Премини към съдържанието

    Препоръчан отговор


    Здравейте.Аз ,който от 7 годишен е по залите се подведох като хлапе на един линк във фейсбук за клип и въпреки, че имах инсталиран флаш плеър на запитването отговорих положително :X .След близо 20 часа когато се прибрах вкл компа и проблем с нод32.Инсталирах др антивирусна няма промяна.Червен прозорец в долу дясно.Порових се по форумите и разбрах, че е вирус.Опитвах се близо 3 часа и успехът бе много малък.Намерих програмата Malwarebytes' Anti-Malware

    пробвах с нея и това си беше.Положително че мога да сърфирам по добре и машината не се натоварваше.След това намерих тази тема http://www.kaldata.c...pic=181339&st=0 и направих всичко по описанието.Накрая когато стартирах Аваст:системата не е защитена ,за да го направите натиснете защити.Направих го -нищо.Диск с Уиндоус няма.Пиша ви от Германия .Чисто сам съм и още малко ще се разплача Публикувано изображение.Също така имам проблеми с firewall,неможе да се активира -изписва някаква грешка .Навярно първият път когато съм работил Malwarebytes' Anti-Malware е премахнат някакъв файл нужен за него ,който е бил заразен.Извинявам се но понеже логовете са мн дълги ,трябва да ги прикача .Моля ви помогнете ми ....нема такава наказия

    Attach.txt

    DDS.txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Привет, rabotlivko! Друг път не бива да използвате инструкциите от друга тема в този раздел, защото инструкциите са индивидуални. Заразата от Facebook има много разновидности. Сега да видим какво е положението с OTL, ето как:

    Изтеглете OTL.exe и го запазете на десктопа.

    • Стартирайте OTL (ако е необходимо, потвърдете през UAC).
    • Направете следните настройки:
    • Сложете отметка пред Scan All Users Публикувано изображение
    • Под менюто File Age => изберете 90 days
    • Под менюто Standard Registry => променете на ALL
    • Сложете отметки пред LOP и Purity Check
    Под Публикувано изображение с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

    netsvcs
    msconfig
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    atapi.sys
    iaStor.sys
    explorer.exe
    svchost.exe
    userinit.exe
    hlp.dat
    winlogon.exe
    wininit.exe
    volsnap.sys
    /md5stop
    
    • Натиснете маркираният в синьо бутон: Run Scan.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията "прикачени файлове", когато публикувате мнение).
    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    :otl
    DRV:64bit: - [2009.04.09 14:21:38 | 000,121,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2009.04.09 14:18:04 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2009.04.09 14:10:34 | 000,142,776 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
    IE - HKU\S-1-5-21-3035296617-3352922959-3923071038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392
    IE - HKU\S-1-5-21-3035296617-3352922959-3923071038-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3035296617-3352922959-3923071038-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.07.24 07:28:47 | 000,000,000 | ---D | M]
    [2011.04.01 12:06:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [egui] File not found
    O4 - HKLM..\Run: [1534181.exe] File not found
    O4 - HKLM..\Run: [3580048.exe] File not found
    O4 - HKLM..\Run: [62307407-loader2.exe] File not found
    O4 - HKLM..\Run: [7023853.exe] File not found
    O4 - HKLM..\Run: [TubeDownloader] File not found
    O4 - HKU\S-1-5-21-3035296617-3352922959-3923071038-1000..\Run: [DriverFinder] File not found
    O31 - SafeBoot: AlternateShell - services32.exe
    O33 - MountPoints2\{ae82aa2f-cae0-11df-af1a-00266c5ca8e5}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae82aa2f-cae0-11df-af1a-00266c5ca8e5}\Shell\AutoRun\command - "" = F:\Autorun.exe
    [2011.07.23 16:31:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0-lnk
    [2011.07.23 16:31:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0
    [2011.07.23 16:31:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-14-0-lnk
    [2011.07.23 16:31:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-14-0
    [2011.07.23 12:40:27 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk
    [2011.07.23 12:40:27 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    :files
    C:\ProgramData\ESET
    C:\Program Files\ESET
    C:\Users\Krasi\AppData\Local\ESET
    recycler /alldrives
    ipconfig /flushdns /c
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Windows\services32.exe" = -
    "C:\Windows\update.1\svchost.exe" = -
    "C:\Windows\update.tray-2-0\svchost.exe" = -
    "C:\Windows\update.2\svchost.exe" = -
    "C:\Windows\services32.exe" = -
    "C:\Windows\update.1\svchost.exe" = -
    "C:\Windows\update.tray-2-0\svchost.exe" = -
    "C:\Windows\update.2\svchost.exe" = -
    :commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [Reboot]
    
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    All processes killed

    ========== OTL ==========

    Service epfwwfpr stopped successfully!

    Service epfwwfpr deleted successfully!

    C:\Windows\SysNative\drivers\epfwwfpr.sys moved successfully.

    Error: Unable to stop service ehdrv!

    Unable to delete service\driver key ehdrv.

    C:\Windows\SysNative\drivers\ehdrv.sys moved successfully.

    Service eamon stopped successfully!

    Service eamon deleted successfully!

    C:\Windows\SysNative\drivers\eamon.sys moved successfully.

    HKU\S-1-5-21-3035296617-3352922959-3923071038-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

    Registry value HKEY_USERS\S-1-5-21-3035296617-3352922959-3923071038-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.

    Registry value HKEY_USERS\S-1-5-21-3035296617-3352922959-3923071038-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ deleted successfully.

    C:\Program Files (x86)\BitTorrentBar\tbBit1.dll moved successfully.

    Prefs.js: engine@conduit.com:3.2.3.3 removed from extensions.enabledItems

    File HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com\META-INF folder moved successfully.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com\lib folder moved successfully.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com\defaults folder moved successfully.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com\components folder moved successfully.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com\chrome folder moved successfully.

    C:\Users\Krasi\AppData\Roaming\mozilla\Firefox\Profiles\vaoa3uay.default\extensions\engine@conduit.com folder moved successfully.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

    C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

    File C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

    File C:\Program Files (x86)\BitTorrentBar\tbBit1.dll not found.

    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\egui deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\1534181.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\3580048.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\62307407-loader2.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\7023853.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TubeDownloader deleted successfully.

    Registry value HKEY_USERS\S-1-5-21-3035296617-3352922959-3923071038-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DriverFinder deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae82aa2f-cae0-11df-af1a-00266c5ca8e5}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae82aa2f-cae0-11df-af1a-00266c5ca8e5}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae82aa2f-cae0-11df-af1a-00266c5ca8e5}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae82aa2f-cae0-11df-af1a-00266c5ca8e5}\ not found.

    File F:\Autorun.exe not found.

    C:\Windows\update.tray-15-0-lnk folder moved successfully.

    C:\Windows\update.tray-15-0 folder moved successfully.

    C:\Windows\update.tray-14-0-lnk folder moved successfully.

    C:\Windows\update.tray-14-0 folder moved successfully.

    C:\Windows\update.tray-2-0-lnk folder moved successfully.

    C:\Windows\update.tray-2-0 folder moved successfully.

    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

    ========== FILES ==========

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\temp folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\http_93.184.71.27 folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\continuous folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\SysInspector folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\SupportRequests folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Stats folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Oldfiles folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\eScan folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon folder moved successfully.

    C:\ProgramData\ESET\ESET NOD32 Antivirus folder moved successfully.

    C:\ProgramData\ESET folder moved successfully.

    C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird folder moved successfully.

    C:\Program Files\ESET\ESET NOD32 Antivirus\License folder moved successfully.

    C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwwfpr folder moved successfully.

    C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers folder moved successfully.

    C:\Program Files\ESET\ESET NOD32 Antivirus folder moved successfully.

    C:\Program Files\ESET folder moved successfully.

    C:\Users\Krasi\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine folder moved successfully.

    C:\Users\Krasi\AppData\Local\ESET\ESET NOD32 Antivirus folder moved successfully.

    C:\Users\Krasi\AppData\Local\ESET folder moved successfully.

    recycler not found in C:\

    recycler not found in D:\

    < ipconfig /flushdns /c >

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    C:\Users\Krasi\Desktop\cmd.bat deleted successfully.

    C:\Users\Krasi\Desktop\cmd.txt deleted successfully.

    ========== REGISTRY ==========

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\services32.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.1\svchost.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.tray-2-0\svchost.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.2\svchost.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\services32.exe not found.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.1\svchost.exe not found.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.tray-2-0\svchost.exe not found.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.2\svchost.exe not found.

