Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Гугъл хром е бъгнат


Препоръчан отговор


Здравейте, браузърат ми се е бъгнал изскачат в hrome банери и се отварят нови под прозорци с разни сайтове забива и работи мудно.

по ваша препоръка сканирах сFarbar ето файла:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02

Ran by DUNEDAN (administrator) on DUNEDAN-PC on 16-10-2014 13:00:46
Running from C:\Users\DUNEDAN\Downloads
Loaded Profile: DUNEDAN (Available profiles: DUNEDAN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Evgeny Lachinov) C:\Program Files (x86)\Home Media Server\hmssvc.exe
(UASSOFT.COM) C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(ClientConnect Ltd.) C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
() C:\ProgramData\AllaboutApp\SN.Booster\SN.Booster.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent Inc.) C:\Users\DUNEDAN\AppData\Roaming\uTorrent\uTorrent.exe
() C:\ProgramData\KeepAppIt Software\Upd Inst\Upd Inst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(UltraVNC) C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
() C:\Program Files (x86)\AtuZi\bin\utilAtuZi.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Echobit LLC) G:\EvolveClient.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Wondershare) G:\MobileGo for Android\MobileGoService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
(Echobit LLC) G:\EvoSvc.exe
(Echobit, LLC) G:\Drivers\EvolveTracker_64.exe
() C:\Program Files (x86)\AtuZi\bin\AtuZi.PurBrowse64.exe
(Echobit, LLC) G:\EvolveUI.exe
(Echobit, LLC) G:\EvolveUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\AtuZi\updateAtuZi.exe
() C:\Program Files (x86)\AtuZi\bin\AtuZi.BrowserAdapter64.exe
() C:\Program Files (x86)\AtuZi\bin\AtuZi.BrowserAdapter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\AtuZi\bin\AtuZi.BOASHelper.exe
() C:\Program Files (x86)\AtuZi\bin\AtuZi.BOASPRT.exe
() C:\Program Files (x86)\AtuZi\bin\AtuZi.BOAS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [231424 2008-06-05] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [uTorrent] => C:\Users\DUNEDAN\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [GoogleChromeAutoLaunch_647C5B00988DE89D978C798676D85787] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1323776 2014-09-24] (Bogdan Sharkov)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [EvolveClient] => G:\EvolveClient.exe [3332512 2014-09-15] (Echobit LLC)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-15] (Google Inc.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9958192 2014-09-18] ()
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\MountPoints2: {2235766d-1fc6-11e4-9a7d-ba4abb3352e4} - J:\LG_PC_Programs.exe
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\MountPoints2: {3f0de77b-1d42-11e4-b8ab-ba4abb3352e4} - J:\LG_PC_Programs.exe
AppInit_DLLs: C:\PROGRA~2\ASSIST~2.DLL => C:\Program Files (x86)\Assistant_x64.dll [4210176 2014-09-05] ()
AppInit_DLLs-x32: c:\progra~2\assist~1.dll => c:\Program Files (x86)\Assistant.dll [4296192 2014-09-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> G:\MobileGo for Android\MobileGoService.exe (Wondershare)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30F2BA1123C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=0A0F94DE80C7FE87&affID=125036&tsp=5038
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1411918822&from=irs&uid=ST1500DM003-1CH16G_Z1E3FGBSXXXXZ1E3FGBS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1411918822&from=irs&uid=ST1500DM003-1CH16G_Z1E3FGBSXXXXZ1E3FGBS
URLSearchHook: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\DUNEDAN\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\DUNEDAN\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - {C7ABD3C5-2004-4F4A-B830-0CC7F787BA1F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: FiNdBestDeal -> {04A9D2B6-4AE2-79A0-38A8-31932098CB20} -> C:\ProgramData\FiNdBestDeal\MuhGTI4O.x64.dll ()
BHO: DealExpREuses -> {359315EC-FB39-45B6-5B43-14DA9FE88691} -> C:\ProgramData\DealExpREuses\XF.x64.dll ()
BHO: GoSavve -> {7205e0bf-d42c-4516-b065-c2c2ba8139ff} -> C:\ProgramData\GoSavve\4f6ZmG52owwU15.x64.dll ()
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO: NewuSaver -> {d6c8f4e2-2cb5-4a64-9a99-ab05cded6905} -> C:\ProgramData\NewuSaver\al4LsmE1QTzUuW.x64.dll ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: AlLLSaver -> {E9D09D3A-34A5-0B3B-FA97-AC4752B7FCB7} -> C:\ProgramData\AlLLSaver\WLeyMrqT.x64.dll ()
BHO-x32: FiNdBestDeal -> {04A9D2B6-4AE2-79A0-38A8-31932098CB20} -> C:\ProgramData\FiNdBestDeal\MuhGTI4O.dll ()
BHO-x32: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\DUNEDAN\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
BHO-x32: DealExpREuses -> {359315EC-FB39-45B6-5B43-14DA9FE88691} -> C:\ProgramData\DealExpREuses\XF.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: GoSavve -> {7205e0bf-d42c-4516-b065-c2c2ba8139ff} -> C:\ProgramData\GoSavve\4f6ZmG52owwU15.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: NewuSaver -> {d6c8f4e2-2cb5-4a64-9a99-ab05cded6905} -> C:\ProgramData\NewuSaver\al4LsmE1QTzUuW.dll ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AlLLSaver -> {E9D09D3A-34A5-0B3B-FA97-AC4752B7FCB7} -> C:\ProgramData\AlLLSaver\WLeyMrqT.dll ()
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\DUNEDAN\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {31264A33-A653-46C4-AF49-1232C59A7DA5} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> G:\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DUNEDAN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Internet Speed Tracker - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\[email protected]_9t.com [2014-10-06]
FF Extension: Battlefield Heroes Updater - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\[email protected] [2014-10-04]
FF Extension: Fast Start - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\[email protected] [2014-09-28]
FF Extension: GOSavee - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\[email protected] [2014-09-28]
FF Extension: AtuZi - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\{0dc477ee-5894-43fd-97da-9fdac27d6239}.xpi [2014-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\extensions\[email protected]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com/?type=sc&ts=1411918822&from=irs&uid=ST1500DM003-1CH16G_Z1E3FGBSXXXXZ1E3FGBS
 
