The SecureUpdate service failed to start due to the following error: The system cannot find the file specified..==== End Of File ===========================Internet Explorer: 7.0.5730.13Run by Administrator at 10:14:27 on 2013-11-27Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.247.28 [GMT 2:00].AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}.============== Running Processes ================.C:WINDOWSsystem32spoolsv.exeC:Program FilesAviraAntiVir Desktopsched.exeC:Program FilesAviraAntiVir Desktopavguard.exeC:WINDOWSExplorer.EXEC:WINDOWSXeroxPanelMgrSSMMgr.exeC:WINDOWSsystem32igfxtray.exeC:WINDOWSsystem32hkcmd.exeC:Program FilesAviraAntiVir Desktopavgnt.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeC:Program FilesAviraAntiVir Desktopavshadow.exeC:Program FilesAviraAntiVir DesktopAVWEBGRD.EXEC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXEC:Program FilesMozilla Firefoxplugin-container.exeC:WINDOWSsystem32wbemwmiprvse.exeC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalService.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.comuProxyServer = :0BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:program filesgooglegoogletoolbarnotifier5.7.9012.1008swg.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:program filesyahoo!companioninstallscpnYTSingleInstance.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dlluRun: [CTFMON.EXE] c:windowssystem32ctfmon.exeuRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"mRun: [Xerox PanelMgr] c:windowsxeroxpanelmgrSSMMgr.exe /autorunmRun: [igfxTray] c:windowssystem32igfxtray.exemRun: [HotKeysCmds] c:windowssystem32hkcmd.exemRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"mRun: [avgnt] "c:program filesaviraantivir desktopavgnt.exe" /mindRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXEStartupFolder: c:docume~1admini~1startm~1programsstartuplogon~1.lnk - c:logon.batuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: EnableLUA = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exeLSP: c:program filesaviraantivir desktopavsda.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: Interfaces{CADD7416-CDF9-4569-8EF7-BF724102282C} : NameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dllNotify: igfxcui - igfxsrvc.dllNotify: winwrv32 - winwrv32.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:documents and settingsadministratorapplication datamozillafirefoxprofilesh9uxtbey.defaultFF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/FF - prefs.js: network.proxy.type - 0FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dllFF - plugin: c:program filesgoogleupdate1.3.21.165npGoogleUpdate3.dllFF - plugin: c:windowssystem32macromedflashNPSWF32_11_9_900_117.dll.============= SERVICES / DRIVERS ===============.R1 avkmgr;avkmgr;c:windowssystem32driversavkmgr.sys [2013-5-29 37352]R2 AntiVirSchedulerService;Avira Scheduler;c:program filesaviraantivir desktopsched.exe [2013-5-29 440376]R2 AntiVirService;Avira Real-Time Protection;c:program filesaviraantivir desktopavguard.exe [2013-5-29 440376]R2 AntiVirWebService;Avira Web Protection;c:program filesaviraantivir desktopavwebgrd.exe [2013-5-29 1164360]R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2013-5-29 90400]S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-9-10 136176]S2 SecureUpdateSvc;SecureUpdate;c:program filessecure speed dialiesecureupdate.exe --> c:program filessecure speed dialieSecureUpdate.exe [?]S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2012-11-9 160944]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowssystem32macromedflashFlashPlayerUpdateService.exe [2012-8-17 257416]S3 AVPsys;AVPsys;??c:windowssystem32driverscdaudio.sys --> c:windowssystem32driverscdaudio.sys [?]S3 dac970nt;dac970nt;??c:windowssystem32driversvlsknl.sys --> c:windowssystem32driversvlsknl.sys [?]S3 DIGIRPS;Digi PortServer Driver;c:windowssystem32driversdigirlpt.sys [2012-6-4 42432]S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2010-9-10 136176]S3 MozillaMaintenance;Mozilla Maintenance Service;c:program filesmozilla maintenance servicemaintenanceservice.exe [2012-9-6 119408].=============== Created Last 30 ================..==================== Find3M ====================.2013-11-19 12:23:41 90400 ----a-w- c:windowssystem32driversavgntflt.sys2013-11-19 12:23:41 37352 ----a-w- c:windowssystem32driversavkmgr.sys2013-10-28 06:02:56 356556 ----a-w- c:windowssystem32PerfStringBackup.TMP2013-10-10 06:39:11 692616 ----a-w- c:windowssystem32FlashPlayerApp.exe2013-10-10 06:39:08 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl.============= FINISH: 10:15:28.40 =============== И това съобщение се появява отскоро, защо ? zaet sarvar.ppt
  21. Сигурен съм, че системата ми е заразена с тези и други вирусчета и това се случи след, като изтеглих това. За сега нищо не се е случило, но искам да се отърва от тях преди да се случи. Не разполагам с компакт диск за моята операционна система. Ето и файловете, които пожелахте. FRST.txt и Addition.txt
×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.