    ========== COMMANDS ==========

    C:\Windows\System32\drivers\etc\Hosts moved successfully.

    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes

    User: Krasi

    ->Temp folder emptied: 12762146 bytes

    ->Temporary Internet Files folder emptied: 55746127 bytes

    ->FireFox cache emptied: 0 bytes

    ->Google Chrome cache emptied: 0 bytes

    ->Apple Safari cache emptied: 0 bytes

    ->Flash cache emptied: 1904 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 0 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 7192 bytes

    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 65,00 mb

    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Krasi

    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb

    OTL by OldTimer - Version 3.2.26.1 log created on 07242011_003227

    Files\Folders moved on Reboot...

    File\Folder C:\Users\Krasi\AppData\Local\Temp\fla5D30.tmp not found!

    C:\Users\Krasi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    C:\Users\Krasi\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

    C:\Users\Krasi\AppData\Local\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

    File\Folder C:\Users\Krasi\AppData\Local\Temp\~DF292DE775D6E7CB11.TMP not found!

    File\Folder C:\Users\Krasi\AppData\Local\Temp\~DFB6D8113717AAC2CA.TMP not found!

    File\Folder C:\Users\Krasi\AppData\Local\Temp\~DFB789F780DCE77B41.TMP not found!

    File\Folder C:\Users\Krasi\AppData\Local\Temp\~DFBF4BA09640A84139.TMP not found!

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z23XBXJX\ads[6].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z23XBXJX\postMessage[1].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z23XBXJX\watch[1].txt moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1QRCONT\adsCA7YGSR1.htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1QRCONT\fastbutton[4].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1QRCONT\index[2].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDPLNO5\adsCAUNLBPS.htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDPLNO5\ads[6].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDPLNO5\index[1].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDPLNO5\index[5].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VN6RUEQ\ads[9].htm moved successfully.

    C:\Users\Krasi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VN6RUEQ\maincomp[1].htm moved successfully.

    C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

    C:\Windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

    Registry entries deleted on Reboot...


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Следва:

    • Обновете Malwarebytes' Anti-Malware. Стартирайте програмата и изберете Perform Quick Scan, след това кликнете на Scan.
    • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Malwarebytes' Anti-Malware 1.51.1.1800

    www.malwarebytes.org

    Database version: 7255

    Windows 6.1.7601 Service Pack 1

    Internet Explorer 8.0.7601.17514

    24.7.2011 г. 00:47:57

    mbam-log-2011-07-24 (00-47-57).txt

    Scan type: Quick scan

    Objects scanned: 169301

    Time elapsed: 1 minute(s), 15 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    Брат,никакви заплахи не намери.вероятно предният път като съм го направил и сега вече ги няма

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Според мен е възможно да има още остатъци от тази гадина. Освен това аз не съм сигурен, че остатъците от ESET са напълно премахнати. Вижте ето това: How do I manually uninstall my ESET security product?

    Обърнете внимание на това, което пише за Windows 7/2008 R2/2008. След като спазите инструкциите и пуснете деинсталатора на ESET в Safe Mode, следва:

    Стъпка 1

    Следвайте следната инструкция за работа с Security Check:

    • Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.
    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието с Копирай (Copy) на checkup.txt и с Постави (Paste) го поставете в следващия си коментар.
    Стъпка 2

    Изтеглете aswMBR и го запазете на вашия десктоп.

    • Стартирайте aswMBR.exe.
    • Изберете Scan, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му с Copy/ Paste в следващия си коментар.
    Най-накрая проверете дали avast, както и Windows работят нормално.
    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    check

    Results of screen317's Security Check version 0.99.17

    Windows 7 (UAC is disabled!)

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!

    WMI entry may not exist for antivirus; attempting automatic update.

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware

    Adobe Flash Player

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamgui.exe

    ``````````End of Log````````````

    aswMBR

    aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

    Run date: 2011-07-24 01:21:57

    -----------------------------

    01:21:57.923 OS Version: Windows x64 6.1.7601 Service Pack 1

    01:21:57.923 Number of processors: 2 586 0x170A

    01:21:57.923 ComputerName: KIKO-PC UserName: Krasi

    01:21:58.594 Initialize success

    01:22:12.396 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

    01:22:12.396 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 476940MB BusType: 3

    01:22:12.412 Disk 0 MBR read successfully

    01:22:12.412 Disk 0 MBR scan

    01:22:12.412 Disk 0 Windows 7 default MBR code

    01:22:12.427 Service scanning

    01:22:14.908 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

    01:22:15.594 Modules scanning

    01:22:15.594 Disk 0 trace - called modules:

    01:22:15.641 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spxu.sys hal.dll

    01:22:15.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf3060]

    01:22:15.657 3 CLASSPNP.SYS[fffff88001d6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b5b050]

    01:22:15.672 Scan finished successfully

    01:22:27.076 Disk 0 MBR has been saved successfully to "C:\Users\Krasi\Desktop\MBR.dat"

    01:22:27.076 The log file has been saved successfully to "C:\Users\Krasi\Desktop\aswMBR.txt"

    изчакай малко.защото стартирах aswMBR ,но този път потвърдих да инсталира и аваст и засече нещо.пращам лог

    aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

    Run date: 2011-07-24 01:24:48

    -----------------------------

    01:24:48.014 OS Version: Windows x64 6.1.7601 Service Pack 1

    01:24:48.014 Number of processors: 2 586 0x170A

    01:24:48.014 ComputerName: KIKO-PC UserName: Krasi

    01:24:48.529 Initialize success

    01:25:55.969 AVAST engine defs: 11072302

    01:26:06.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

    01:26:06.546 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 476940MB BusType: 3

    01:26:06.562 Disk 0 MBR read successfully

    01:26:06.577 Disk 0 MBR scan

    01:26:06.577 Disk 0 Windows 7 default MBR code

    01:26:06.577 Service scanning

    01:26:07.357 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

    01:26:07.935 Modules scanning

    01:26:07.935 Disk 0 trace - called modules:

    01:26:07.950 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spxu.sys hal.dll

    01:26:07.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf3060]

    01:26:07.966 3 CLASSPNP.SYS[fffff88001d6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b5b050]

    01:26:09.900 AVAST engine scan C:\Windows

    01:26:12.583 AVAST engine scan C:\Windows\system32

    01:26:25.193 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen

    01:28:16.156 AVAST engine scan C:\Windows\system32\drivers

    01:28:28.416 AVAST engine scan C:\Users\Krasi

    01:28:52.222 Disk 0 MBR has been saved successfully to "C:\Users\Krasi\Desktop\MBR.dat"

    01:28:52.237 The log file has been saved successfully to "C:\Users\Krasi\Desktop\aswMBR.txt"

    01:29:59.999 AVAST engine scan C:\ProgramData

    01:30:49.296 Scan finished successfully

    01:31:40.526 Disk 0 MBR has been saved successfully to "C:\Users\Krasi\Desktop\MBR.dat"

    01:31:40.542 The log file has been saved successfully to "C:\Users\Krasi\Desktop\aswMBR.txt"

    Инсталирах аваст и работи перфектно.В момента сканира.Единствено засега има проблем с firewall

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Сега изтеглете ComboFix от: тук

    ВАЖНО: Запазете ComboFix.exe на вашия десктоп!

    Прекратете временно работата на антивирусната програма и на други програми за сигурност, ако има такива. Ако не можете спрете антивирусната програма или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    Стартирайте Combofix.exe и следвайте инструкциите.

    Забележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Internet Explorer (IE), включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на всички CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и защити системата от бъдещи вируси/заплахи, които поразяват посредством autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той също ще изключи интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.
    Работата на ComboFix може да отнеме до 20-30 минути. Затова имайте търпение. Когато процесът приключи успешно, ComboFix ще създаде лог файл. Моля, копирайте съдържанието на C:\ComboFix.txt и го поставете в следващия си коментар в тази тема
    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ето файла Combofix.txt Забележка:Файл Bug.txt нямам

    ComboFix 11-07-23.04 - Krasi 07.2011 г. 13:18:39.1.2 - x64

    Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.3964.2595 [GMT 2:00]

    Running from: C:\Users\Krasi\Desktop\ComboFix.exe

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Понеже е имало някакъв проблем след работата на ComboFix (писахме си с rabotlivko ЛС), следва:

    1. Пуснете лог от сканиране с avast.

    2. Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    При дeинсталацията на OTL ще бъдат почистени инструменти и файлове, които използвахме в темата. Ще последва рестарт на Windows. Може да изтриете останалите програми и логове, които използвахме в темата.