Chrome: 
=======
CHR Profile: C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google РРёСЃРє) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-06]
CHR Extension: (YouTube) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-14]
CHR Extension: (OpenDyslexic) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam [2014-09-12]
CHR Extension: (No Name) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\chomoaoihbpongmkmnldppkllcfhggda [2014-09-23]
CHR Extension: (Google Търсене) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-14]
CHR Extension: (Isaver) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf [2014-06-06]
CHR Extension: (AutoCAD 360) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2013-10-30]
CHR Extension: (Flint by Viralheat) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga [2014-09-16]
CHR Extension: (Google+) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-05-10]
CHR Extension: (No Name) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh [2014-09-23]
CHR Extension: (Block site) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2013-11-13]
CHR Extension: (Chrome Voice Control) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk [2014-09-19]
CHR Extension: (Dnevnik.bg) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpgbimpbapjogkgkgmdkcdimopnnljb [2013-11-11]
CHR Extension: (PHP Notepad) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia [2014-07-21]
CHR Extension: (Kaldata.com) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliaaaomamailheoidfllejljaibbemc [2013-10-30]
CHR Extension: (Google КарСРё) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-10-30]
CHR Extension: (РазСирение Р·Р° РђР±РѕРЅР°РјРµРЅС Р·Р° RSS (РѕС Google)) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2013-12-19]
CHR Extension: (Google Wallet) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Norton Identity Protection) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-02-17]
CHR Extension: (Play) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened [2014-06-05]
CHR Extension: (Quick start) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-09-28]
CHR Extension: (RightScale SSH) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm [2014-07-03]
CHR Extension: (Gmail) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-14]
CHR Extension: (GOSavae) - C:\ProgramData\fopdkbmpggiillmhdkjngeoefeflglnc\ [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-07-08]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1411918822&from=irs&uid=ST1500DM003-1CH16G_Z1E3FGBSXXXXZ1E3FGBS
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 1a34a8e0; c:\Program Files (x86)\AssistantSvc.dll [174928 2014-09-05] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 ArcService; G:\Arc\ArcService.exe [88400 2014-06-26] (Perfect World Entertainment Inc)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-18] (Just Develop It) <==== ATTENTION
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [778240 2008-06-05] () [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [141824 2008-06-04] () [File not signed]
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2008-06-04] () [File not signed]
R3 EvoSvc; G:\EvoSvc.exe [1579936 2014-09-15] (Echobit LLC)
R2 f7dc94c1; c:\Program Files (x86)\ss Supporter\AssistantSvc.dll [174928 2014-05-16] () [File not signed]
R2 HmsService; C:\Program Files (x86)\Home Media Server\hmssvc.exe [5336576 2014-01-30] (Evgeny Lachinov) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-28] (Cherished Technololgy LIMITED)
R2 KMWDSERVICE; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [208896 2007-04-05] (UASSOFT.COM) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-20] ()
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7101288 2014-07-28] (Reimage®)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-04-10] (ClientConnect Ltd.)
R2 Update AtuZi; C:\Program Files (x86)\AtuZi\updateAtuZi.exe [522520 2014-10-16] ()
R2 Util AtuZi; C:\Program Files (x86)\AtuZi\bin\utilAtuZi.exe [522520 2014-10-16] ()
R2 uvnc_service; C:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1940248 2013-12-05] (UltraVNC)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-28] (Fuyu LIMITED) [File not signed]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [32088 2013-06-02] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-05-27] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.)
R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2008-03-06] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [16904 2008-01-21] (IVT Corporation.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47496 2008-03-06] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25480 2008-01-21] (IVT Corporation.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 DIRECTIO; G:\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-14] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-06-10] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-25] (Echobit, LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-02-18] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31752 2008-01-21] (IVT Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2008-01-21] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [38664 2008-01-21] (IVT Corporation.)
R1 {2f5655f0-a8b6-468f-9b2b-f019d1b5665c}w64; C:\Windows\System32\drivers\{2f5655f0-a8b6-468f-9b2b-f019d1b5665c}w64.sys [48824 2014-10-14] (StdLib)
R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-26] (StdLib)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-19] (StdLib)
R1 {a398d4bf-ac93-41b8-983d-d3185c8c4cc1}w64; C:\Windows\System32\drivers\{a398d4bf-ac93-41b8-983d-d3185c8c4cc1}w64.sys [61112 2014-06-30] (StdLib)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [36360 2008-03-06] (IVT Corporation.)
S3 cpuz134; \??\C:\Users\DUNEDAN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 13:00 - 2014-10-16 13:01 - 00039605 _____ () C:\Users\DUNEDAN\Downloads\FRST.txt
2014-10-16 13:00 - 2014-10-16 13:01 - 00000000 ____D () C:\FRST
2014-10-16 12:59 - 2014-10-16 12:59 - 02111488 _____ (Farbar) C:\Users\DUNEDAN\Downloads\FRST64.exe
2014-10-16 12:45 - 2014-10-16 12:45 - 02347384 _____ (ESET) C:\Users\DUNEDAN\Downloads\esetsmartinstaller_enu.exe
2014-10-16 12:45 - 2014-10-16 12:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-15 10:46 - 2014-10-15 10:46 - 00000000 ___RD () C:\Users\DUNEDAN\Documents\ььь
2014-10-15 09:54 - 2014-10-14 23:13 - 00048824 _____ (StdLib) C:\Windows\system32\Drivers\{2f5655f0-a8b6-468f-9b2b-f019d1b5665c}w64.sys
2014-10-14 21:34 - 2014-10-14 21:34 - 00000541 _____ () C:\Users\Public\Desktop\Launcher.exe.lnk
2014-10-14 21:33 - 2014-10-14 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program
2014-10-14 21:32 - 2014-10-14 21:32 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\HexHunterZ
2014-10-14 20:56 - 2014-10-14 20:56 - 00001282 _____ () C:\Users\DUNEDAN\Desktop\KSP - Shortcut.lnk
2014-10-14 20:13 - 2014-10-14 20:13 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-10-14 20:13 - 2014-10-14 20:13 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-10-14 20:13 - 2014-10-14 20:13 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-10-14 20:12 - 2014-10-14 20:12 - 00000458 _____ () C:\Users\DUNEDAN\Desktop\Commander.lnk
2014-10-14 20:12 - 2014-10-14 20:12 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slitherine
2014-10-14 20:11 - 2014-10-14 20:11 - 00000000 ____D () C:\Windows\Commander The Great War
2014-10-14 15:13 - 2014-10-14 15:13 - 00097670 _____ () C:\Users\DUNEDAN\Downloads\3DMGAME-Kerbal.Space.Program.v0.23.0.395.Cracked-3DM.torrent
2014-10-13 13:01 - 2014-10-13 13:01 - 00000000 ____D () C:\Users\DUNEDAN\Documents\Sony
2014-10-13 12:59 - 2014-10-13 12:59 - 00018718 _____ () C:\Windows\DPINST.LOG
2014-10-13 12:59 - 2014-10-13 12:59 - 00002064 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-12 20:48 - 2014-10-12 20:48 - 00003210 _____ () C:\Windows\System32\Tasks\{3384FF0D-6DA9-4BF3-B4D8-B1B69428CB6D}
2014-10-12 18:38 - 2014-10-15 18:42 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-10-12 14:47 - 2014-10-12 14:47 - 00066690 _____ () C:\Users\DUNEDAN\Downloads\Ryse.Son.of.Rome-CODEX.torrent
2014-10-11 18:16 - 2014-10-11 18:16 - 00000202 _____ () C:\Users\DUNEDAN\Desktop\Styx Master of Shadows.url
2014-10-11 00:11 - 2014-10-11 00:21 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\SDcard32
2014-10-10 15:38 - 2014-10-10 15:38 - 00001908 _____ () C:\Users\DUNEDAN\Downloads\Tolkien Atlas of Middle-Earth.torrent
2014-10-10 12:50 - 2014-10-10 12:50 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BGMountains
2014-10-10 12:50 - 2014-10-10 12:50 - 00000000 ____D () C:\Garmin
2014-10-10 12:42 - 2014-10-10 12:44 - 194090381 _____ () C:\Users\DUNEDAN\Downloads\BGMountains20140920Cyr.exe
2014-10-10 11:59 - 2014-10-10 12:01 - 221245440 _____ () C:\Users\DUNEDAN\Downloads\BGMountains_CYR.img
2014-10-05 10:41 - 2014-10-07 16:30 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-05 10:32 - 2014-10-05 10:32 - 00001939 _____ () C:\Users\DUNEDAN\Desktop\Clownfish.lnk
2014-10-05 10:31 - 2014-10-05 10:31 - 00790240 _____ (Shark Labs) C:\Users\DUNEDAN\Downloads\CFSetup360.exe
2014-10-04 23:18 - 2014-10-04 23:18 - 00000000 ____D () C:\Users\DUNEDAN\Documents\WB Games
2014-10-04 23:18 - 2014-10-04 23:18 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Steam
2014-10-04 21:08 - 2014-10-04 21:08 - 00000749 _____ () C:\Users\DUNEDAN\Desktop\Middle Earth Shadow of Mordor.lnk
2014-10-04 21:08 - 2014-10-04 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2014-10-03 18:57 - 2014-10-04 23:13 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
2014-10-03 09:55 - 2014-10-03 09:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-03 09:55 - 2014-10-03 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-01 20:37 - 2014-10-01 20:37 - 00000678 _____ () C:\Users\Public\Desktop\Wondershare MobileGo for Android.lnk
2014-10-01 20:37 - 2014-10-01 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-10-01 16:03 - 2014-10-01 16:03 - 00012968 _____ () C:\Users\DUNEDAN\Downloads\Granny.Smith.v1.2.0-Game-AnDrOiD.torrent
2014-10-01 14:45 - 2014-10-01 15:31 - 00000000 ____D () C:\Users\DUNEDAN\Documents\StarCraft II
2014-10-01 14:40 - 2014-10-10 21:39 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\Domashno
2014-10-01 14:38 - 2014-10-01 14:46 - 00000612 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-10-01 14:38 - 2014-10-01 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-09-30 22:53 - 2014-09-30 22:53 - 00012838 _____ () C:\Users\DUNEDAN\Downloads\Badland.v1.7072[Apk+Data][MafiaSSS][ALRG].torrent
2014-09-30 19:31 - 2014-09-30 19:31 - 00000000 ____D () C:\ProgramData\Wondershare
2014-09-30 19:20 - 2014-09-30 19:22 - 43545360 _____ (Wondershare ) C:\Users\DUNEDAN\Downloads\android-transfer(1).exe
2014-09-29 20:16 - 2014-09-29 20:16 - 00014053 _____ () C:\Users\DUNEDAN\Downloads\RK2009RUS.rar.torrent
2014-09-29 18:40 - 2014-10-15 18:40 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-29 15:09 - 2014-09-29 15:09 - 00034498 _____ () C:\Users\DUNEDAN\Downloads\Good.Will.Hunting.1997.BluRay.720P.X264.DTS-WiKi.torrent
2014-09-28 19:33 - 2014-09-28 19:34 - 00000000 ____D () C:\ProgramData\GoSavve
2014-09-28 19:33 - 2014-09-28 19:33 - 00000000 ____D () C:\ProgramData\fopdkbmpggiillmhdkjngeoefeflglnc
2014-09-28 18:40 - 2014-09-28 18:41 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-28 18:40 - 2014-09-28 18:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-28 18:40 - 2014-09-28 18:40 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP
2014-09-28 18:40 - 2014-09-28 18:40 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\GetPrivate
2014-09-28 18:40 - 2014-09-28 18:40 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-28 18:40 - 2014-09-28 18:40 - 00000000 ____D () C:\Program Files (x86)\GetPrivate
2014-09-28 18:39 - 2014-09-28 18:39 - 00876040 _____ () C:\Users\DUNEDAN\Downloads\Moms Bang Teens 6 (Reality Kings) XXX (DVDRip).exe
2014-09-28 15:31 - 2014-09-28 15:31 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\Old Firefox Data
2014-09-28 12:00 - 2014-09-28 12:00 - 00040572 _____ () C:\Users\DUNEDAN\Downloads\_.damebra.srt_1(subsunacs.net).rar
2014-09-27 12:38 - 2014-09-27 12:38 - 00001101 _____ () C:\Users\Public\Desktop\Garena+.lnk
2014-09-27 12:37 - 2014-09-27 12:38 - 72969976 _____ () C:\Users\DUNEDAN\Downloads\Garena+_Install.exe
2014-09-26 23:42 - 2014-09-26 23:42 - 05969287 _____ ( ) C:\Users\DUNEDAN\Downloads\NodeBeat.exe
2014-09-26 23:42 - 2014-09-26 23:42 - 00000593 _____ () C:\Users\Public\Desktop\Nodebeat.lnk
2014-09-26 23:42 - 2014-09-26 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nodebeat
2014-09-26 23:30 - 2014-09-26 23:30 - 00010074 _____ () C:\Users\DUNEDAN\Downloads\PlagueInc.exe.torrent
2014-09-26 21:57 - 2014-09-26 21:57 - 00000806 _____ () C:\Users\DUNEDAN\Desktop\Frozen Throne.lnk
2014-09-26 21:55 - 2014-09-26 22:04 - 00064186 _____ () C:\Windows\War3Unin.dat
2014-09-26 21:55 - 2014-09-26 21:57 - 00139264 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2014-09-26 21:55 - 2014-09-26 21:57 - 00002829 _____ () C:\Windows\War3Unin.pif
2014-09-26 21:55 - 2014-09-26 21:57 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-09-26 21:55 - 2014-09-26 21:55 - 00000801 _____ () C:\Users\DUNEDAN\Desktop\Warcraft III.lnk
2014-09-26 21:25 - 2014-09-26 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-09-26 20:01 - 2014-09-26 20:01 - 00035878 _____ () C:\Users\DUNEDAN\Downloads\Warcraft III Reign Of Chaos and The Frozen Throne (DOTA) (1).torrent
2014-09-26 19:53 - 2014-09-26 19:53 - 00035878 _____ () C:\Users\DUNEDAN\Downloads\Warcraft III Reign Of Chaos and The Frozen Throne (DOTA).torrent
2014-09-26 18:39 - 2014-09-26 18:39 - 00015774 _____ () C:\Users\DUNEDAN\Downloads\SimCity-Razor1911 (1).torrent
2014-09-25 18:22 - 2014-09-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 22:31 - 2014-09-23 22:32 - 00000000 ____D () C:\Users\TEMP\Documents\Bluetooth
2014-09-23 22:30 - 2014-09-23 22:32 - 00000000 ____D () C:\Users\TEMP
2014-09-23 13:48 - 2014-09-23 13:48 - 00000004 _____ () C:\Users\DUNEDAN\AppData\Roaming\appdataFr2.bin
2014-09-20 19:33 - 2014-09-20 19:33 - 00030311 _____ () C:\Users\DUNEDAN\Downloads\do_US_na_DKB.doc.p7m
2014-09-20 19:33 - 2014-09-20 19:33 - 00030311 _____ () C:\Users\DUNEDAN\Downloads\do_US_na_DKB.doc (2).p7m
2014-09-20 19:33 - 2014-09-20 19:33 - 00030311 _____ () C:\Users\DUNEDAN\Downloads\do_US_na_DKB.doc (1).p7m
2014-09-19 23:58 - 2014-09-19 23:58 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-19 23:58 - 2014-09-19 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-19 23:49 - 2014-09-19 23:54 - 1778598272 _____ () C:\Users\DUNEDAN\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-19 16:49 - 2014-09-19 16:49 - 00016120 _____ () C:\Users\DUNEDAN\Downloads\Meri -The Best By Private Teens Take It Up The Ass -Private The Matador 2.torrent
2014-09-19 16:48 - 2014-09-19 16:48 - 00011832 _____ () C:\Users\DUNEDAN\Downloads\Candid-repack.rar.torrent
2014-09-19 16:48 - 2014-09-19 16:48 - 00011832 _____ () C:\Users\DUNEDAN\Downloads\Candid-repack.rar (1).torrent
2014-09-19 16:43 - 2014-09-19 16:43 - 00015038 _____ () C:\Users\DUNEDAN\Downloads\Houdini.2014.Part2.REPACK.720p.HDTV.x264.torrent
2014-09-19 15:11 - 2014-09-19 15:11 - 00000000 ___HD () C:\Users\DUNEDAN\Downloads\.picasaoriginals
2014-09-19 15:10 - 2014-09-19 15:11 - 00000038 ____H () C:\Users\DUNEDAN\Downloads\.picasa.ini
2014-09-19 14:11 - 2014-09-19 14:11 - 00787324 _____ () C:\Users\DUNEDAN\Downloads\Снимки – Google+1.htm
2014-09-19 14:11 - 2014-09-19 14:11 - 00000000 ____D () C:\Users\DUNEDAN\Downloads\Снимки – Google+1_files
2014-09-19 14:10 - 2014-09-19 14:10 - 00790427 _____ () C:\Users\DUNEDAN\Downloads\Снимки – Google+.htm
2014-09-19 14:10 - 2014-09-19 14:10 - 00000000 ____D () C:\Users\DUNEDAN\Downloads\Снимки – Google+_files
2014-09-19 12:45 - 2014-09-19 12:45 - 00000000 ____D () C:\ProgramData\Browser AdBlocker
2014-09-19 12:31 - 2014-09-19 12:31 - 00000000 ____D () C:\ProgramData\Astroburn Lite
2014-09-17 14:20 - 2014-09-17 14:20 - 00056270 _____ () C:\Users\DUNEDAN\Downloads\Edge.of.Tomorrow.2014.HDRip.XViD_juggs_ETRG_.(subs.sab.bz).rar
2014-09-16 16:45 - 2014-09-16 16:45 - 00016190 _____ () C:\Users\DUNEDAN\Downloads\shm007_high_full.wmv.torrent
2014-09-16 16:45 - 2014-09-16 16:45 - 00008485 _____ () C:\Users\DUNEDAN\Downloads\Skinny Russian Brunete Teen - Shower and Fuck.torrent
2014-09-16 16:44 - 2014-09-16 16:44 - 00021626 _____ () C:\Users\DUNEDAN\Downloads\Skinny teen forced to fuck.torrent
2014-09-16 14:36 - 2014-09-16 14:36 - 00046192 _____ () C:\Users\DUNEDAN\Downloads\The.Grand.Budapest.Hotel.2014.1080p.BluRay.REMUX.AVC.DTS-HDMA.5.1-BladeBDP (1).torrent
2014-09-16 14:25 - 2014-09-16 14:25 - 00000000 ____D () C:\ProgramData\NewuSaver
2014-09-16 14:13 - 2014-09-16 14:13 - 00046192 _____ () C:\Users\DUNEDAN\Downloads\The.Grand.Budapest.Hotel.2014.1080p.BluRay.REMUX.AVC.DTS-HDMA.5.1-BladeBDP.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-16 13:00 - 2013-10-14 19:44 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\uTorrent
2014-10-16 12:36 - 2013-10-15 00:16 - 01214949 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 12:31 - 2009-07-14 07:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:31 - 2009-07-14 07:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 12:30 - 2009-07-14 08:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 12:27 - 2014-06-23 18:27 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\GarenaPlus
2014-10-16 12:27 - 2014-06-23 18:11 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-10-16 12:25 - 2009-07-14 05:34 - 00000766 _____ () C:\Windows\win.ini
2014-10-16 12:24 - 2014-09-05 11:08 - 00000472 ____H () C:\Windows\Tasks\Upd Inst-S-2268751204.job
2014-10-16 12:24 - 2014-08-08 22:43 - 00012993 _____ () C:\Windows\setupact.log
2014-10-16 12:24 - 2014-07-30 22:11 - 00004950 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-10-16 12:24 - 2014-07-30 22:11 - 00000102 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-10-16 12:24 - 2014-06-23 18:16 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_DUNEDAN
2014-10-16 12:24 - 2014-05-16 18:21 - 00000460 ____H () C:\Windows\Tasks\SN.Booster-S-4674074418.job
2014-10-16 12:24 - 2014-02-17 16:26 - 00000000 ____D () C:\ProgramData\Home Media Server
2014-10-16 12:24 - 2013-12-23 16:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-16 12:24 - 2013-10-17 11:16 - 00003242 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-16 12:24 - 2013-10-15 00:23 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 12:24 - 2013-10-14 20:33 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Skype
2014-10-16 12:24 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 12:24 - 2008-06-05 17:51 - 00000961 _____ () C:\Windows\SysWOW64\bscs.ini
2014-10-15 22:07 - 2013-10-15 15:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 22:05 - 2013-10-15 00:23 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 18:45 - 2014-09-10 20:27 - 00004507 _____ () C:\Windows\system32\ScanResults.xml
2014-10-15 10:44 - 2014-09-03 17:55 - 00000000 ___HD () C:\Users\DUNEDAN\Desktop\.picasaoriginals
2014-10-14 21:15 - 2014-01-11 13:14 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-14 21:14 - 2013-10-14 22:22 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Local\CrashDumps
2014-10-14 20:15 - 2013-11-21 18:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-14 20:13 - 2007-12-11 16:06 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-10-14 20:13 - 2007-12-11 16:06 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-10-14 20:12 - 2014-01-20 20:11 - 00000000 ____D () C:\Users\DUNEDAN\Documents\My Games
2014-10-14 17:38 - 2014-06-10 23:12 - 00000456 ____H () C:\Windows\Tasks\Norton Security Scan for DUNEDAN.job
2014-10-13 12:59 - 2014-02-05 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-13 12:59 - 2013-10-15 00:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-13 12:08 - 2014-05-20 15:02 - 00000000 ____D () C:\Program Files (x86)\Optimik
2014-10-12 20:58 - 2013-10-25 16:18 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\CodeBlocks
2014-10-07 16:32 - 2013-10-25 16:21 - 00000000 ____D () C:\Users\DUNEDAN\Documents\Информатика
2014-10-05 10:41 - 2014-04-02 15:38 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo
2014-10-05 10:39 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-05 10:35 - 2014-08-21 18:29 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-10-05 10:33 - 2014-09-12 16:13 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Solvusoft
2014-10-05 10:32 - 2014-08-08 00:51 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-10-05 10:30 - 2014-09-04 11:53 - 00019740 _____ () C:\Windows\PFRO.log
2014-10-04 23:14 - 2013-11-17 13:05 - 00000000 ____D () C:\ProgramData\Origin
2014-10-04 23:14 - 2013-10-16 20:21 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-03 19:18 - 2013-10-16 16:28 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-03 09:55 - 2013-10-14 20:33 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 23:38 - 2013-11-24 23:42 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Local\Battle.net
2014-10-01 20:37 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\DUNEDAN\.android
2014-10-01 14:46 - 2013-11-24 23:42 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-01 14:38 - 2014-07-31 23:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-30 19:31 - 2014-06-04 21:26 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Wondershare
2014-09-29 12:55 - 2013-11-26 15:19 - 00000000 ___RD () C:\Users\DUNEDAN\Desktop\ICON
2014-09-28 19:34 - 2014-05-23 11:05 - 00000000 ____D () C:\ProgramData\d17db1a4dd066582
2014-09-28 18:40 - 2014-06-12 21:32 - 00002505 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-28 18:40 - 2013-10-15 00:18 - 00001627 _____ () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-28 18:40 - 2013-10-14 22:32 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-28 18:40 - 2013-10-14 22:32 - 00001399 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-28 01:18 - 2014-09-11 02:17 - 00000398 _____ () C:\Users\DUNEDAN\Desktop\New Text Document.txt
2014-09-27 15:19 - 2014-06-23 18:47 - 00045270 _____ () C:\Users\DUNEDAN\AppData\Roaming\room_v3.dat
2014-09-27 12:38 - 2014-06-23 18:15 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-09-27 10:15 - 2013-10-14 22:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-26 21:40 - 2014-01-11 01:56 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-26 18:31 - 2014-09-11 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-26 17:10 - 2014-08-08 22:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-26 17:10 - 2013-11-26 15:16 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-09-26 17:10 - 2013-11-26 15:16 - 00001908 _____ () C:\Windows\diagerr.xml
2014-09-24 15:50 - 2014-02-08 01:15 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\New folder
2014-09-23 22:32 - 2009-07-14 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-23 22:31 - 2009-07-14 07:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-23 16:57 - 2014-02-07 13:26 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\dvdcss
2014-09-23 16:57 - 2013-11-14 19:15 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\vlc
2014-09-22 09:42 - 2010-11-21 06:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 23:58 - 2014-08-25 21:39 - 00018933 _____ () C:\Windows\DirectX.log
2014-09-19 23:43 - 2013-10-17 10:31 - 00000000 ____D () C:\Temp
2014-09-19 12:17 - 2014-01-26 23:30 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-17 13:42 - 2013-10-17 12:18 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Local\cache
 