    3. Деинсталирайте Malwarebytes Anti-Malware от контролния панел (Control Panel) -> Programs -> Uninstall a program -> посочете Malwarebytes Anti-Malware -> с десен клик Uninstall. Можете да използвате безплатната версия, ето линк, Изберете Malwarebytes Anti-Malware Free и я инсталирайте. В края на инсталацията отхвърлете предложението за инсталиране на пробна (Trial) версия на Pro,

    4. След като направите всичко това, изпълнете отново инструкцията, която съм дал в коментар 2 от темата - сканиране с OTL. Очаквам два лога: OTL.Txt и Extras.Txt. Успех!

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    след като направих recovery,uninstall на malwarebytes -рестарт. после clean up на otl -рестарт. никакви проблеми ето и новите логове. навярно аваст е причината или има още заразен фаил които дава грешка на windows когато инсталирам антивирусна програма :D

    Extras.Txt

    OTL.Txt

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Тук пишем на кирилица, затова редактирах по-горното мнение. След малко ще погледна логовете и ще пиша.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Значи последните инстр не съм ги направил още но причината според мен е повече от добра.След като направих клиин ъп на отл ,инсталирах на ново аваста и понеже ми даваше рековери всеки път ,сега зададох проверка при стартиране на уиндоус.Аваста направи такава,доста се забави но за сметка на това откри 2 файла ,които изтри.След това уиндоуса зареди без проблеми,аваста си беше инсталиран а и Проблема с файълола беше изчезнал :bye1: Да направя ли последните инструкции или вече не са задължителни

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Значи посл инстр. не съм ги направил.Обяснявам защо.След като направих последното рековери ,направих клийн ъп на отл.Инсталирах след това аваста ,но и зададох да извърши проверка при следващото стартиране на уиндоуса.Така и направи.Близо час и 15 минути я прави но откри 2 файла ,които изтри.Уиндоуса стартира нормално.Аваста си беше инсталиран,а проблема с файрлола го нямаше.Направих ъпдейт на уиндоуса и рестартирах -никакъв проблем :bye1: Трябва ли да направя последното от инстр. или вече не е задължително ?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    В такъв случай няма нужда от последната инструкция. След като няма повече оплаквания от Windows, маркирам проблема като решен. Приятна вечер и успех!

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от CaptainJord
        Здравейте, искам да си почистя компа от ненужните файлове както казах и в заглавието. Защото ме е страх компютъра да не почне да ми бави тъй като ми е нов и доста време събирах пари за него. Моля някакви мнения ?
      • от Vladov
        Добра вечер. Днес една колежка в офиса пипна "Локи" (не братът на Тор, разбира се)  Не знам какви мейли е отваряла и кога, но всичко вече е на кодове и на китайски.
        Лошото е, че тя е от търговския ни отдел и купища важна документация "се криптира". IT- тата ни гледаха, подсмърчаха, ровиха по сървъри и някрая рекоха-"Всичко замина-от утре си с нов комп"...
        Има ли някакъв начин да излекуваме някак болната щайга, за да спасим важната информация? А тя наистина е доста важна и международна, и конфиденциална...тежка работа
         
      • от Aneliya Beaton
        Здравейте,
         
        Пиша по повод, проблем който се появи напоследък с лаптопа ми...
         
        По най-глупавия начин го омазах отново.
         
        Исках да сваля и инсталирам програма, която ъпдейтва фотошопа да чете raw файлове, нещо не стана с линка на официялната сраница на adobe и аз си свалих първото exe, което намерих (обещаваха последния и най-акруален плъгин за фотошоп - и аз им повярвах).
         
        Много скоро разбрах грешката, но беше късно.....
        Спях всякакви понататъшни инсталации и отворих Programs and Features...оказа се, че има поне 20-тина приложения (включително  и едно с името Remote Desktop), инсталирани същия ден, за които нищо не знам.
         
        С много упоритост деинсталирах почти всички (поне аз така мисля), но следи са останали, защото по никой начин не мога да дезинсталирам едно приложение (някаква търсачка) под името DREGOL,  а също така постоянно ми изкачат реклами.
         
        Освен това Windows Defender - единствената антивирусна, която ползвам, постояно ми засичаше опити интервенция от страна на Trojan Downloader или нещо такова (последните няколко часа не са се появявали нови опити, но знам ли...?)
         
        Тка че... 
         
        HELP!!!!!
         
         
        Относно компютъра ми:
        SONY - 64 bit
        Windows 8
         
         
        ___________________
         
         
        А ето и съдържанието на FRST.txt
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015 Ran by Aneliya (administrator) on LUKE on 11-06-2015 21:12:39 Running from C:\Users\Aneliya\Desktop Loaded Profiles: Aneliya (Available Profiles: Aneliya) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/   ==================== Processes (Whitelisted) =================   (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)   (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Abengine) C:\Program Files (x86)\HighlightSearches\abengine.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe ( ) C:\Windows\System32\dleacoms.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Users\Aneliya\AppData\Roaming\4ED7FF40-1433869652-11E2-838B-30F9EDD2723D\nsrA3B8.tmp (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Hotspot Privacy\bin\openvpnas.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (SA International) C:\Windows\SysWOW64\SAiAdmin.exe (SA International) C:\Program Files (x86)\FlexiSTARTER 10.5 LiYu Edition1\Program\SAiDownloaderVistaUI.exe (SA International) C:\Windows\SysWOW64\SAiDownloaderVista.exe (SA International) C:\Windows\SysWOW64\SAiLicSvr.exe (SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe () C:\Program Files (x86)\Coupoon\UpdateCheck.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe () C:\Users\Aneliya\AppData\Roaming\4ED7FF40-1433869652-11E2-838B-30F9EDD2723D\jnse6D27.tmp (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe () C:\Users\Aneliya\AppData\Roaming\4ED7FF40-1433869652-11E2-838B-30F9EDD2723D\hnsu87D5.tmp (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Bamboo Dock\Apps\Evernote\EvernoteClipper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Symantec Corporation) C:\Program Files (x86)\Norton Hotspot Privacy\bin\openvpntray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe     ==================== Registry (Whitelisted) ==================   (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)   HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-28] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iSBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-04-15] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [bambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-12-30] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-29] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-29] (Adobe Systems Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [mbot_gb_599] => [X] HKLM-x32\...\Run: [gmsd_gb_428] => [X] HKLM-x32\...\Run: [gmsd_gb_432] => [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-04-10] (Sony) HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [Mobile Partner] => C:\Program Files (x86)\My Broadband\My Broadband HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [Viber] => C:\Users\Aneliya\AppData\Local\Viber\Viber.exe [80036560 2015-05-25] () HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [GoogleChromeAutoLaunch_2A49636DFC615F2944304000BBB40071] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-05] (Google Inc.) HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [WindApp] => "C:\Users\Aneliya\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [selection Tools] => "C:\Users\Aneliya\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [PCPrivacyDock] => "C:\Program Files (x86)\PC Privacy Dock\PCPrivacyDock.exe" /minimized HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\Run: [GoogleChromeAutoLaunch_4BC2F3FF76062F858098F36BEAA87F75] => C:\Users\Aneliya\AppData\Local\Chromium\Application\chrome.exe [659456 2015-06-04] (The Chromium Authors) HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\MountPoints2: {36354956-cb58-11e4-bf02-a41731e5d3b4} - "F:\TotalLock.exe"  HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\MountPoints2: {5e487ce9-c0e0-11e4-befe-a41731e5d3b4} - "F:\AutoRun.exe"  HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\MountPoints2: {5e487d99-c0e0-11e4-befe-a41731e5d3b4} - "F:\AutoRun.exe"  HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\MountPoints2: {d23c950d-8ff3-11e4-824f-806e6f6e6963} - "D:\SETUP.EXE"  HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\MountPoints2: {e5b4ea59-d4d3-11e4-bf08-a41731e5d3b4} - "F:\AutoRun.exe"  HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\MountPoints2: {e5b4eb6b-d4d3-11e4-bf08-a41731e5d3b4} - "F:\AutoRun.exe"  HKU\S-1-5-21-2134122012-985867511-3032921148-1001\...\MountPoints2: {e5b4eb7b-d4d3-11e4-bf08-a41731e5d3b4} - "G:\AutoRun.exe"  AppInit_DLLs-x32: C:\PROGRA~3\{FC621~1\1172~1.1\ciri.dll => C:\ProgramData\{FC6214A1-ACE0-C527-1D66-B5A5CDE4662B}\1.17.2.1\ciri.dll [781312 2015-06-11] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-01-10] ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-06-10] ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-12-30] ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Aneliya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-09-06] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Bamboo Dock\Apps\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2008-02-09] (Autodesk, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION   ==================== Internet (Whitelisted) ====================   (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)   ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:61775;https=127.0.0.1:61775 HKU\S-1-5-21-2134122012-985867511-3032921148-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dregol.com/?f=1&a=drg_cmi_15_24&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtC0EyD0DtA0ByEtCzytAtDtN0D0Tzu0StCtByDyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0CyC0D0AtC0CtBtGtCyC0C0FtG0EyEyByCtGtByD0CyBtGyEtA0B0AyBtC0Azz0B0E0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0AtCzz0F0DyBtGyDtDyC0CtGyEyBzz0FtGzztA0BtCtGzy0FyB0A0A0AtCzytB0ByDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztByD&cr=2125724158&ir= HKU\S-1-5-21-2134122012-985867511-3032921148-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://vaioportal.sony.eu HKU\S-1-5-21-2134122012-985867511-3032921148-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://vaioportal.sony.eu HKU\S-1-5-21-2134122012-985867511-3032921148-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_cmi_15_24&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtC0EyD0DtA0ByEtCzytAtDtN0D0Tzu0StCtByDyCtN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StAyDzztD0Czy0EzytGyDzytA0AtGzzzzyByEtGtCyEtDyCtGtA0ByEtCtDtD0Bzz0E0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0AtCzz0F0DyBtGyDtDyC0CtGyEyBzz0FtGzztA0BtCtGzy0FyB0A0A0AtCzytB0ByDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCtB&cr=1010808114&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_cmi_15_24&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtC0EyD0DtA0ByEtCzytAtDtN0D0Tzu0StCtByDyCtN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StAyDzztD0Czy0EzytGyDzytA0AtGzzzzyByEtGtCyEtDyCtGtA0ByEtCtDtD0Bzz0E0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0AtCzz0F0DyBtGyDtDyC0CtGyEyBzz0FtGzztA0BtCtGzy0FyB0A0A0AtCzytB0ByDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCtB&cr=1010808114&ir= SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_cmi_15_24&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtC0EyD0DtA0ByEtCzytAtDtN0D0Tzu0StCtByDyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0CyC0D0AtC0CtBtGtCyC0C0FtG0EyEyByCtGtByD0CyBtGyEtA0B0AyBtC0Azz0B0E0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0AtCzz0F0DyBtGyDtDyC0CtGyEyBzz0FtGzztA0BtCtGzy0FyB0A0A0AtCzytB0ByDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztByD&cr=2125724158&ir= SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKU\S-1-5-21-2134122012-985867511-3032921148-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_cmi_15_24&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtC0EyD0DtA0ByEtCzytAtDtN0D0Tzu0StCtByDyCtN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StAyDzztD0Czy0EzytGyDzytA0AtGzzzzyByEtGtCyEtDyCtGtA0ByEtCtDtD0Bzz0E0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0AtCzz0F0DyBtGyDtDyC0CtGyEyBzz0FtGzztA0BtCtGzy0FyB0A0A0AtCzytB0ByDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCtB&cr=1010808114&ir= SearchScopes: HKU\S-1-5-21-2134122012-985867511-3032921148-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MFFBCAB0C-2C31-4D46-8F8F-42F0541F353A&SearchSource=58&CUI=&UM=8&UP=SP259461C4-D23F-4BC7-9D28-BF4FA5E314E9&D=060915&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2134122012-985867511-3032921148-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_cmi_15_24&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtC0EyD0DtA0ByEtCzytAtDtN0D0Tzu0StCtByDyCtN1L2XzutAtFtCtCtFtAtFtDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StAyDzztD0Czy0EzytGyDzytA0AtGzzzzyByEtGtCyEtDyCtGtA0ByEtCtDtD0Bzz0E0EyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0AtCzz0F0DyBtGyDtDyC0CtGyEyBzz0FtGzztA0BtCtGzy0FyB0A0A0AtCzytB0ByDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztCtB&cr=1010808114&ir= SearchScopes: HKU\S-1-5-21-2134122012-985867511-3032921148-1001 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_cmi_15_24&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtC0EyD0DtA0ByEtCzytAtDtN0D0Tzu0StCtByDyBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0CyC0D0AtC0CtBtGtCyC0C0FtG0EyEyByCtGtByD0CyBtGyEtA0B0AyBtC0Azz0B0E0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyB0AtCzz0F0DyBtGyDtDyC0CtGyEyBzz0FtGzztA0BtCtGzy0FyB0A0A0AtCzytB0ByDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztByD&cr=2125724158&ir= SearchScopes: HKU\S-1-5-21-2134122012-985867511-3032921148-1001 -> {E29833B0-F78E-46F6-B3CD-D5AE3312EDF4} URL = http://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=http://shop.ebay.co.uk/?oemInLn=ieSrch-Q113&_nkw={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-17] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-11-05] (Qualcomm Atheros Commnucations) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: No Name -> {d0174004-bb12-464b-b666-9ba9bdbd750a} ->  No File BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-17] (Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-17] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: No Name -> {d0174004-bb12-464b-b666-9ba9bdbd750a} ->  No File BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-17] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-29] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2134122012-985867511-3032921148-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}  Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\abengine.dll [341952 2015-06-09] (Abengine) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\abengine.dll [341952 2015-06-09] (Abengine) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\abengine.dll [341952 2015-06-09] (Abengine) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\abengine.dll [341952 2015-06-09] (Abengine) Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\abengine.dll [341952 2015-06-09] (Abengine) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\abengine64.dll [409168 2015-06-09] (Abengine) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\abengine64.dll [409168 2015-06-09] (Abengine) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\abengine64.dll [409168 2015-06-09] (Abengine) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\abengine64.dll [409168 2015-06-09] (Abengine) Winsock: Catalog9-x64 16 C:\WINDOWS\system32\abengine64.dll [409168 2015-06-09] (Abengine) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe   FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-17] (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-12-30] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-12-30] (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-09-28] () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-2134122012-985867511-3032921148-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-04-15] (Intel) FF Plugin HKU\S-1-5-21-2134122012-985867511-3032921148-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-04-15] (Intel) FF Plugin HKU\S-1-5-21-2134122012-985867511-3032921148-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF HKLM\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-30] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-04] FF HKLM-x32\...