Some content of TEMP:
====================
C:\Users\DUNEDAN\AppData\Local\Temp\1121gggf.4id.exe
C:\Users\DUNEDAN\AppData\Local\Temp\AstroburnLite180-0182.exe
C:\Users\DUNEDAN\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\DUNEDAN\AppData\Local\Temp\ReimagePackage.exe
C:\Users\DUNEDAN\AppData\Local\Temp\res.dll
C:\Users\DUNEDAN\AppData\Local\Temp\SIntf16.dll
C:\Users\DUNEDAN\AppData\Local\Temp\SIntf32.dll
C:\Users\DUNEDAN\AppData\Local\Temp\SIntfNT.dll
C:\Users\DUNEDAN\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\DUNEDAN\AppData\Local\Temp\Uninstall.exe
C:\Users\DUNEDAN\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\DUNEDAN\AppData\Local\Temp\war3_Install.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 

Addition.txt

Линк към коментара
Сподели в други сайтове

Деинсталирайте за начало  следния софтуер по стандартния начин:

 

 

AlLLSaver (HKLM-x32\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version:  - AllaSaver) <==== ATTENTION

AtuZi (HKLM\...\AtuZi) (Version: 2014.07.01.181244 - AtuZi)

Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
BS Player ControlBar B Toolbar for IE (HKLM-x32\...\IECT3329621) (Version: 6.20.0.10 - BS Player ControlBar B) <==== ATTENTION

DealExpREuses (HKLM-x32\...\{25F259ED-12F6-429F-5783-527C3E2F8586}) (Version:  - DeaalExpress) <==== ATTENTION

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FiNdBestDeal (HKLM-x32\...\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}) (Version:  - FinudoBBeesstDeeal) <==== ATTENTION

Install Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}) (Version:  - Certified Publisher) <==== ATTENTION

MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NewuSaver (HKLM-x32\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version:  - "") <==== ATTENTION

SkypEmoticons (HKLM-x32\...\SkypEmoticons_is1) (Version:  - ) <==== ATTENTION

SN.Booster (HKLM-x32\...\S-4674074418) (Version: 4.1.0.1138 - PremiumSoft) <==== ATTENTION

ss Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f7dc94c1}) (Version:  - Certified Publisher) <==== ATTENTION

Upd Inst (HKLM-x32\...\S-2268751204) (Version: 4.2.0.1590 - PremiumSoft) <==== ATTENTION

webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION

WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION

Wsys Control 10.2.1.2652 (HKLM-x32\...\WsysControl) (Version: 10.2.1.2652 - Wsys Co., Ltd.) <==== ATTENTION

 

 

Скоро не бях срещал толкова заразена машина..!!! :(

 

 

adwcleaner_new.png Сканиране с AdwCleaner
 
Моля, изтеглете и стартирайте програмата AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте Clean
  • Вашият компютър ще се рестартира автоматично. Текстовия файл ще се отвори след рестарта.
  • Моля, да публикувате съдържанието на този лог в отговора си
  • Можете да намерите лога,който автоматично се запомня тук C:AdwCleaner[s0].txt

 

 

 

thisisujrt.gif Сканиране с Junkware Removal Tool

 

Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

51a5bf3d99e8a-ComboFixlogo16.png Сканиране с ComboFix

 

i_arrow-r.gif Изтеглете ComboFix combofix.gif от тук и го запазете на десктопа си.
How to use ComboFix
icon_exclaim.gif Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
icon_arrow.gif Стартирайте Combo-Fix.com combofix.gif и следвайте инструкциите.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
i_exclaim.gif Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Линк към коментара
Сподели в други сайтове

Ако е зле работата мога да преинсталирам вина :)

ще отнеме полвин ден с всички програми

 

То си е ваше решение..Компютъра си е ваш...Но тук в този раздел се борим до край и  препоръчваме преинсталирането само в краен случай..!Нищо не ви пречи да следвате инструкциите ми .....Вадили сме от батака много по зле заразени мшини и от вашата..Така че решавайте ..! :)


Линк към коментара
Сподели в други сайтове

:clown: Не можах да деинсталирам AtuZi, ето копираните тхт.

# AdwCleaner v4.000 - Report created 16/10/2014 at 19:59:10

# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : DUNEDAN - DUNEDAN-PC
# Running from : C:\Users\DUNEDAN\Downloads\adwcleaner_4.000.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : IePluginServices
[#] Service Deleted : WsysSvc
Service Deleted : ReimageRealTimeProtector
Service Deleted : {2f5655f0-a8b6-468f-9b2b-f019d1b5665c}w64
Service Deleted : {55685567-4840-4a91-962b-49a412e9485a}Gw64
Service Deleted : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64
Service Deleted : {a398d4bf-ac93-41b8-983d-d3185c8c4cc1}w64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\DUNEDAN\AppData\Roaming\BabSolution
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Users\DUNEDAN\AppData\Roaming\GetPrivate
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\DUNEDAN\AppData\Local\globalUpdate
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\InternetSpeedTracker_9t
Folder Deleted : C:\Users\DUNEDAN\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\DUNEDAN\AppData\Roaming\OpenCandy
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Program Files (x86)\searchgol
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\DUNEDAN\AppData\Roaming\Solvusoft
[!] Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Users\DUNEDAN\AppData\Local\Tbccint
Folder Deleted : C:\Users\DUNEDAN\AppData\LocalLow\Tbccint
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\webget
Folder Deleted : C:\Users\DUNEDAN\AppData\Local\webplayer
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Reimage Protector
Folder Deleted : C:\Users\DUNEDAN\AppData\Local\Temp\BS_Player_ControlBar_B
Folder Deleted : C:\ProgramData\Browser AdBlocker
Folder Deleted : C:\ProgramData\DealExprEsS
Folder Deleted : C:\Program Files (x86)\DealExprEsS
Folder Deleted : C:\ProgramData\DealExpREuses
Folder Deleted : C:\Program Files (x86)\DealExpREuses
Folder Deleted : C:\ProgramData\ExsttraSavingss
Folder Deleted : C:\Program Files (x86)\ExsttraSavingss
Folder Deleted : C:\ProgramData\FiNdBestDeal
Folder Deleted : C:\Program Files (x86)\FiNdBestDeal
Folder Deleted : C:\ProgramData\FinndBesetDeaL
Folder Deleted : C:\Program Files (x86)\FinndBesetDeaL
Folder Deleted : C:\ProgramData\FUn22Savea
Folder Deleted : C:\Program Files (x86)\FUn22Savea
Folder Deleted : C:\ProgramData\GoSavve
Folder Deleted : C:\ProgramData\NewuSaver
Folder Deleted : C:\Program Files (x86)\NewuSaver
Folder Deleted : C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\[email protected]
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdiphaboadafkigmjlbjpphgnlhfolop
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpkaakbimfkfbjfppepmbjloldbjfpn
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladhndinanocmjjjjhmhibieldifcdim
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\DUNEDAN\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
File Deleted : C:\Windows\System32\\drivers\{2f5655f0-a8b6-468f-9b2b-f019d1b5665c}w64.sys
File Deleted : C:\Windows\System32\\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{a398d4bf-ac93-41b8-983d-d3185c8c4cc1}w64.sys
File Deleted : C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
File Deleted : C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : ReimageUpdater
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps Hat\Uninstall.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\DeaalExpress.DeaalExpress
Key Deleted : HKLM\SOFTWARE\Classes\DeaalExpress.DeaalExpress.2.1
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..10
Key Deleted : HKCU\Software\5b57de8fb539e948
Key Deleted : HKLM\SOFTWARE\5b57de8fb539e948
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2268751204
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-4674074418
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{359315EC-FB39-45B6-5B43-14DA9FE88691}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7205e0bf-d42c-4516-b065-c2c2ba8139ff}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7205e0bf-d42c-4516-b065-c2c2ba8139ff}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{359315EC-FB39-45B6-5B43-14DA9FE88691}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7205e0bf-d42c-4516-b065-c2c2ba8139ff}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{359315EC-FB39-45B6-5B43-14DA9FE88691}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7205e0bf-d42c-4516-b065-c2c2ba8139ff}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{359315EC-FB39-45B6-5B43-14DA9FE88691}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7205e0bf-d42c-4516-b065-c2c2ba8139ff}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{359315EC-FB39-45B6-5B43-14DA9FE88691}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7205e0bf-d42c-4516-b065-c2c2ba8139ff}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3860D897-7DCD-473C-9744-B21DB133AB20}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6D3C9858-2674-46E1-9112-107340758481}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{909112FE-C4A2-4990-A499-E58867D55B15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B618C19D-A418-4586-80C6-09DBDA9C748E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B68B00A0-95B9-4162-BA45-7A1113317DA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E413D78F-283C-45F1-9992-8EF7D55A4933}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7205e0bf-d42c-4516-b065-c2c2ba8139ff}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\dosearchessoftware
Key Deleted : HKLM\SOFTWARE\eSafeSecControl
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A4ABCA-CF3D-C548-2DC4-72A55DC5882A}
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[avrxate3.default-1411907510305] - Line Deleted : user_pref("B0yVuSuAVl", "uyh8BMq9Ae0KucV2Dzt4W6hZCSb8CME0uzDPBMmLDG4HheFMvMFLg7x9Ae0KvMZGhegYuGbUB7q8BelKDc4TB70RAekPp7VMuzlGBc4PBMmVWw0MuctZg7lSB70RsSU+vjx1XzlGBc4PBMmVWw0Muct6gftKgeFVCNnFri4TB79Suj5[...]
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.BUTTON_STRUCTURE", "[{\"b\":221351975,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221351976,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.firstKnownVersion", "6.72.4.54859");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=C84A92E9-A434-41CD-B34F-C7A7B370C24F&n=780cbc81&p2=^BBQ^xdm027^YYA^bg&si=downspeedtest");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.initialized", true);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installKeysSource", "LocalStorage");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installType", "XPI");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.contextKey", "");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.installDate", "2014100609");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.partnerId", "^BBQ^xdm027^YYA^bg");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.partnerSubId", "downspeedtest");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.pixelUrl", "hxxp://internetspeedtracker.dl.tb.ask.com/install_pixels.jhtml?partner=^BBQ^xdm027^YYA^bg&coId=e70e6722e04441fc990e93e9f836[...]
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.success", true);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.installation.toolbarId", "C84A92E9-A434-41CD-B34F-C7A7B370C24F");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.isCompliantUninstallImplementation", true);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.lastActivePing", "1413460111925");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.lastKnownVersion", "6.72.4.54859");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.options.defaultSearch", false);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.options.homePageEnabled", false);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.options.keywordEnabled", false);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.options.tabEnabled", false);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.partnerPixelFired", true);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.successUrl", "hxxp://downspeedtest.com/thankyou.php");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.toolbarCollapsed", true);
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark._9tMembers_.weather.location", "10001");
[avrxate3.default-1411907510305] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
 
-\\ Google Chrome v35.0.1916.153
 
 
*************************
 
AdwCleaner[R0].txt - [20654 octets] - [16/10/2014 19:57:51]
AdwCleaner[s0].txt - [19033 octets] - [16/10/2014 19:59:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19094 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Ultimate x64
Ran by DUNEDAN on Thu 10/16/2014 at 20:04:49.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\DUNEDAN\appdata\local\google\chrome\user data\default\local storage\http_istart.webssearches.com_0.localstorage"
Successfully deleted: [File] "C:\Users\DUNEDAN\appdata\local\google\chrome\user data\default\local storage\http_istart.webssearches.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\AlLLSaver
Successfully deleted: [Folder] "C:\Users\DUNEDAN\AppData\Roaming\microsoft\windows\start menu\programs\apps hat"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\DUNEDAN\AppData\Roaming\mozilla\firefox\profiles\avrxate3.default-1411907510305\extensions\[email protected]_9t.com
Emptied folder: C:\Users\DUNEDAN\AppData\Roaming\mozilla\firefox\profiles\avrxate3.default-1411907510305\minidumps [4 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/16/2014 at 20:07:57.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~
 
ComboFix 14-10-15.01 - DUNEDAN 10/16/2014  20:13:43.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.8153.5184 [GMT 3:00]
Running from: c:\users\DUNEDAN\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\gb19nxopZA.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\jiaxfZ1C32dQ.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\newtab.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\CzdTTJpy.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\VQP6G9sB_.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\x.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\PfsMY513w.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdnapgfjopgaggbmfgbiinmmbdcglnam_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdnapgfjopgaggbmfgbiinmmbdcglnam_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_defjbpbaeipkllhdmgjfbdefjnpoocga_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_defjbpbaeipkllhdmgjfbdefjnpoocga_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fboiibgbjljogjkebjcfhggbiponmpkk_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fboiibgbjljogjkebjcfhggbiponmpkk_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_goeeiijhgidlcakidjccllfebdkkhaia_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_goeeiijhgidlcakidjccllfebdkkhaia_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ocimhajpehjmepnegklahceceebnened_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ocimhajpehjmepnegklahceceebnened_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmkeekfkpfecccgbliieogmgmijklpm_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmkeekfkpfecccgbliieogmgmijklpm_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\XSxS
G:\autorun.inf
G:\install.exe
G:\update.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-16 to 2014-10-16  )))))))))))))))))))))))))))))))
.
.
2014-10-16 17:04 . 2014-10-16 17:04 -------- d-----w- c:\windows\ERUNT
2014-10-16 16:55 . 2014-10-16 16:59 -------- d-----w- C:\AdwCleaner
2014-10-16 16:17 . 2014-10-16 16:17 -------- d-----w- c:\program files (x86)\AlLLSaver
2014-10-16 11:42 . 2014-10-16 11:43 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\mgyun
2014-10-16 10:00 . 2014-10-16 10:02 -------- d-----w- C:\FRST
2014-10-16 09:36 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FC1C5CE-69B1-4707-A6B3-D5900F65FA14}\mpengine.dll
2014-10-14 18:32 . 2014-10-14 18:32 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\HexHunterZ
2014-10-14 17:13 . 2014-10-14 17:13 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-10-14 17:13 . 2014-10-14 17:13 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-10-14 17:13 . 2014-10-14 17:13 -------- d-----w- c:\program files (x86)\OpenAL
2014-10-14 17:11 . 2014-10-14 17:11 -------- d-----w- c:\windows\Commander The Great War
2014-10-14 07:30 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-10 09:50 . 2014-10-10 09:50 -------- d-----w- C:\Garmin
2014-10-05 07:41 . 2014-10-07 13:30 -------- d-----w- c:\windows\system32\appmgmt
2014-10-04 20:18 . 2014-10-04 20:18 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\Steam
2014-10-03 15:57 . 2014-10-04 20:13
Линк към коментара
Сподели в други сайтове