\Firefox\Extensions: [{d0174004-bb12-464b-b666-9ba9bdbd750a}] - C:\Program Files\shopperz\Firefox FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK   Chrome:  ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-09] CHR Extension: (Google Docs) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-09] CHR Extension: (Google Drive) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-09] CHR Extension: (YouTube) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01] CHR Extension: (Google Search) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01] CHR Extension: (Google Sheets) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-09] CHR Extension: (dregol New Tab) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-06-10] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-10] CHR Extension: (Skype Click to Call) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-20] CHR Extension: (Google Wallet) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-10] CHR Extension: (Gmail) - C:\Users\Aneliya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01] CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2134122012-985867511-3032921148-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] StartMenuInternet: Google Chrome - chrome.exe   ==================== Services (Whitelisted) =================   (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)   R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 abengine; C:\Program Files (x86)\HighlightSearches\abengine.exe [2329600 2015-04-22] (Abengine) [File not signed] R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations) [File not signed] S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2013-09-07] (Autodesk) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] () R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.) [File not signed] R2 dlea_device; C:\WINDOWS\system32\dleacoms.exe [1054888 2009-07-01] ( ) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-06] (WildTangent) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-09-29] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-09-29] (Intel Corporation) R2 jujotyxu; C:\Users\Aneliya\AppData\Roaming\4ED7FF40-1433869652-11E2-838B-30F9EDD2723D\nsrA3B8.tmp [745984 2015-06-11] () [File not signed] S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.) R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation) R2 NortonHotspotService; C:\Program Files (x86)\Norton Hotspot Privacy\bin\openvpnas.exe [475984 2013-03-06] (Symantec Corporation) S3 NortonTrayService; C:\Program Files (x86)\Norton Hotspot Privacy\bin\NortonTrayService.EXE [78040 2013-03-06] () R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] () R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-12-30] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] () R2 SAiAdmin; C:\Windows\SysWOW64\SAiAdmin.exe [65536 2011-10-12] (SA International) [File not signed] R2 SAiDownloader; C:\Program Files (x86)\FlexiSTARTER 10.5 LiYu Edition1\Program\SAiDownloaderVistaUI.exe [417792 2011-10-12] (SA International) [File not signed] R2 SAiDownloaderVista; C:\Windows\SysWOW64\SAiDownloaderVista.exe [77824 2011-10-12] (SA International) [File not signed] R2 SAiLicSvr; C:\Windows\SysWOW64\SAiLicSvr.exe [86016 2007-12-19] (SA International) [File not signed] R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation) R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-05-27] (SafeNet, Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-06-11] () S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation) R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed] R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) R2 xoperoze; C:\Users\Aneliya\AppData\Roaming\4ED7FF40-1433869652-11E2-838B-30F9EDD2723D\jnse6D27.tmp [219136 2015-06-09] () [File not signed] R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) [File not signed] R2 zedepory; C:\Users\Aneliya\AppData\Roaming\4ED7FF40-1433869652-11E2-838B-30F9EDD2723D\hnsu87D5.tmp [166912 2015-06-09] () [File not signed] S2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [X]   ==================== Drivers (Whitelisted) ====================   (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)   S3 ampa; C:\Windows\system32\ampa.sys [15288 2011-12-26] () [File not signed] S3 ampa; C:\Windows\SysWOW64\ampa.sys [12728 2011-12-26] () [File not signed] S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [28416 2014-03-13] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-10-23] (Advanced Micro Devices) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation) S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-01] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-06-09] (DT Soft Ltd) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2015-06-11] (Greatis Software) R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-01-26] () R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated) S3 SNTUSB64; C:\Windows\System32\drivers\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) S3 tapnhp6; C:\Windows\system32\DRIVERS\tapnhp6.sys [41560 2013-03-06] (Symantec Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S1 cherimoya; system32\drivers\cherimoya.sys [X] S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X] S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]   ==================== NetSvcs (Whitelisted) ===================   (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)     ==================== One Month Created files and folders ========   (If an entry is included in the fixlist, the file/folder will be moved.)   2015-06-11 21:12 - 2015-06-11 21:13 - 00041227 _____ C:\Users\Aneliya\Desktop\FRST.txt 2015-06-11 20:39 - 2015-06-11 20:39 - 02108928 _____ (Farbar) C:\Users\Aneliya\Desktop\FRST64.exe 2015-06-11 20:34 - 2015-06-11 20:38 - 00000000 ____D C:\Users\Aneliya\Desktop\All Icons 2015-06-11 20:16 - 2015-06-11 20:16 - 00004104 _____ C:\WINDOWS\System32\Tasks\Dregol ciri 2015-06-11 20:16 - 2015-06-11 20:16 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\Run_dregol 2015-06-11 20:16 - 2015-06-11 20:16 - 00000000 ____D C:\ProgramData\{FC6214A1-ACE0-C527-1D66-B5A5CDE4662B} 2015-06-11 20:16 - 2015-06-11 20:16 - 00000000 ____D C:\Program Files (x86)\Run_Dregol 2015-06-11 19:42 - 2015-06-11 19:42 - 00116120 _____ C:\WINDOWS\SysWOW64\rsslogs.20150611194125 2015-06-11 19:32 - 2015-06-11 19:32 - 00010105 _____ C:\WINDOWS\SysWOW64\rsslogs.20150611193141 2015-06-11 19:02 - 2015-06-11 19:02 - 00036582 _____ C:\WINDOWS\SysWOW64\rsslogs.20150611190107 2015-06-11 18:48 - 2015-06-11 18:48 - 00000000 ____D C:\ProgramData\RegRun 2015-06-11 18:42 - 2015-06-11 19:30 - 00003320 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler 2015-06-11 18:42 - 2015-06-11 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2015-06-11 18:42 - 2015-06-11 18:58 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2015-06-11 18:42 - 2015-06-11 18:42 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys 2015-06-11 18:42 - 2015-06-11 18:42 - 00000002 RSHOT C:\WINDOWS\winstart.bat 2015-06-11 18:42 - 2015-06-11 18:42 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT 2015-06-11 18:42 - 2015-06-11 18:42 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT 2015-06-11 18:42 - 2015-06-11 18:42 - 00000000 ____D C:\Users\Aneliya\Documents\RegRun2 2015-06-11 18:42 - 2015-05-11 15:49 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys 2015-06-11 18:41 - 2015-06-11 19:31 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2015-06-11 18:38 - 2015-06-11 18:38 - 00000000 ____D C:\Users\Aneliya\Downloads\unhackme 2015-06-11 18:21 - 2015-06-11 18:21 - 17115007 _____ C:\Users\Aneliya\Downloads\unhackme.zip 2015-06-11 15:32 - 2015-06-11 15:32 - 00148481 _____ C:\WINDOWS\SysWOW64\rsslogs.20150611153123 2015-06-11 10:27 - 2015-06-11 10:27 - 00131335 _____ C:\WINDOWS\SysWOW64\rsslogs.20150611102602 2015-06-11 00:04 - 2015-06-11 00:04 - 00000043 _____ C:\Users\Aneliya\AppData\Roaming\WB.CFG 2015-06-10 21:28 - 2015-06-10 21:28 - 00238621 _____ C:\WINDOWS\SysWOW64\rsslogs.20150610212720 2015-06-10 19:20 - 2015-06-10 19:20 - 00000000 ____D C:\Users\Aneliya\Downloads\setup 2015-06-10 19:05 - 2015-06-10 19:05 - 00000000 ____D C:\Users\Aneliya\AppData\Local\Chromium 2015-06-10 19:04 - 2015-06-11 20:16 - 00002648 _____ C:\WINDOWS\System32\Tasks\Run_dregol 2015-06-10 19:04 - 2015-06-11 20:16 - 00000310 _____ C:\WINDOWS\Tasks\Run_dregol.job 2015-06-10 19:02 - 2015-06-10 19:02 - 00000000 ____D C:\Users\Public\Documents\PC Faster 2015-06-10 19:01 - 2015-06-10 19:01 - 00000000 ____D C:\Users\Public\Documents\Guid 2015-06-10 19:01 - 2015-06-10 19:01 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-06-10 19:01 - 2015-06-10 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care 2015-06-10 18:57 - 2015-06-10 18:59 - 197872944 _____ C:\Users\Aneliya\Downloads\setup.zip 2015-06-10 18:44 - 2015-06-10 18:45 - 112613355 _____ C:\Users\Aneliya\Downloads\Unconfirmed 421859.crdownload 2015-06-10 18:25 - 2015-06-10 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-06-10 18:25 - 2015-06-10 18:27 - 00000000 ____D C:\Program Files (x86)\Canon 2015-06-10 18:23 - 2015-06-11 15:36 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\canon 2015-06-10 18:23 - 2015-06-10 18:23 - 00000000 ____D C:\ProgramData\Canon_Inc_IC 2015-06-10 07:25 - 2015-06-10 18:15 - 00360448 _____ C:\Users\Aneliya\Documents\Database1.accdb 2015-06-10 04:19 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-06-10 04:19 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-06-10 04:19 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll 2015-06-10 04:19 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-06-10 04:19 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-06-10 04:19 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-06-10 04:19 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-06-10 04:19 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-06-10 04:19 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2015-06-10 04:19 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-06-10 04:19 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-06-10 04:19 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-06-10 04:19 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-06-10 04:19 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-06-10 04:19 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-06-10 04:19 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-06-10 04:19 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-06-10 04:19 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-06-10 04:19 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-06-10 04:19 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-06-10 04:19 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-06-10 04:19 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-06-10 04:19 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-06-10 04:19 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-06-10 04:19 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-06-10 04:19 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-06-10 04:19 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-06-10 04:19 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-06-10 04:19 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-06-10 04:19 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-06-10 04:19 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-06-10 04:19 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-06-10 