ComboFix 14-10-15.01 - DUNEDAN 10/16/2014  20:13:43.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.8153.5184 [GMT 3:00]
Running from: c:\users\DUNEDAN\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\gb19nxopZA.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc\218\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\jiaxfZ1C32dQ.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jphekbanbjckapbommeipbjogcodjnoc\2.1\newtab.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\CzdTTJpy.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdnapgfjopgaggbmfgbiinmmbdcglnam\217\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadookigiabbhgpgclcbdhoolbaofodf\4.6\VQP6G9sB_.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\defjbpbaeipkllhdmgjfbdefjnpoocga\126\x.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fboiibgbjljogjkebjcfhggbiponmpkk\160\PfsMY513w.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeeiijhgidlcakidjccllfebdkkhaia\120\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocimhajpehjmepnegklahceceebnened\247\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\background.html
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\content.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\lsdb.js
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm\243\manifest.json
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdnapgfjopgaggbmfgbiinmmbdcglnam_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cdnapgfjopgaggbmfgbiinmmbdcglnam_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_defjbpbaeipkllhdmgjfbdefjnpoocga_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_defjbpbaeipkllhdmgjfbdefjnpoocga_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fboiibgbjljogjkebjcfhggbiponmpkk_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fboiibgbjljogjkebjcfhggbiponmpkk_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_goeeiijhgidlcakidjccllfebdkkhaia_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_goeeiijhgidlcakidjccllfebdkkhaia_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ocimhajpehjmepnegklahceceebnened_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ocimhajpehjmepnegklahceceebnened_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmkeekfkpfecccgbliieogmgmijklpm_0.localstorage-journal
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pfmkeekfkpfecccgbliieogmgmijklpm_0.localstorage
c:\users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\XSxS
G:\autorun.inf
G:\install.exe
G:\update.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-16 to 2014-10-16  )))))))))))))))))))))))))))))))
.
.
2014-10-16 17:04 . 2014-10-16 17:04 -------- d-----w- c:\windows\ERUNT
2014-10-16 16:55 . 2014-10-16 16:59 -------- d-----w- C:\AdwCleaner
2014-10-16 16:17 . 2014-10-16 16:17 -------- d-----w- c:\program files (x86)\AlLLSaver
2014-10-16 11:42 . 2014-10-16 11:43 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\mgyun
2014-10-16 10:00 . 2014-10-16 10:02 -------- d-----w- C:\FRST
2014-10-16 09:36 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FC1C5CE-69B1-4707-A6B3-D5900F65FA14}\mpengine.dll
2014-10-14 18:32 . 2014-10-14 18:32 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\HexHunterZ
2014-10-14 17:13 . 2014-10-14 17:13 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-10-14 17:13 . 2014-10-14 17:13 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-10-14 17:13 . 2014-10-14 17:13 -------- d-----w- c:\program files (x86)\OpenAL
2014-10-14 17:11 . 2014-10-14 17:11 -------- d-----w- c:\windows\Commander The Great War
2014-10-14 07:30 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-10 09:50 . 2014-10-10 09:50 -------- d-----w- C:\Garmin
2014-10-05 07:41 . 2014-10-07 13:30 -------- d-----w- c:\windows\system32\appmgmt
2014-10-04 20:18 . 2014-10-04 20:18 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\Steam
2014-10-03 15:57 . 2014-10-04 20:13 -------- d-----w- c:\program files (x86)\GMT-MAX.ORG
2014-10-03 06:55 . 2014-10-03 06:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-03 06:55 . 2014-10-03 06:55 -------- d-----r- c:\program files (x86)\Skype
2014-10-02 13:10 . 2014-09-17 10:26 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91CC0132-464E-449E-9B74-ADF4106C4C9B}\gapaengine.dll
2014-09-30 16:31 . 2014-09-30 16:31 -------- d-----w- c:\programdata\Wondershare
2014-09-29 15:40 . 2014-10-16 15:40 73728 ----a-w- c:\windows\SysWow64\tasks.dll
2014-09-28 16:33 . 2014-09-28 16:33 -------- d-----w- c:\programdata\fopdkbmpggiillmhdkjngeoefeflglnc
2014-09-26 18:55 . 2014-09-26 18:57 2829 ----a-w- c:\windows\War3Unin.pif
2014-09-26 18:55 . 2014-09-26 18:57 139264 ----a-w- c:\windows\War3Unin.exe
2014-09-23 19:30 . 2014-09-23 19:32 -------- d-----w- c:\users\TEMP
2014-09-23 10:48 . 2014-09-23 10:48 4 ----a-w- c:\users\DUNEDAN\AppData\Roaming\appdataFr2.bin
2014-09-19 09:31 . 2014-09-19 09:31 -------- d-----w- c:\programdata\Astroburn Lite
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-14 17:13 . 2007-12-11 13:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-10-14 17:13 . 2007-12-11 13:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-09-22 06:42 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-17 10:26 . 2014-05-03 16:29 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-10 16:07 . 2013-10-15 12:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 16:07 . 2013-10-15 12:00 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-25 18:39 . 2014-08-25 18:39 21656 ----a-w- c:\windows\system32\drivers\evolve.sys
2014-07-22 08:39 . 2013-11-11 12:21 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-22 08:39 . 2013-10-18 14:13 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-22 08:36 . 2013-10-18 14:13 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-08-03 08:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
2010-08-03 08:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\DUNEDAN\AppData\Roaming\uTorrent\uTorrent.exe" [2014-10-08 1385808]
"GoogleChromeAutoLaunch_647C5B00988DE89D978C798676D85787"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-09-24 1323776]
"EvolveClient"="G:\EvolveClient.exe" [2014-09-15 3332512]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-10-14 39408]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2014-09-18 9958192]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RazerGameBooster"="c:\program files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe" [2014-02-25 61152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
"BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-05 231424]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-09-11 2087264]
"Wondershare Helper Compact"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-09-11 2087264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MobileGo Service.lnk - g:\mobilego for android\MobileGoService.exe [2014-10-1 99296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 ArcService;Arc Service;g:\arc\ArcService.exe;g:\arc\ArcService.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 cpuz134;cpuz134;c:\users\DUNEDAN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\DUNEDAN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;g:\performancetest\DirectIo64.sys;g:\performancetest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]
R3 X6va025;X6va025;c:\windows\SysWOW64\Drivers\X6va025;c:\windows\SysWOW64\Drivers\X6va025 [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par-amd64.sys;c:\windows\SYSNATIVE\Drivers\eusk2par-amd64.sys [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
S2 HmsService;Домашний медиа-сервер (UPnP);c:\program files (x86)\Home Media Server\hmssvc.exe;c:\program files (x86)\Home Media Server\hmssvc.exe [x]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
S3 EvoSvc;Evolve Service;g:\evosvc.exe;g:\EvoSvc.exe [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AIDA64DRIVER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 18:32 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-15 16:07]
.
2014-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-14 21:22]
.
2014-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-14 21:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8
FF - ProfilePath - c:\users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Apps Hat - c:\users\DUNEDAN\AppData\Local\WebPlayer\uninstall.exe
AddRemove-MKLOL - c:\program files (x86)\MKJogo\MKLOL\MKuInst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va022]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va025]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va025"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-760052788-1994585468-4114317675-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,71,4e,6f,3f,ae,61,e6,63,01,00,15,6b,10,15,e0,12,5e,e9,40,59,
   7b,2a,a0,f3,7c,71,b5,35,ad,35,7e,bc,8b,29,e0,bb,5d,c9,fe,60,72,fc,3b,9a,d7,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
c:\windows\SysWOW64\DllHost.exe
G:\EvolveUI.exe
G:\EvolveUI.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2014-10-16  20:46:16 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-16 17:46
.
Pre-Run: 11,939,311,616 bytes free
Post-Run: 11,456,483,328 bytes free
.
- - End Of File - - 422C5CF3CB94FB5A662447C4612FA09E
671B81004FDD1588FA9ED1331C9CECA9
Линк към коментара
Сподели в други сайтове

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::
ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-760052788-1994585468-4114317675-1000\Software\SecuROM\License information*]

 
 След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

CFScriptB-4.gif

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове

ComboFix 14-10-15.01 - DUNEDAN 10/16/2014  23:10:27.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.8153.5807 [GMT 3:00]
Running from: c:\users\DUNEDAN\Downloads\ComboFix.exe
Command switches used :: c:\users\DUNEDAN\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-16 to 2014-10-16  )))))))))))))))))))))))))))))))
.
.
2014-10-16 20:17 . 2014-10-16 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-16 20:17 . 2014-10-16 20:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-16 17:04 . 2014-10-16 17:04 -------- d-----w- c:\windows\ERUNT
2014-10-16 16:55 . 2014-10-16 16:59 -------- d-----w- C:\AdwCleaner
2014-10-16 16:17 . 2014-10-16 16:17 -------- d-----w- c:\program files (x86)\AlLLSaver
2014-10-16 11:42 . 2014-10-16 11:43 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\mgyun
2014-10-16 10:00 . 2014-10-16 10:02 -------- d-----w- C:\FRST
2014-10-16 09:36 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FC1C5CE-69B1-4707-A6B3-D5900F65FA14}\mpengine.dll
2014-10-14 18:32 . 2014-10-14 18:32 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\HexHunterZ
2014-10-14 17:13 . 2014-10-14 17:13 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-10-14 17:13 . 2014-10-14 17:13 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-10-14 17:13 . 2014-10-14 17:13 -------- d-----w- c:\program files (x86)\OpenAL
2014-10-14 17:11 . 2014-10-14 17:11 -------- d-----w- c:\windows\Commander The Great War
2014-10-14 07:30 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-10 09:50 . 2014-10-10 09:50 -------- d-----w- C:\Garmin
2014-10-05 07:41 . 2014-10-07 13:30 -------- d-----w- c:\windows\system32\appmgmt
2014-10-04 20:18 . 2014-10-04 20:18 -------- d-----w- c:\users\DUNEDAN\AppData\Roaming\Steam
2014-10-03 15:57 . 2014-10-04 20:13 -------- d-----w- c:\program files (x86)\GMT-MAX.ORG
2014-10-03 06:55 . 2014-10-03 06:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-03 06:55 . 2014-10-03 06:55 -------- d-----r- c:\program files (x86)\Skype
2014-10-02 13:10 . 2014-09-17 10:26 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91CC0132-464E-449E-9B74-ADF4106C4C9B}\gapaengine.dll
2014-09-30 16:31 . 2014-09-30 16:31 -------- d-----w- c:\programdata\Wondershare
2014-09-29 15:40 . 2014-10-16 15:40 73728 ----a-w- c:\windows\SysWow64\tasks.dll
2014-09-28 16:33 . 2014-09-28 16:33 -------- d-----w- c:\programdata\fopdkbmpggiillmhdkjngeoefeflglnc
2014-09-26 18:55 . 2014-09-26 18:57 2829 ----a-w- c:\windows\War3Unin.pif
2014-09-26 18:55 . 2014-09-26 18:57 139264 ----a-w- c:\windows\War3Unin.exe
2014-09-23 19:30 . 2014-10-16 17:46 -------- d-----w- c:\users\TEMP
2014-09-23 10:48 . 2014-09-23 10:48 4 ----a-w- c:\users\DUNEDAN\AppData\Roaming\appdataFr2.bin
2014-09-19 09:31 . 2014-09-19 09:31 -------- d-----w- c:\programdata\Astroburn Lite
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-14 17:13 . 2007-12-11 13:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-10-14 17:13 . 2007-12-11 13:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-09-22 06:42 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-17 10:26 . 2014-05-03 16:29 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-10 16:07 . 2013-10-15 12:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 16:07 . 2013-10-15 12:00 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-25 18:39 . 2014-08-25 18:39 21656 ----a-w- c:\windows\system32\drivers\evolve.sys
2014-07-22 08:39 . 2013-11-11 12:21 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-07-22 08:39 . 2013-10-18 14:13 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-07-22 08:36 . 2013-10-18 14:13 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2010-08-03 08:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
2010-08-03 08:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\DUNEDAN\AppData\Roaming\uTorrent\uTorrent.exe" [2014-10-08 1385808]
"GoogleChromeAutoLaunch_647C5B00988DE89D978C798676D85787"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-09-24 1323776]
"EvolveClient"="G:\EvolveClient.exe" [2014-09-15 3332512]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-10-14 39408]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2014-09-18 9958192]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RazerGameBooster"="c:\program files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe" [2014-02-25 61152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
"BtTray"="c:\program files (x86)\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-05 231424]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-09-11 2087264]
"Wondershare Helper Compact"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-09-11 2087264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MobileGo Service.lnk - g:\mobilego for android\MobileGoService.exe [2014-10-1 99296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 ArcService;Arc Service;g:\arc\ArcService.exe;g:\arc\ArcService.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 cpuz134;cpuz134;c:\users\DUNEDAN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\DUNEDAN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;g:\performancetest\DirectIo64.sys;g:\performancetest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 EvoSvc;Evolve Service;g:\evosvc.exe;g:\EvoSvc.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]
R3 X6va025;X6va025;c:\windows\SysWOW64\Drivers\X6va025;c:\windows\SysWOW64\Drivers\X6va025 [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par-amd64.sys;c:\windows\SYSNATIVE\Drivers\eusk2par-amd64.sys [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
S2 HmsService;Домашний медиа-сервер (UPnP);c:\program files (x86)\Home Media Server\hmssvc.exe;c:\program files (x86)\Home Media Server\hmssvc.exe [x]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 18:32 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-15 16:07]
.
2014-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-14 21:22]
.
2014-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-14 21:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: Add to Google Photos Screensa&ver
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8
FF - ProfilePath - c:\users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va022]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va025]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va025"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2014-10-16  23:36:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-16 20:35
ComboFix2.txt  2014-10-16 17:46
.
Pre-Run: 43,925,913,600 bytes free
Post-Run: 43,847,512,064 bytes free
.
- - End Of File - - F298EB8221F4F112502268E1BDC1B4F7
671B81004FDD1588FA9ED1331C9CECA9
Линк към коментара
Сподели в други сайтове

Здравейте..!Има ли подобрение след процедурите до тук..?Какво е моментното състояние на системата ви..?

 

 

GUZVCQN.jpg  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

  • В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

 

MBAMsettings.JPG

  • В главния прозорец на програмата , щракнете върху 'Update Now'
  • След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
  • Ако има налична актуализация , щракнете върху бутона Update Now button .
  • Ще стартира Threat Scan.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

MBAMReboot.JPG

  •   След рестарта ,стартирайте Mbam още веднъж.
  •   Кликнете на History tab > Application Logs .
  •   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
  •   Кликнете върху " Copy да Clipboard "

 

MBAMLog.JPG

 

  •   Поставете  съдържанието на клипборда в следващия си  отговор.

 

 

i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

 

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

 

04ed1c15c0abe843.jpg

 

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

 

3b734079c5ccd713.jpg

 

 

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

 

Уверете се, че е премахната отметката от:

 

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start

 

2.JPG

 

Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.

 

 

FRST.gif Сканиране с Farbar Recovery Scan Tool

Повторете сканирането с Farbar Recovery Scan Tool....

Линк към коментара
Сподели в други сайтове

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/17/2014
Scan Time: 12:05:07 PM
Logfile: scan.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.17.03
Rootkit Database: v2014.10.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DUNEDAN
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372813
Time Elapsed: 6 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Линк към коментара
Сподели в други сайтове

C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir Win32/VMDetect.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\escortShld.dll.vir Win32/Toolbar.Funmoods potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolEng.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolsrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir a variant of Win32/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\DealExpREuses\XF.exe.vir a variant of Win32/AdWare.MultiPlug.AG application
C:\AdwCleaner\Quarantine\C\ProgramData\FiNdBestDeal\MuhGTI4O.exe.vir a variant of Win32/AdWare.MultiPlug.AG application
C:\AdwCleaner\Quarantine\C\ProgramData\GoSavve\4f6ZmG52owwU15.dll.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\AdwCleaner\Quarantine\C\ProgramData\GoSavve\4f6ZmG52owwU15.exe.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\AdwCleaner\Quarantine\C\ProgramData\GoSavve\4f6ZmG52owwU15.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir a variant of Win32/ELEX.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\NewuSaver\al4LsmE1QTzUuW.exe.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\Multi\CT3329621\UninstallerUI.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\DUNEDAN\AppData\Local\Tbccint\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\DUNEDAN\AppData\Local\Temp\BS_Player_ControlBar_B\tbBS_P.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\DUNEDAN\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{2f5655f0-a8b6-468f-9b2b-f019d1b5665c}w64.sys.vir a variant of Win64/BrowseFox.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys.vir a variant of Win64/Riskware.NetFilter.F application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys.vir a variant of Win64/Riskware.NetFilter.F application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{a398d4bf-ac93-41b8-983d-d3185c8c4cc1}w64.sys.vir a variant of Win64/BrowseFox.AH potentially unwanted application
C:\ProgramData\InstallMate\{02E8ED2C-6D09-4522-A7C9-252BD90BCFDA}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{1AA8FA41-E99E-4F53-ADB8-A1BCC14BD8B7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{CAEF68AA-76DB-4ACA-A821-3EF9110C4A5C}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{02E8ED2C-6D09-4522-A7C9-252BD90BCFDA}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{1AA8FA41-E99E-4F53-ADB8-A1BCC14BD8B7}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{CAEF68AA-76DB-4ACA-A821-3EF9110C4A5C}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\DUNEDAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KI2RQD6\bs_player_controlbar_b[1].exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\DUNEDAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KI2RQD6\statisticsstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\DUNEDAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0QY6OUH\agup[1].exe a variant of Win32/AdWare.MultiPlug.AB application
C:\Users\DUNEDAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0QY6OUH\checktbexist[1].exe Win32/Toolbar.Conduit.AF potentially unwanted application
C:\Users\DUNEDAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8UAODPV\BS_Player_ControlBar_B[1].exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\DUNEDAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NLKJ8J12\tpq[1].exe a variant of Win32/SProtector.H potentially unwanted application
C:\Users\DUNEDAN\Downloads\android-transfer(1).exe Android/Exploit.Lotoor.EF trojan
C:\Users\DUNEDAN\Downloads\android-transfer.exe Android/Exploit.Lotoor.EF trojan
C:\Users\DUNEDAN\Downloads\cbsidlm-cbsi188-Free_Gif_Maker-SEO-75913648(1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\DUNEDAN\Downloads\cbsidlm-cbsi188-Free_Gif_Maker-SEO-75913648.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\DUNEDAN\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\DUNEDAN\Downloads\ReimageRepair.exe Win32/VMDetect.B potentially unwanted application
C:\Users\DUNEDAN\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe multiple threats
F:\My Albums\Counter STrike 1.6 LH 2012.exe a variant of Win32/HackTool.Patcher.B potentially unsafe application
F:\ProgramData\Acronis.iso multiple threats
F:\ProgramData\Recuva 1.51.1063 (kaldata.com).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\ProgramData\Error Repair Professional 3.8.8\erpsetup.exe Win32/Adware.ErrorRepairPro application
F:\ProgramData\Programs\driverfetch_setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\ProgramData\Uniblue PowerSuite 2010 v2.1.8.5 Incl Serial + Reg file\powersuite.exe a variant of Win32/RegistryBooster potentially unwanted application