04:19 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-06-10 04:19 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-06-10 04:19 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-06-10 04:19 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-06-10 04:19 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2015-06-10 04:19 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2015-06-10 04:19 - 2015-04-16 07:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2015-06-10 04:19 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2015-06-10 04:19 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2015-06-10 04:19 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-06-10 04:19 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-06-10 04:19 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll 2015-06-10 04:19 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-06-10 04:19 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-06-10 04:19 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2015-06-10 04:19 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2015-06-10 04:19 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll 2015-06-10 04:19 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2015-06-10 04:19 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2015-06-10 04:19 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2015-06-10 04:19 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2015-06-10 04:19 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2015-06-10 04:19 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2015-06-10 04:19 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2015-06-10 04:19 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2015-06-10 04:19 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2015-06-10 04:19 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2015-06-10 04:18 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-06-10 04:18 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-06-10 04:18 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-06-10 04:18 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-06-10 04:18 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-06-10 04:18 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-06-10 04:18 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-06-09 20:46 - 2015-06-10 21:28 - 00635121 _____ C:\WINDOWS\SysWOW64\rsslogs.20150609204549 2015-06-09 20:36 - 2015-06-09 20:36 - 00000000 ____D C:\ProgramData\e34df67a00002b93 2015-06-09 20:28 - 2015-06-11 20:28 - 00001034 _____ C:\WINDOWS\Tasks\124Iith9Cu4Xrajyk4g2oO.job 2015-06-09 20:28 - 2015-06-09 20:28 - 00004038 _____ C:\WINDOWS\System32\Tasks\124Iith9Cu4Xrajyk4g2oO 2015-06-09 20:27 - 2015-06-11 14:33 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-06-09 20:27 - 2015-06-09 20:27 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-06-09 20:27 - 2015-06-09 20:27 - 00000000 ____D C:\Users\Aneliya\AppData\Local\globalUpdate 2015-06-09 20:26 - 2015-06-09 20:26 - 00000918 _____ C:\WINDOWS\SysWOW64\${LOGFILE} 2015-06-09 20:24 - 2015-06-09 20:24 - 00003164 _____ C:\WINDOWS\System32\Tasks\{BE640BC3-F352-4CC0-8C8A-D85DE3D9EFF2} 2015-06-09 20:23 - 2015-06-11 20:23 - 00000354 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[3c32].job 2015-06-09 20:23 - 2015-06-11 14:23 - 00000000 ____D C:\ProgramData\{aa305602-59ac-0af4-aa30-0560259a5809} 2015-06-09 20:23 - 2015-06-09 20:23 - 00003244 _____ C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[3c32] 2015-06-09 20:22 - 2015-06-09 20:22 - 00000000 ____D C:\Program Files (x86)\predm 2015-06-09 20:19 - 2015-06-09 20:45 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job 2015-06-09 20:19 - 2015-06-09 20:45 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job 2015-06-09 20:19 - 2015-06-09 20:39 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job 2015-06-09 20:19 - 2015-06-09 20:19 - 00002812 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1 2015-06-09 20:19 - 2015-06-09 20:19 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3 2015-06-09 20:19 - 2015-06-09 20:19 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2 2015-06-09 20:15 - 2015-06-09 20:15 - 00613255 _____ (CMI Limited) C:\Users\Aneliya\AppData\Local\nst9DD6.tmp 2015-06-09 20:15 - 2015-06-09 20:15 - 00000000 __SHD C:\Users\Aneliya\AppData\Roaming\AnyProtectEx 2015-06-09 18:21 - 2015-06-11 19:43 - 00000344 _____ C:\WINDOWS\Tasks\QNBKJTVHX1.job 2015-06-09 18:21 - 2015-06-09 20:25 - 00000000 ____D C:\Program Files\shopperz 2015-06-09 18:21 - 2015-06-09 20:24 - 00000000 ____D C:\Users\Aneliya\AppData\Local\SmartWeb 2015-06-09 18:21 - 2015-06-09 18:21 - 00003558 _____ C:\WINDOWS\System32\Tasks\DFOZSNJILP 2015-06-09 18:21 - 2015-06-09 18:21 - 00002858 _____ C:\WINDOWS\System32\Tasks\QNBKJTVHX1 2015-06-09 18:21 - 2015-06-09 18:21 - 00000045 _____ C:\user.js 2015-06-09 18:21 - 2015-06-09 18:21 - 00000000 ____D C:\ProgramData\0f3b5471928b4fd3834dad205fba7597 2015-06-09 18:20 - 2015-06-09 18:20 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e 2015-06-09 18:16 - 2015-06-11 18:58 - 00000112 _____ C:\ProgramData\42ucsBJX.dat 2015-06-09 18:11 - 2015-06-09 18:16 - 00000000 ____D C:\Users\Aneliya\AppData\Local\4ED7FF40-1433873471-11E2-838B-30F9EDD2723D 2015-06-09 18:09 - 2015-06-09 18:09 - 00000000 ____D C:\Program Files (x86)\PreiceLess 2015-06-09 18:08 - 2015-06-09 18:08 - 00000000 ____D C:\ProgramData\PastaLeadsAgent 2015-06-09 18:08 - 2015-06-09 18:08 - 00000000 ____D C:\ProgramData\kgnbbngjlkgmkkhnfiijimmiiliefdoh 2015-06-09 18:08 - 2015-02-04 03:05 - 00000835 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-06-09 18:07 - 2015-06-11 18:48 - 00000000 ____D C:\ProgramData\abc 2015-06-09 18:07 - 2015-06-11 06:21 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\4ED7FF40-1433869652-11E2-838B-30F9EDD2723D 2015-06-09 18:07 - 2015-06-10 18:46 - 00000000 ____D C:\Program Files\Common Files\PastaLeads 2015-06-09 18:07 - 2015-06-09 18:09 - 00000000 ____D C:\Users\Aneliya\Documents\PCPrivacyDock 2015-06-09 18:07 - 2015-06-09 18:07 - 00000000 ____D C:\Users\Aneliya\AppData\Local\PC_Privacy_Dock 2015-06-09 18:07 - 2015-06-09 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hawker 2015-06-09 18:07 - 2015-06-09 18:07 - 00000000 ____D C:\Program Files\Coupoon 2015-06-09 18:07 - 2015-06-09 18:07 - 00000000 ____D C:\Program Files (x86)\Hawker 2015-06-09 18:06 - 2015-06-09 20:19 - 00000000 ____D C:\Program Files (x86)\PCP 2015-06-09 18:06 - 2015-06-09 20:19 - 00000000 ____D C:\Program Files (x86)\Coupoon 2015-06-09 18:05 - 2015-06-09 20:43 - 00009256 _____ C:\WINDOWS\SysWOW64\abengineOff.ini 2015-06-09 18:05 - 2015-06-09 20:43 - 00009256 _____ C:\WINDOWS\system32\abengineOff.ini 2015-06-09 18:05 - 2015-06-09 18:05 - 00003094 _____ C:\WINDOWS\System32\Tasks\iren3006 2015-06-09 18:05 - 2015-04-22 15:51 - 00409168 _____ (Abengine) C:\WINDOWS\system32\abengine64.dll 2015-06-09 18:05 - 2015-04-22 15:51 - 00341952 _____ (Abengine) C:\WINDOWS\SysWOW64\abengine.dll 2015-06-09 18:03 - 2015-06-09 18:03 - 00000000 ____D C:\Program Files (x86)\PriCeLesss 2015-06-09 18:02 - 2015-06-09 18:02 - 00000000 ____D C:\ProgramData\imaoeoblblmjpicobkapdnhcgbgmijpj 2015-06-09 18:00 - 2015-06-09 20:32 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\Store 2015-06-09 18:00 - 2015-06-09 20:29 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\WTools 2015-06-09 18:00 - 2015-06-09 18:00 - 00000078 _____ C:\Users\Aneliya\AppData\Roaming\WindApp.installation.log 2015-06-09 18:00 - 2015-06-09 18:00 - 00000078 _____ C:\Users\Aneliya\AppData\Roaming\Selection Tools.installation.log 2015-06-09 17:59 - 2015-06-09 18:00 - 00005724 _____ C:\Users\Aneliya\AppData\Roaming\Bubble Dock.installation.log 2015-06-09 17:59 - 2015-06-09 18:00 - 00001283 _____ C:\Users\Aneliya\AppData\Roaming\Bubble Dock.boostrap.log 2015-06-09 17:59 - 2015-06-09 17:59 - 00000097 _____ C:\Users\Aneliya\AppData\Roaming\WindApp.boostrap.log 2015-06-09 17:59 - 2015-06-09 17:59 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\Nosibay 2015-06-09 17:59 - 2015-06-09 17:59 - 00000000 ____D C:\Program Files (x86)\Bubble Dock 2015-06-09 17:58 - 2015-06-09 17:58 - 00000000 ____D C:\ProgramData\3324289484623045739 2015-06-09 17:58 - 2015-06-09 17:58 - 00000000 ____D C:\Program Files (x86)\PPreicELess 2015-06-09 17:57 - 2015-06-09 17:57 - 00000000 ____D C:\ProgramData\gcamhpfobgmongnmnmmpapfippkmlcdj 2015-06-09 17:56 - 2015-06-09 18:07 - 00000000 ____D C:\Program Files (x86)\Priceless 2015-06-09 17:56 - 2015-06-09 17:56 - 00000000 ____D C:\Program Files (x86)\app_setup 2015-06-09 11:17 - 2015-06-09 11:17 - 00455502 _____ C:\WINDOWS\SysWOW64\rsslogs.20150609111627 2015-06-08 19:27 - 2015-06-08 19:27 - 00620135 _____ C:\WINDOWS\SysWOW64\rsslogs.20150608192620 2015-06-07 22:45 - 2015-06-08 19:27 - 00194556 _____ C:\WINDOWS\SysWOW64\rsslogs.20150607224445 2015-06-06 18:53 - 2015-06-07 22:45 - 00212224 _____ C:\WINDOWS\SysWOW64\rsslogs.20150606185228 2015-06-05 14:35 - 2015-06-06 18:53 - 00103572 _____ C:\WINDOWS\SysWOW64\rsslogs.20150605143410 2015-06-04 20:10 - 2015-06-04 20:10 - 00609832 _____ C:\WINDOWS\SysWOW64\rsslogs.20150604200914 2015-06-04 17:33 - 2015-06-04 17:33 - 00053022 _____ C:\WINDOWS\SysWOW64\rsslogs.20150604173231 2015-06-03 14:51 - 2015-06-04 17:33 - 00809575 _____ C:\WINDOWS\SysWOW64\rsslogs.20150603145108 2015-06-02 18:36 - 2015-06-03 14:51 - 00616134 _____ C:\WINDOWS\SysWOW64\rsslogs.20150602183514 2015-06-01 14:53 - 2015-06-02 18:36 - 00623460 _____ C:\WINDOWS\SysWOW64\rsslogs.20150601145201 2015-06-01 04:32 - 2015-06-01 04:32 - 00299143 _____ C:\WINDOWS\SysWOW64\rsslogs.20150601043153 2015-05-31 03:04 - 2015-06-01 04:32 - 00128794 _____ C:\WINDOWS\SysWOW64\rsslogs.20150531030340 2015-05-29 19:13 - 2015-05-31 03:04 - 00366071 _____ C:\WINDOWS\SysWOW64\rsslogs.20150529191240 2015-05-28 16:58 - 2015-05-29 19:13 - 00463321 _____ C:\WINDOWS\SysWOW64\rsslogs.20150528165704 2015-05-28 10:21 - 2015-05-30 11:34 - 00000000 ____D C:\ProgramData\Synaptics 2015-05-28 10:21 - 2015-05-28 10:21 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements 2015-05-28 10:21 - 2015-05-28 10:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-05-28 10:21 - 2015-05-28 10:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-05-28 10:21 - 2015-05-28 10:21 - 00000000 ____D C:\Program Files\Synaptics 2015-05-28 10:19 - 2015-05-28 10:19 - 00031540 _____ C:\WINDOWS\SysWOW64\rsslogs.20150528101845 2015-05-27 11:13 - 2015-05-27 11:13 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll 2015-05-27 11:13 - 2015-05-27 11:13 - 00764104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll 2015-05-27 11:13 - 2015-05-27 11:13 - 00626888 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys 2015-05-27 11:13 - 2015-05-27 11:13 - 00419528 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll 2015-05-27 11:13 - 2015-05-27 11:13 - 00267976 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll 2015-05-27 11:13 - 2015-05-27 11:13 - 00249032 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo27.dll 2015-05-27 11:13 - 2015-05-27 11:13 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys 2015-05-27 10:06 - 2015-05-28 10:19 - 00474650 _____ C:\WINDOWS\SysWOW64\rsslogs.20150527100519 2015-05-26 10:07 - 2015-05-27 10:06 - 00169201 _____ C:\WINDOWS\SysWOW64\rsslogs.20150526100623 2015-05-26 09:56 - 2015-05-26 09:56 - 00000000 _____ C:\WINDOWS\SysWOW64\rsslogs.20150526095545 2015-05-25 07:25 - 2015-05-26 09:56 - 00191938 _____ C:\WINDOWS\SysWOW64\rsslogs.20150525072457 2015-05-24 09:36 - 2015-05-24 21:29 - 00356273 _____ C:\WINDOWS\SysWOW64\rsslogs.20150524093547 2015-05-23 09:36 - 2015-05-24 09:36 - 01079630 _____ C:\WINDOWS\SysWOW64\rsslogs.20150523093546 2015-05-22 11:41 - 2015-05-23 09:36 - 00673434 _____ C:\WINDOWS\SysWOW64\rsslogs.20150522114034 2015-05-21 10:13 - 2015-05-22 11:41 - 01206975 _____ C:\WINDOWS\SysWOW64\rsslogs.20150521101205 2015-05-20 20:09 - 2015-05-20 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery 2015-05-20 20:09 - 2015-05-20 20:09 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery 2015-05-20 19:48 - 2015-05-20 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.8 2015-05-20 19:48 - 2015-05-20 19:48 - 00000000 ____D C:\Program Files\EaseUS 2015-05-20 04:52 - 2011-03-15 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BHME.DLL 2015-05-20 04:52 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL 2015-05-19 11:43 - 2015-05-20 21:34 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\Mobipocket 2015-05-19 11:43 - 2015-05-19 11:45 - 00000000 ____D C:\Users\Aneliya\Documents\My eBooks 2015-05-19 10:49 - 2015-05-19 10:49 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com 2015-05-19 10:49 - 2015-05-19 10:49 - 00000000 ____D C:\Program Files (x86)\Mobipocket.com 2015-05-18 20:11 - 2015-05-18 20:11 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\WTablet 2015-05-18 19:45 - 2015-05-18 19:45 - 00000000 ____D C:\Users\Aneliya\Tracing 2015-05-15 04:56 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-15 04:56 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-15 04:50 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-05-15 04:50 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-05-15 04:50 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-05-15 04:50 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-05-15 04:50 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2015-05-15 04:50 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2015-05-15 04:50 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2015-05-15 04:50 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2015-05-15 04:50 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-05-15 04:50 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-05-15 04:50 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-05-15 04:50 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-05-15 04:50 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-05-15 04:50 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-05-15 04:50 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-05-15 04:50 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe 2015-05-15 04:50 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe 2015-05-15 04:50 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-05-15 04:50 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-05-15 04:50 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-05-15 04:50 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-05-15 04:50 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-05-15 04:50 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-15 04:50 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-05-15 04:50 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-05-15 04:50 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-05-15 04:49 - 2015-03-13 01:29 - 00410017 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-05-13 04:39 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-05-13 04:39 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-05-13 04:39 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-05-13 04:39 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-05-13 04:39 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-05-13 04:39 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-05-13 04:39 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-05-13 04:39 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-05-13 04:39 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2015-05-13 04:39 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-05-13 04:39 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-05-13 04:39 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-05-13 04:39 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll   ==================== One Month Modified files and folders ========   (If an entry is included in the fixlist, the file/folder will be moved.)   2015-06-11 21:13 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2015-06-11 21:12 - 2015-02-01 12:29 - 00000000 ____D C:\FRST 2015-06-11 20:49 - 2015-02-01 16:28 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-11 20:06 - 2013-06-04 22:13 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2134122012-985867511-3032921148-1001 2015-06-11 19:46 - 2015-01-29 21:42 - 00000000 ____D C:\Users\Aneliya\OneDrive 2015-06-11 19:46 - 2014-12-30 08:53 - 01626371 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-11 19:43 - 2015-02-01 16:28 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-11 19:41 - 2013-08-22 15:46 - 00325280 _____ C:\WINDOWS\setupact.log 2015-06-11 19:41 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-11 19:40 - 2013-08-22 14:25 - 01310720 ___SH C:\WINDOWS\system32\config\BBI 2015-06-11 19:37 - 2015-02-04 04:41 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2015-06-11 19:37 - 2015-02-04 04:41 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2015-06-11 19:37 - 2015-02-04 04:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2015-06-11 19:01 - 2014-12-30 08:27 - 00000000 ____D C:\Users\Aneliya 2015-06-11 18:57 - 2013-06-09 17:45 - 00002828 ___SH C:\ProgramData\KGyGaAvL.sys 2015-06-11 18:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2015-06-11 17:56 - 2015-01-03 03:38 - 00000000 __SHD C:\Users\Aneliya\AppData\Local\EmieBrowserModeList 2015-06-11 17:56 - 2015-01-01 09:19 - 00000000 __SHD C:\Users\Aneliya\AppData\Local\EmieUserList 2015-06-11 17:56 - 2015-01-01 09:19 - 00000000 __SHD C:\Users\Aneliya\AppData\Local\EmieSiteList 2015-06-11 17:55 - 2015-01-01 09:19 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B57EAF4F-132E-4F57-8CB3-E89092DD5591} 2015-06-11 10:38 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-06-11 10:25 - 2013-08-22 15:44 - 05205568 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-06-11 10:23 - 2014-09-24 08:03 - 00068076 _____ C:\WINDOWS\PFRO.log 2015-06-11 10:20 - 2013-11-05 16:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-11 10:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-06-11 10:12 - 2013-06-06 06:48 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-11 10:12 - 2013-06-06 03:01 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-11 06:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-06-10 21:31 - 2015-01-03 00:53 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\ViberPC 2015-06-10 19:21 - 2015-02-04 04:24 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-06-10 19:20 - 2013-06-13 21:14 - 00000000 ____D C:\Users\Aneliya\AppData\Local\Adobe 2015-06-10 07:13 - 2013-06-15 00:15 - 00000000 ____D C:\Users\Aneliya\AppData\Roaming\Skype 2015-06-09 20:51 - 2015-02-01 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-09 20:37 - 2013-07-19 12:08 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-06-06 19:02 - 2013-06-04 22:03 - 00000000 ____D C:\Users\Aneliya\AppData\Local\VirtualStore 2015-06-03 17:18 - 2015-03-15 22:16 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-06-03 17:18 - 2015-01-01 09:32 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-01 15:49 - 2015-01-03 00:53 - 00001006 _____ C:\Users\Aneliya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-06-01 15:49 - 2015-01-03 00:52 - 00000000 ____D C:\Users\Aneliya\AppData\Local\Viber 2015-05-29 14:28 - 2014-09-24 08:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-28 16:57 - 2014-07-13 01:05 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-05-25 07:07 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-05-21 22:24 - 2015-04-06 00:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2015-05-21 22:24 - 2015-04-06 00:00 - 00000000 ___SD C:\WINDOWS\system32\GWX 2015-05-20 04:53 - 2015-02-23 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2015-05-18 19:44 - 2013-06-15 00:15 - 00000000 ____D C:\ProgramData\Skype 2015-05-17 08:28 - 2015-02-01 16:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-17 08:28 - 2015-02-01 16:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-17 08:23 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-05-17 08:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2015-05-17 05:44 - 2015-02-01 16:28 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-17 05:44 - 2013-06-04 22:38 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 04:49 - 2015-02-01 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-15 04:44 - 2014-09-24 07:53 - 00000000 ____D C:\Program Files\Windows Journal   ==================== Files in the root of some directories =======   2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Aneliya\AppData\Roaming\124Iith9Cu4Xrajyk4g2oO 2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\Aneliya\AppData\Roaming\124Iith9Cu4Xrajyk4g2oO.exe 2015-06-09 17:59 - 2015-06-09 18:00 - 0001283 _____ () C:\Users\Aneliya\AppData\Roaming\Bubble Dock.boostrap.log 2015-06-09 17:59 - 2015-06-09 18:00 - 0005724 _____ () C:\Users\Aneliya\AppData\Roaming\Bubble Dock.installation.log 2015-06-09 18:00 - 2015-06-09 18:00 - 0000078 _____ () C:\Users\Aneliya\AppData\Roaming\Selection Tools.installation.log 2015-06-11 00:04 - 2015-06-11 00:04 - 0000043 _____ () C:\Users\Aneliya\AppData\Roaming\WB.CFG 2015-06-09 17:59 - 2015-06-09 17:59 - 0000097 _____ () C:\Users\Aneliya\AppData\Roaming\WindApp.boostrap.log 2015-06-09 18:00 - 2015-06-09 18:00 - 0000078 _____ () C:\Users\Aneliya\AppData\Roaming\WindApp.installation.log 2015-06-09 20:15 - 2015-06-09 20:15 - 0613255 _____ (CMI Limited) C:\Users\Aneliya\AppData\Local\nst9DD6.tmp 2013-06-09 17:45 - 2013-06-09 18:58 - 0000088 __RSH () C:\ProgramData\1BD38D9980.sys 2015-06-09 18:16 - 2015-06-11 18:58 - 0000112 _____ () C:\ProgramData\42ucsBJX.dat 2015-01-03 04:08 - 2015-03-11 21:34 - 0000868 _____ () C:\ProgramData\dleascan.log 2013-06-09 17:45 - 2015-06-11 18:57 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys   Files to move or delete: ==================== C:\ProgramData\42ucsBJX.dat C:\Users\Aneliya\mediaenchx32.dll C:\Users\Aneliya\mediaenchx321.dll C:\Users\Aneliya\mediaenchx322.dll C:\Users\Aneliya\mediaenchx323.dll C:\Users\Aneliya\webphonecfgb.dat     Some files in TEMP: ==================== C:\Users\Aneliya\AppData\Local\Temp\6492.exe C:\Users\Aneliya\AppData\Local\Temp\70517uninstall.exe C:\Users\Aneliya\AppData\Local\Temp\9470uninstall.exe C:\Users\Aneliya\AppData\Local\Temp\amiupdater1822.exe C:\Users\Aneliya\AppData\Local\Temp\beddigcaie.exe C:\Users\Aneliya\AppData\Local\Temp\beddihcjca.exe C:\Users\Aneliya\AppData\Local\Temp\camera raw 6.4.1 update__10924_i1533240421_il404623.exe C:\Users\Aneliya\AppData\Local\Temp\DPInstx64.exe C:\Users\Aneliya\AppData\Local\Temp\DPInstx86.exe C:\Users\Aneliya\AppData\Local\Temp\DPInst_Monx64.exe C:\Users\Aneliya\AppData\Local\Temp\DPInst_Monx86.exe C:\Users\Aneliya\AppData\Local\Temp\InstallHelper.exe C:\Users\Aneliya\AppData\Local\Temp\Launcher__13202.exe C:\Users\Aneliya\AppData\Local\Temp\mVOBCC8.exe C:\Users\Aneliya\AppData\Local\Temp\MYPCBU.exe C:\Users\Aneliya\AppData\Local\Temp\mytmpinstaller.exe C:\Users\Aneliya\AppData\Local\Temp\optprosetup.exe C:\Users\Aneliya\AppData\Local\Temp\OS_Detect.exe C:\Users\Aneliya\AppData\Local\Temp\Quarantine.exe C:\Users\Aneliya\AppData\Local\Temp\sdf8745.exe C:\Users\Aneliya\AppData\Local\Temp\sdf9721.exe C:\Users\Aneliya\AppData\Local\Temp\sdfC6F2.exe C:\Users\Aneliya\AppData\Local\Temp\setup_644.exe C:\Users\Aneliya\AppData\Local\Temp\setup_648.exe C:\Users\Aneliya\AppData\Local\Temp\Sqlite3.dll C:\Users\Aneliya\AppData\Local\Temp\Uninstall.exe C:\Users\Aneliya\AppData\Local\Temp\_is50A5.exe C:\Users\Aneliya\AppData\Local\Temp\_is9C21.exe     ==================== Bamital & volsnap Check =================   (There is no automatic fix for files that do not pass verification.)   C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed     LastRegBack: 2015-04-30 10:06   ==================== End of log ============================     .... и  също прикачения addition.txt      За сега това от мен   Сърдечно благодаря предварително...   Анелия  
         
        Addition.txt
      • от soulflykc
        Здравейте, имам проблем с компютър който ми се явява офисен. Най-често се проявява след обяд след 15ч.  Хард диска не спира да върти и е почти невъзможно да се работи нормално. Имаме си системен админ който не успя да установи от какво се случва и преинсталира уиндоуса който беше Win 7 64 bit professional с win 8.1 64 бит. Това нямаше голям успех тъй като проблема си остава.
        ъпдейтите на уиндоуса са спряни. като пусна таск мениджъра единствено което ми показва че ползва харддиска е MS windows search indexer, system, service host : local /имам предвид над 2 МБ/с /
         
        имам едно приложение /Activity Indicator/ което ми показва най често това съобщение:
         
        Change: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\I70M2HNG\ls.hit.gemius[1].xml
         
        Проблема не се случва всеки ден и не съм намерил логика кога се появява, също така изобщо не ползвам IE.
         
        Ако някой има някаква идея какво да търся или къде да гледам моля да я сподели. Също така каква информация бих могъл да предоставя за анализ. Логове и т.н.
         
        благодаря.
      • от Еленко Борисов
        Здравейте, искам да ви попитъм за един филм старичък е доста но се разправя за един вирус и един мъж караше с едно ферари червено по улицата и ги гледаше след това някакви се срещнаха на плажа а тоя с ферарито отиде на една писта вдигна висока скорост и се удари в един билборд...... Някакви идеи как се казва филма       
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.