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by DUNEDAN (administrator) on DUNEDAN-PC on 17-10-2014 14:59:52
Running from C:\Users\DUNEDAN\Desktop
Loaded Profile: DUNEDAN (Available profiles: DUNEDAN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
(Evgeny Lachinov) C:\Program Files (x86)\Home Media Server\hmssvc.exe
(UASSOFT.COM) C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent Inc.) C:\Users\DUNEDAN\AppData\Roaming\uTorrent\uTorrent.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Echobit LLC) G:\EvolveClient.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Wondershare) G:\MobileGo for Android\MobileGoService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Echobit LLC) G:\EvoSvc.exe
(Echobit, LLC) G:\Drivers\EvolveTracker_64.exe
(Echobit, LLC) G:\EvolveUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(FinalWire Ltd.) C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
(Echobit, LLC) G:\EvolveUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\DUNEDAN\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [231424 2008-06-05] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [uTorrent] => C:\Users\DUNEDAN\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [GoogleChromeAutoLaunch_647C5B00988DE89D978C798676D85787] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1323776 2014-09-24] (Bogdan Sharkov)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [EvolveClient] => G:\EvolveClient.exe [3332512 2014-09-15] (Echobit LLC)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-15] (Google Inc.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9958192 2014-09-18] ()
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-760052788-1994585468-4114317675-1000\...\Policies\Explorer: [] 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> G:\MobileGo for Android\MobileGoService.exe (Wondershare)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30F2BA1123C9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {C7ABD3C5-2004-4F4A-B830-0CC7F787BA1F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> G:\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DUNEDAN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Battlefield Heroes Updater - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\[email protected] [2014-10-04]
FF Extension: AtuZi - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\Extensions\{0dc477ee-5894-43fd-97da-9fdac27d6239}.xpi [2014-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-10-17]
FF Extension: No Name - C:\Users\DUNEDAN\AppData\Roaming\Mozilla\Firefox\Profiles\avrxate3.default-1411907510305\extensions\[email protected]_9t.com [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Документи) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-16]
CHR Extension: (Google Диск) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-06]
CHR Extension: (YouTube) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-14]
CHR Extension: (No Name) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\chomoaoihbpongmkmnldppkllcfhggda [2014-09-23]
CHR Extension: (Google Търсене) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-14]
CHR Extension: (AutoCAD 360) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2013-10-30]
CHR Extension: (Google+) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-05-10]
CHR Extension: (No Name) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh [2014-09-23]
CHR Extension: (Block site) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2013-11-13]
CHR Extension: (Dnevnik.bg) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgpgbimpbapjogkgkgmdkcdimopnnljb [2013-11-11]
CHR Extension: (Kaldata.com) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliaaaomamailheoidfllejljaibbemc [2013-10-30]
CHR Extension: (Google Maps) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-10-30]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2013-12-19]
CHR Extension: (Google Wallet) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Norton Security Toolbar) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-02-17]
CHR Extension: (Gmail) - C:\Users\DUNEDAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-07-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 ArcService; G:\Arc\ArcService.exe [88400 2014-06-26] (Perfect World Entertainment Inc)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [778240 2008-06-05] () [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [141824 2008-06-04] () [File not signed]
R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2008-06-04] () [File not signed]
R3 EvoSvc; G:\EvoSvc.exe [1579936 2014-09-15] (Echobit LLC)
R2 HmsService; C:\Program Files (x86)\Home Media Server\hmssvc.exe [5336576 2014-01-30] (Evgeny Lachinov) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KMWDSERVICE; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [208896 2007-04-05] (UASSOFT.COM) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-20] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [32088 2013-06-02] ()
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2014-05-27] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2014-05-27] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2014-05-27] (LG Electronics Inc.)
R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2008-03-06] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [16904 2008-01-21] (IVT Corporation.)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47496 2008-03-06] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25480 2008-01-21] (IVT Corporation.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 DIRECTIO; G:\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-14] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-06-10] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-25] (Echobit, LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-02-18] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [31752 2008-01-21] (IVT Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [17032 2008-01-21] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [38664 2008-01-21] (IVT Corporation.)
S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [36360 2008-03-06] (IVT Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\DUNEDAN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 14:59 - 2014-10-17 14:59 - 02112000 _____ (Farbar) C:\Users\DUNEDAN\Desktop\FRST64 (1).exe
2014-10-17 14:59 - 2014-10-17 14:59 - 00027003 _____ () C:\Users\DUNEDAN\Desktop\FRST.txt
2014-10-17 14:51 - 2014-10-17 14:51 - 00007774 _____ () C:\Users\DUNEDAN\Desktop\ESETScan.txt
2014-10-17 12:19 - 2014-10-17 12:19 - 02347384 _____ (ESET) C:\Users\DUNEDAN\Downloads\esetsmartinstaller_enu (1).exe
2014-10-17 12:19 - 2014-10-17 12:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-17 12:17 - 2014-10-17 12:17 - 00001058 _____ () C:\Users\DUNEDAN\Desktop\scan Malwarebytes.txt
2014-10-17 11:36 - 2014-10-17 13:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 11:36 - 2014-10-17 11:36 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 11:36 - 2014-10-17 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 11:36 - 2014-10-17 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 11:36 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 11:36 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 11:36 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-17 11:34 - 2014-10-17 11:35 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\DUNEDAN\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-16 23:44 - 2014-10-16 23:44 - 00001162 _____ () C:\Users\DUNEDAN\Desktop\ComboFix - Shortcut.lnk
2014-10-16 23:36 - 2014-10-16 23:36 - 00024097 _____ () C:\ComboFix.txt
2014-10-16 20:12 - 2014-10-16 23:36 - 00000000 ____D () C:\Qoobox
2014-10-16 20:12 - 2014-10-16 20:43 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 20:12 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-16 20:12 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-16 20:12 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-16 20:12 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-16 20:12 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-16 20:12 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-16 20:12 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-16 20:12 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-16 20:10 - 2014-10-16 20:10 - 05583559 ____R (Swearware) C:\Users\DUNEDAN\Downloads\ComboFix.exe
2014-10-16 20:07 - 2014-10-16 20:07 - 00001555 _____ () C:\Users\DUNEDAN\Desktop\JRT.txt
2014-10-16 20:04 - 2014-10-16 20:04 - 01705698 _____ (Thisisu) C:\Users\DUNEDAN\Downloads\JRT.exe
2014-10-16 20:04 - 2014-10-16 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-10-16 19:55 - 2014-10-16 19:59 - 00000000 ____D () C:\AdwCleaner
2014-10-16 19:55 - 2014-10-16 19:55 - 01976320 _____ () C:\Users\DUNEDAN\Downloads\adwcleaner_4.000.exe
2014-10-16 19:17 - 2014-10-16 19:17 - 00000000 ____D () C:\Program Files (x86)\AlLLSaver
2014-10-16 15:25 - 2014-10-16 15:25 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\adt-bundle-windows-x86-20140702
2014-10-16 15:23 - 2014-10-16 15:24 - 370612741 _____ () C:\Users\DUNEDAN\Downloads\adt-bundle-windows-x86-20140702.zip
2014-10-16 14:42 - 2014-10-16 14:43 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\mgyun
2014-10-16 14:42 - 2014-10-16 14:42 - 00000509 _____ () C:\Users\Public\Desktop\VROOT.lnk
2014-10-16 14:42 - 2014-10-16 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VROOT
2014-10-16 14:41 - 2014-10-16 14:41 - 06926776 _____ (Shenzhen Xinyi Network Co.,Ltd. ) C:\Users\DUNEDAN\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe
2014-10-16 13:26 - 2014-10-16 13:26 - 00065197 _____ () C:\Users\DUNEDAN\Desktop\Addition.txt
2014-10-16 13:01 - 2014-10-16 13:02 - 00065197 _____ () C:\Users\DUNEDAN\Downloads\Addition.txt
2014-10-16 13:00 - 2014-10-17 14:59 - 00000000 ____D () C:\FRST
2014-10-16 13:00 - 2014-10-16 13:02 - 00061303 _____ () C:\Users\DUNEDAN\Downloads\FRST.txt
2014-10-16 12:59 - 2014-10-16 12:59 - 02111488 _____ (Farbar) C:\Users\DUNEDAN\Downloads\FRST64.exe
2014-10-16 12:45 - 2014-10-16 12:45 - 02347384 _____ (ESET) C:\Users\DUNEDAN\Downloads\esetsmartinstaller_enu.exe
2014-10-15 10:46 - 2014-10-15 10:46 - 00000000 ___RD () C:\Users\DUNEDAN\Documents\ььь
2014-10-14 21:34 - 2014-10-14 21:34 - 00000541 _____ () C:\Users\Public\Desktop\Launcher.exe.lnk
2014-10-14 21:33 - 2014-10-14 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program
2014-10-14 21:32 - 2014-10-14 21:32 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\HexHunterZ
2014-10-14 20:56 - 2014-10-14 20:56 - 00001282 _____ () C:\Users\DUNEDAN\Desktop\KSP - Shortcut.lnk
2014-10-14 20:13 - 2014-10-14 20:13 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-10-14 20:13 - 2014-10-14 20:13 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-10-14 20:13 - 2014-10-14 20:13 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-10-14 20:12 - 2014-10-14 20:12 - 00000458 _____ () C:\Users\DUNEDAN\Desktop\Commander.lnk
2014-10-14 20:12 - 2014-10-14 20:12 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slitherine
2014-10-14 20:11 - 2014-10-14 20:11 - 00000000 ____D () C:\Windows\Commander The Great War
2014-10-14 15:13 - 2014-10-14 15:13 - 00097670 _____ () C:\Users\DUNEDAN\Downloads\3DMGAME-Kerbal.Space.Program.v0.23.0.395.Cracked-3DM.torrent
2014-10-13 13:01 - 2014-10-13 13:01 - 00000000 ____D () C:\Users\DUNEDAN\Documents\Sony
2014-10-13 12:59 - 2014-10-13 12:59 - 00018718 _____ () C:\Windows\DPINST.LOG
2014-10-13 12:59 - 2014-10-13 12:59 - 00002064 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-10-12 20:48 - 2014-10-12 20:48 - 00003210 _____ () C:\Windows\System32\Tasks\{3384FF0D-6DA9-4BF3-B4D8-B1B69428CB6D}
2014-10-12 18:38 - 2014-10-15 18:42 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-10-12 14:47 - 2014-10-12 14:47 - 00066690 _____ () C:\Users\DUNEDAN\Downloads\Ryse.Son.of.Rome-CODEX.torrent
2014-10-11 18:16 - 2014-10-11 18:16 - 00000202 _____ () C:\Users\DUNEDAN\Desktop\Styx Master of Shadows.url
2014-10-10 15:38 - 2014-10-10 15:38 - 00001908 _____ () C:\Users\DUNEDAN\Downloads\Tolkien Atlas of Middle-Earth.torrent
2014-10-10 12:50 - 2014-10-10 12:50 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BGMountains
2014-10-10 12:50 - 2014-10-10 12:50 - 00000000 ____D () C:\Garmin
2014-10-10 12:42 - 2014-10-10 12:44 - 194090381 _____ () C:\Users\DUNEDAN\Downloads\BGMountains20140920Cyr.exe
2014-10-10 11:59 - 2014-10-10 12:01 - 221245440 _____ () C:\Users\DUNEDAN\Downloads\BGMountains_CYR.img
2014-10-05 10:41 - 2014-10-07 16:30 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-05 10:32 - 2014-10-05 10:32 - 00001939 _____ () C:\Users\DUNEDAN\Desktop\Clownfish.lnk
2014-10-05 10:31 - 2014-10-05 10:31 - 00790240 _____ (Shark Labs) C:\Users\DUNEDAN\Downloads\CFSetup360.exe
2014-10-04 23:18 - 2014-10-04 23:18 - 00000000 ____D () C:\Users\DUNEDAN\Documents\WB Games
2014-10-04 23:18 - 2014-10-04 23:18 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Steam
2014-10-04 21:08 - 2014-10-04 21:08 - 00000749 _____ () C:\Users\DUNEDAN\Desktop\Middle Earth Shadow of Mordor.lnk
2014-10-04 21:08 - 2014-10-04 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2014-10-03 18:57 - 2014-10-04 23:13 - 00000000 ____D () C:\Program Files (x86)\GMT-MAX.ORG
2014-10-03 09:55 - 2014-10-16 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-03 09:55 - 2014-10-03 09:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-01 20:37 - 2014-10-01 20:37 - 00000678 _____ () C:\Users\Public\Desktop\Wondershare MobileGo for Android.lnk
2014-10-01 20:37 - 2014-10-01 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-10-01 16:03 - 2014-10-01 16:03 - 00012968 _____ () C:\Users\DUNEDAN\Downloads\Granny.Smith.v1.2.0-Game-AnDrOiD.torrent
2014-10-01 14:45 - 2014-10-01 15:31 - 00000000 ____D () C:\Users\DUNEDAN\Documents\StarCraft II
2014-10-01 14:40 - 2014-10-10 21:39 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\Domashno
2014-10-01 14:38 - 2014-10-01 14:46 - 00000612 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2014-10-01 14:38 - 2014-10-01 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-09-30 22:53 - 2014-09-30 22:53 - 00012838 _____ () C:\Users\DUNEDAN\Downloads\Badland.v1.7072[Apk+Data][MafiaSSS][ALRG].torrent
2014-09-30 19:31 - 2014-09-30 19:31 - 00000000 ____D () C:\ProgramData\Wondershare
2014-09-30 19:20 - 2014-09-30 19:22 - 43545360 _____ (Wondershare ) C:\Users\DUNEDAN\Downloads\android-transfer(1).exe
2014-09-29 20:16 - 2014-09-29 20:16 - 00014053 _____ () C:\Users\DUNEDAN\Downloads\RK2009RUS.rar.torrent
2014-09-29 18:40 - 2014-10-16 18:40 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-29 15:09 - 2014-09-29 15:09 - 00034498 _____ () C:\Users\DUNEDAN\Downloads\Good.Will.Hunting.1997.BluRay.720P.X264.DTS-WiKi.torrent
2014-09-28 19:33 - 2014-09-28 19:33 - 00000000 ____D () C:\ProgramData\fopdkbmpggiillmhdkjngeoefeflglnc
2014-09-28 15:31 - 2014-09-28 15:31 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\Old Firefox Data
2014-09-28 12:00 - 2014-09-28 12:00 - 00040572 _____ () C:\Users\DUNEDAN\Downloads\_.damebra.srt_1(subsunacs.net).rar
2014-09-27 12:38 - 2014-09-27 12:38 - 00001101 _____ () C:\Users\Public\Desktop\Garena+.lnk
2014-09-27 12:37 - 2014-09-27 12:38 - 72969976 _____ () C:\Users\DUNEDAN\Downloads\Garena+_Install.exe
2014-09-26 23:42 - 2014-09-26 23:42 - 05969287 _____ ( ) C:\Users\DUNEDAN\Downloads\NodeBeat.exe
2014-09-26 23:42 - 2014-09-26 23:42 - 00000593 _____ () C:\Users\Public\Desktop\Nodebeat.lnk
2014-09-26 23:42 - 2014-09-26 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nodebeat
2014-09-26 23:30 - 2014-09-26 23:30 - 00010074 _____ () C:\Users\DUNEDAN\Downloads\PlagueInc.exe.torrent
2014-09-26 21:57 - 2014-09-26 21:57 - 00000806 _____ () C:\Users\DUNEDAN\Desktop\Frozen Throne.lnk
2014-09-26 21:55 - 2014-09-26 22:04 - 00064186 _____ () C:\Windows\War3Unin.dat
2014-09-26 21:55 - 2014-09-26 21:57 - 00139264 _____ (Blizzard Entertainment) C:\Windows\War3Unin.exe
2014-09-26 21:55 - 2014-09-26 21:57 - 00002829 _____ () C:\Windows\War3Unin.pif
2014-09-26 21:55 - 2014-09-26 21:57 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-09-26 21:55 - 2014-09-26 21:55 - 00000801 _____ () C:\Users\DUNEDAN\Desktop\Warcraft III.lnk
2014-09-26 21:25 - 2014-09-26 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-09-26 20:01 - 2014-09-26 20:01 - 00035878 _____ () C:\Users\DUNEDAN\Downloads\Warcraft III Reign Of Chaos and The Frozen Throne (DOTA) (1).torrent
2014-09-26 19:53 - 2014-09-26 19:53 - 00035878 _____ () C:\Users\DUNEDAN\Downloads\Warcraft III Reign Of Chaos and The Frozen Throne (DOTA).torrent
2014-09-26 18:39 - 2014-09-26 18:39 - 00015774 _____ () C:\Users\DUNEDAN\Downloads\SimCity-Razor1911 (1).torrent
2014-09-25 18:22 - 2014-09-25 18:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 22:31 - 2014-09-23 22:32 - 00000000 ____D () C:\Users\TEMP\Documents\Bluetooth
2014-09-23 22:30 - 2014-10-16 20:46 - 00000000 ____D () C:\Users\TEMP
2014-09-23 13:48 - 2014-09-23 13:48 - 00000004 _____ () C:\Users\DUNEDAN\AppData\Roaming\appdataFr2.bin
2014-09-20 19:33 - 2014-09-20 19:33 - 00030311 _____ () C:\Users\DUNEDAN\Downloads\do_US_na_DKB.doc.p7m
2014-09-20 19:33 - 2014-09-20 19:33 - 00030311 _____ () C:\Users\DUNEDAN\Downloads\do_US_na_DKB.doc (2).p7m
2014-09-20 19:33 - 2014-09-20 19:33 - 00030311 _____ () C:\Users\DUNEDAN\Downloads\do_US_na_DKB.doc (1).p7m
2014-09-19 23:58 - 2014-09-19 23:58 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-19 23:58 - 2014-09-19 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-19 23:49 - 2014-09-19 23:54 - 1778598272 _____ () C:\Users\DUNEDAN\Downloads\StrifeWindows-0.4.0.7.exe
2014-09-19 16:49 - 2014-09-19 16:49 - 00016120 _____ () C:\Users\DUNEDAN\Downloads\Meri -The Best By Private Teens Take It Up The Ass -Private The Matador 2.torrent
2014-09-19 16:48 - 2014-09-19 16:48 - 00011832 _____ () C:\Users\DUNEDAN\Downloads\Candid-repack.rar.torrent
2014-09-19 16:48 - 2014-09-19 16:48 - 00011832 _____ () C:\Users\DUNEDAN\Downloads\Candid-repack.rar (1).torrent
2014-09-19 16:43 - 2014-09-19 16:43 - 00015038 _____ () C:\Users\DUNEDAN\Downloads\Houdini.2014.Part2.REPACK.720p.HDTV.x264.torrent
2014-09-19 15:11 - 2014-09-19 15:11 - 00000000 ___HD () C:\Users\DUNEDAN\Downloads\.picasaoriginals
2014-09-19 15:10 - 2014-09-19 15:11 - 00000038 ____H () C:\Users\DUNEDAN\Downloads\.picasa.ini
2014-09-19 14:11 - 2014-09-19 14:11 - 00787324 _____ () C:\Users\DUNEDAN\Downloads\Снимки – Google+1.htm
2014-09-19 14:11 - 2014-09-19 14:11 - 00000000 ____D () C:\Users\DUNEDAN\Downloads\Снимки – Google+1_files
2014-09-19 14:10 - 2014-09-19 14:10 - 00790427 _____ () C:\Users\DUNEDAN\Downloads\Снимки – Google+.htm
2014-09-19 14:10 - 2014-09-19 14:10 - 00000000 ____D () C:\Users\DUNEDAN\Downloads\Снимки – Google+_files
2014-09-19 12:31 - 2014-09-19 12:31 - 00000000 ____D () C:\ProgramData\Astroburn Lite
2014-09-17 14:20 - 2014-09-17 14:20 - 00056270 _____ () C:\Users\DUNEDAN\Downloads\Edge.of.Tomorrow.2014.HDRip.XViD_juggs_ETRG_.(subs.sab.bz).rar
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 15:00 - 2013-10-14 19:44 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\uTorrent
2014-10-17 14:07 - 2013-10-15 15:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 14:05 - 2013-10-15 00:23 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 14:04 - 2013-10-14 20:33 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Skype
2014-10-17 12:27 - 2013-10-15 00:16 - 01232735 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 12:08 - 2009-07-14 07:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 12:08 - 2009-07-14 07:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 12:07 - 2014-06-23 18:27 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\GarenaPlus
2014-10-17 12:07 - 2014-06-23 18:11 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-10-17 12:06 - 2009-07-14 08:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 12:04 - 2013-10-17 11:16 - 00003242 _____ () C:\Windows\System32\Tasks\AIDA64 AutoStart
2014-10-17 12:03 - 2014-07-30 22:11 - 00004961 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-10-17 12:03 - 2014-07-30 22:11 - 00000102 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-10-17 12:03 - 2014-06-23 18:16 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_DUNEDAN
2014-10-17 12:03 - 2013-10-15 00:23 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 12:03 - 2008-06-05 17:51 - 00000961 _____ () C:\Windows\SysWOW64\bscs.ini
2014-10-17 12:01 - 2014-09-04 11:53 - 00030176 _____ () C:\Windows\PFRO.log
2014-10-17 12:01 - 2014-08-08 22:43 - 00014627 _____ () C:\Windows\setupact.log
2014-10-17 12:01 - 2014-02-17 16:26 - 00000000 ____D () C:\ProgramData\Home Media Server
2014-10-17 12:01 - 2013-12-23 16:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-17 12:01 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 23:23 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-16 21:13 - 2013-10-15 00:17 - 00000000 ____D () C:\Users\DUNEDAN
2014-10-16 20:46 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Default
2014-10-16 20:31 - 2009-07-14 05:34 - 84672512 _____ () C:\Windows\system32\config\software.bak
2014-10-16 20:31 - 2009-07-14 05:34 - 21757952 _____ () C:\Windows\system32\config\system.bak
2014-10-16 20:31 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-10-16 20:31 - 2009-07-14 05:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-10-16 20:31 - 2009-07-14 05:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-10-16 19:50 - 2014-06-12 21:32 - 00002291 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 19:50 - 2013-10-15 00:18 - 00001413 _____ () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-16 19:50 - 2013-10-14 22:32 - 00001197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-16 19:50 - 2013-10-14 22:32 - 00001185 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-16 19:46 - 2014-05-23 11:05 - 00000000 ____D () C:\ProgramData\d17db1a4dd066582
2014-10-16 16:28 - 2009-07-14 05:34 - 00000766 _____ () C:\Windows\win.ini
2014-10-15 18:45 - 2014-09-10 20:27 - 00004507 _____ () C:\Windows\system32\ScanResults.xml
2014-10-15 10:44 - 2014-09-03 17:55 - 00000000 ___HD () C:\Users\DUNEDAN\Desktop\.picasaoriginals
2014-10-14 21:15 - 2014-01-11 13:14 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-14 21:14 - 2013-10-14 22:22 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Local\CrashDumps
2014-10-14 20:15 - 2013-11-21 18:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-14 20:13 - 2007-12-11 16:06 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-10-14 20:13 - 2007-12-11 16:06 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-10-14 20:12 - 2014-01-20 20:11 - 00000000 ____D () C:\Users\DUNEDAN\Documents\My Games
2014-10-13 12:59 - 2014-02-05 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-10-13 12:59 - 2013-10-15 00:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-13 12:08 - 2014-05-20 15:02 - 00000000 ____D () C:\Program Files (x86)\Optimik
2014-10-12 20:58 - 2013-10-25 16:18 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\CodeBlocks
2014-10-07 16:32 - 2013-10-25 16:21 - 00000000 ____D () C:\Users\DUNEDAN\Documents\Информатика
2014-10-05 10:41 - 2014-04-02 15:38 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo
2014-10-05 10:39 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-05 10:35 - 2014-08-21 18:29 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-10-05 10:32 - 2014-08-08 00:51 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-10-04 23:14 - 2013-11-17 13:05 - 00000000 ____D () C:\ProgramData\Origin
2014-10-04 23:14 - 2013-10-16 20:21 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-10-03 19:18 - 2013-10-16 16:28 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-03 09:55 - 2013-10-14 20:33 - 00000000 ____D () C:\ProgramData\Skype
2014-10-01 23:38 - 2013-11-24 23:42 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Local\Battle.net
2014-10-01 20:37 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\DUNEDAN\.android
2014-10-01 14:46 - 2013-11-24 23:42 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-10-01 14:38 - 2014-07-31 23:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-30 19:31 - 2014-06-04 21:26 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Wondershare
2014-09-29 12:55 - 2013-11-26 15:19 - 00000000 ___RD () C:\Users\DUNEDAN\Desktop\ICON
2014-09-28 01:18 - 2014-09-11 02:17 - 00000398 _____ () C:\Users\DUNEDAN\Desktop\New Text Document.txt
2014-09-27 15:19 - 2014-06-23 18:47 - 00045270 _____ () C:\Users\DUNEDAN\AppData\Roaming\room_v3.dat
2014-09-27 12:38 - 2014-06-23 18:15 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-09-27 10:15 - 2013-10-14 22:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-26 21:40 - 2014-01-11 01:56 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-26 18:31 - 2014-09-11 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The SIMS 4 Deluxe Edition
2014-09-26 17:10 - 2014-08-08 22:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-26 17:10 - 2013-11-26 15:16 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-09-26 17:10 - 2013-11-26 15:16 - 00001908 _____ () C:\Windows\diagerr.xml
2014-09-24 15:50 - 2014-02-08 01:15 - 00000000 ____D () C:\Users\DUNEDAN\Desktop\New folder
2014-09-23 22:32 - 2009-07-14 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-23 22:31 - 2009-07-14 07:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-23 16:57 - 2014-02-07 13:26 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\dvdcss
2014-09-23 16:57 - 2013-11-14 19:15 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Roaming\vlc
2014-09-22 09:42 - 2010-11-21 06:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 23:58 - 2014-08-25 21:39 - 00018933 _____ () C:\Windows\DirectX.log
2014-09-19 23:43 - 2013-10-17 10:31 - 00000000 ____D () C:\Temp
2014-09-17 13:42 - 2013-10-17 12:18 - 00000000 ____D () C:\Users\DUNEDAN\AppData\Local\cache
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 15:45
Линк към коментара
Сподели в други сайтове

 

Има ли подобрение след процедурите до тук..?Какво е моментното състояние на системата ви..?

 

Пропусна ли сте другия дневник с Farbar Recovery Scan Tool - Addition.txt

Линк към коментара
Сподели в други сайтове

Здравейте..!Има ли подобрение след процедурите до тук..?Какво е моментното състояние на системата ви..?

Извинявай не съм видял началото на поста. :(

:) Да подобрение има, вече не изскачат банери в хрома и е доста по- бърз. malicious блокира нежелани прзорци :clap:

прикачих файла

Addition.txt

Линк към коментара
Сподели в други сайтове

Прекрасно..!Да поразчистим остатъците и приключваме..! :)

 

FRST.gif Фикс с Farbar Recovery Scan Tool

 
icon13.gif Изтеглете прикачения файл и го запазете там, където сте свалили FRST.exe => fixlist.txt
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.
Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.

 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

 

+ да позапушим уязвимите места в системата:

 

icon1348768721.jpg  Изтеглете Security Check (автор: screen317) от тук

  • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
  • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.
Линк към коментара
Сподели в други сайтове

 FixLog.tx


Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Call of Duty Ghosts  
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (en-US)  
 TuneUp Utilities 2014   
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome 35.0.1916.153  
 Google Chrome update.dll..  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

Fixlog.txt

Линк към коментара
Сподели в други сайтове

Ами това е от мен...Приключваме..:
 
Деинсталирайте ComboFix така:

  • Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

CF.jpg
 
Моля, следвайте инструкциите, за да деинсталирате ComboFix. Ще получите съобщение, в което се казва ComboFix е деинсталиран успешно.
 
 
icon_arrow.gif Изтеглете следния файл и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи публикувайте лог файла - fixlog.txt, който ще се създаде след работата. Той трябва да изтрие карантинната папка на инструмента разположена в C:FRSTQuarantine.
 
 
icon_arrow.gif Изтеглете DelFix и го стартирайте. Сложете отметка пред Remove disinfection tools и след това натиснете бутона Run
Инструмента ще се самоизтрие след като приключи своята задача!
 
1_tmb_68929169_delfix.gif.jpg
 
 
icon_exclaim.gif Деинсталирайте adwcleaner.exe

  • Моля, затворете всички отворени програми и интернет браузъри.
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Кликнете върху Uninstall .
  • Щракнете върху Yes за да деинсталирате Adwcleaner

icon_arrow.gif Деинсталирайте ESET Online Scaner.

  • Start => Run, въведете control appwiz.cpl в полето.След това натиснете ENTER.
  • Изберете ESET Online Scanner от списъка с приложения, а след това маркирайте Remove. Aко бъдете подканени рестартирайте компютъра си.

icon_arrow.gif Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..!Напомням че това не е антивирусна програма а едно изключително добро допълнение към нея..!
 
vxyzw0.gif Java не е актуална а по-старите версии съдържат уязвимости. Нужно е да обновете до най-новата версия:
Изтеглете най-новата версия от тук: Free Java Download
Важно е да се отстранят по-стари версии на Java, тъй като тя не прави това автоматично и старите версии все още ви оставя уязвими.
Отидете на Start > Control Panel > отворете Uninstall a program
Намерете в списъка  всички предишни инсталирани версии на Java. (J2SE Runtime Environment).Във вашия случай:Java™ 7 Update 55. Изберете всяка поотделно и я деинсталирайте като щракнете върху Uninstall.След като старите версии са премахнати, моля инсталирайте най-новата версия.
 
 
vxyzw0.gifИзползвайте програмите PatchMyPC или Secunia Personal Software Inspector за да инсталирайте всички ъпдейти и последни версии на софтуер, които инструментите ви предложат.
 
Хубаво е да направите и една дефрагментация на диска с помоща на:

  • Не се препоръчва дефрагментация на SSD Твърд диск

    Изтеглете MyDefrag и я инсталирайте.
     
    Изберете System Disk Monthly => Посочете системния и recovery дяловете и натиснете Run
     
    t23MhLW.png
     
    Може да отнеме доста време...след като приключи ще изпише Finished и можете да затворите програмата от X-са
     
    How+do+I+consolidate+free+space+using+My
     
    След това рестартирайте системата.

Още малко препоръки..:

Предлагам ви да използвате тази много добра малка програма, която автоматично ще премахва всички нежелани допълнения  по време на инсталирането на софтуера. Това помага за предотвратяване на инсталиране на зловреден код.
 
Кликнете тук за да изтеглите програмата и я инсталирайте..!

 

xunchecky1_zps667e512d.jpg.pagespeed.ic.

xunchecky2_zpsca4e7d0d.jpg.pagespeed.ic.

 

Много важно е да знаете че  не трябва да инсталирате повече от една антивирусна програма или защитна стена. Това всъщност прави повече вреда, отколкото добро, и ще доведе до много проблеми за вашия компютър.
 
 Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрийте ръчно.
 
Ако нямате други въпроси маркирам случая за "Решен"...! Пожелавам лек ден и безопасен интернет..! :)

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от CaptainJord
      Здравейте, от известно време системата ми не работи както обикновенно. Много често процесора е към 100%, както и другите статистики. Също така, докато съм пуснал някоя игра получавам рязки спадове на FPS, което не е нормално за компютъра ми. Имам стабилна конфигурация GTX 1050 TI 4gb I5 6600k. Теглих какви ли не програми за сканиране на malware - намираха доста зловредни файлове, но уж ги чистят, а пак продължава проблема...
       

       
      Addition.txt FRST.txt

    • от FrankyF
      Здравейте, на скоро ми излезе един попъп :

      И понеже нямах антивирусна преди това исках да направя профилактична проверка.
      Прикачвам FRST & Adition.
      Adition - https://dox.abv.bg/download?id=ec814d8d64# - Линк за сваляне
      ckfiles - https://dox.abv.bg/download?id=e280a29d87# - Линк за сваляне
      FRST - https://dox.abv.bg/download?id=bb2866b435# - Линк за сваляне
      Днес като стартирах PC  видях за около части от секундата 4 терминала които се отвориха и затвориха.
       
      Благодаря предварително.
      Поздрави
    • от blazarow09
      От скоро ползвам машината и след като я закупих(нова) Windows defender беше спрян по подразбиране и на негово място имаше Norton Security, като аз прецених да го оставя, въпреки, че винаги съм ползвал Windows Defender. Преди седмица-две, след сканиране на системата ми излязоха няколко зловредни файла и антивирусната започна да спрами за някакви BitCoin Miners, аз мислех, че съм ги зачистил, но явно все още има останали зловредни файлове и днес ми се наложи да отворя Device Manager-a, като получих това съобщение.
       
      Не усещам разлика в performance-a на самата машина, но искам да съм сигурен, че всичко е наред и няма файлове, които могат да ми навредят за в бъдеще.

      Прикачвам логовете от Farbar и се надявам да ми помогнете. Благодаря предварително!
      Addition.txt FRST.txt
    • от Yanichka
      Здравейте. Имам проблеми с лаптопа ми от известно време - много е бавен, пренатоварва се и CPU-то работи на по-малко от  50%.. Бях посъветвана първо да проверя за вируси и нежелани софтуери, преди да предприема други мерки. Лаптопът е DELL Latitude E5540, Intel inside core i7 vPro. Да кажем, че  е средно на около 6 годинки :)) Коя антивирусна програма бихте ми препоръчали? Ако имате нужда от още информация за лаптопа, само пишете ;))  Благодаря предварително
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване