Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор

Здравейте, от няколко дена имам проблем със адуеър, който не мога да открия от коя програма идва. Симптомите ги знаете, изкачат реклами, освен това в някои страници има думи, които са удебелени и препращат към друг сайт. Прикачвам скрийншот за да видите. Ето лога от frst:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by Phill (administrator) on ASUNATOR (29-11-2016 13:19:51)
Running from C:\Users\Phill\Desktop
Loaded Profiles: Phill (Available Profiles: Phill)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\ouc.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
("My Web Shield") C:\Program Files\My Web Shield\mweshield.exe
("My Web Shield") C:\Program Files\My Web Shield\mweshieldup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2014-09-29] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Steam] => D:\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [uTorrent] => C:\Users\Phill\AppData\Roaming\uTorrent\uTorrent.exe [2145472 2016-11-22] (BitTorrent Inc.)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Spotify Web Helper] => C:\Users\Phill\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-08-08] (Spotify Ltd)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Spotify] => C:\Users\Phill\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-08-08] (Spotify Ltd)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [RGSC] => D:\Games\Rockstar Games\GTA lV\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb638f9-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb63905-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {1521a98d-c92c-11e5-8289-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {251215bd-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121661-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121b17-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {395190d1-54da-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {413bd7d5-5951-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7b5479d6-5743-11e6-82ad-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64edde-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64f000-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7fa52f3f-5de7-11e5-8269-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9011868b-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {90118693-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {901186ac-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9e783-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9f31e-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9a843e16-8fc9-11e6-82b1-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {af58f2ad-e7e8-11e5-8295-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b00206a9-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b0020723-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b244836b-9abf-11e5-827c-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {d4d39be5-1241-11e6-82a3-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {e2243fdb-3afa-11e5-8259-40e23059e252} - "F:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd28198-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd2889f-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-28] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A78E9DE8-6EE8-49F6-B263-76182DBC8CD1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C2B264B5-2EB0-48D7-B271-33A5B8566016}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.bg/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-210&v=n12521-347&t=4","hxxp://www.mystartsearch.com/?type=hp&ts=1416439125&from=amt&uid=SAMSUNGXHM160HC_S12TJD0S966470","hxxp://www.delta-homes.com/?type=hp&ts=1419445398&from=wpm12233&uid=ST3320620AS_5QF190G5XXXX5QF190G5","hxxp://isearch.omiga-plus.com/?type=hp&ts=1419544132&from=obw&uid=SAMSUNGXHM160HC_S12TJD0S966470","hxxp://www.istartsurf.com/?type=hp&ts=1437087111&z=bc30721319c3a4577d4c330g1z6cam3e5b0maefzfz&from=obw&uid=ST1000LM024XHN-M101MBB_S32XJ9HFA06771"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default [2016-11-29]
CHR Extension: (Adblock Plus) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (TunnelBear VPN) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2016-07-24]
CHR Extension: (Chrome Media Router) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-28] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S2 GLOBUL Connection Manager. RunOuc; C:\Program Files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe [655712 2016-03-08] ()
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 mweshield; C:\Program Files\My Web Shield\mweshield.exe [931640 2016-08-31] ("My Web Shield") <==== ATTENTION
R2 mweshieldup; C:\Program Files\My Web Shield\mweshieldup.exe [348472 2016-08-31] ("My Web Shield") <==== ATTENTION
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-11-17] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-08-18] (RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-28] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-28] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-28] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-28] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-28] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-18] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-10-07] (ASUS Corporation)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S3 cmnxusbser; C:\WINDOWS\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 cpuz138; C:\Users\Phill\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-10-23] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [271424 2015-08-05] (DT Soft Ltd)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2016-03-08] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R1 mwescontroller; C:\WINDOWS\system32\drivers\mwescontroller.sys [57680 2016-08-31] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [40448 2014-05-23] (QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [243712 2014-05-23] (QUALCOMM Incorporated) [File not signed]
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 13:09 - 2016-11-29 13:20 - 00022435 _____ C:\Users\Phill\Desktop\FRST.txt
2016-11-29 13:09 - 2016-11-29 13:19 - 00000000 ____D C:\FRST
2016-11-29 13:08 - 2016-11-29 13:08 - 02411520 _____ (Farbar) C:\Users\Phill\Downloads\FRST64 (1).exe
2016-11-29 13:07 - 2016-11-29 13:08 - 02411520 _____ (Farbar) C:\Users\Phill\Desktop\FRST64.exe
2016-11-23 16:33 - 2016-11-23 16:33 - 00001148 _____ C:\Users\Phill\Desktop\Assassins Creed II.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00000000 ____D C:\Users\Phill\AppData\Roaming\Ubisoft
2016-11-23 16:27 - 2016-10-28 23:04 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-11-23 16:27 - 2016-10-28 23:04 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-23 13:54 - 2016-11-02 22:48 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-23 13:54 - 2016-11-02 22:48 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-23 13:54 - 2016-11-02 16:03 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-23 13:54 - 2016-11-02 16:00 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-23 13:54 - 2016-10-27 20:53 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-23 13:54 - 2016-10-27 20:51 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-23 13:54 - 2016-10-27 20:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-11-23 13:54 - 2016-10-27 20:28 - 25763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-23 13:54 - 2016-10-27 20:19 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-23 13:54 - 2016-10-27 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-23 13:54 - 2016-10-27 20:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-23 13:54 - 2016-10-27 20:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-23 13:54 - 2016-10-27 19:57 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-23 13:54 - 2016-10-27 19:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-11-23 13:54 - 2016-10-27 19:47 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-23 13:54 - 2016-10-27 19:46 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-23 13:54 - 2016-10-27 19:46 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-23 13:54 - 2016-10-27 19:44 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-23 13:54 - 2016-10-27 19:17 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-23 13:54 - 2016-10-27 19:16 - 02920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-23 13:54 - 2016-10-27 19:03 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-23 13:54 - 2016-10-27 18:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-23 13:54 - 2016-10-27 17:05 - 20304896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-23 13:54 - 2016-10-25 16:11 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-23 13:54 - 2016-10-22 19:35 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-23 13:54 - 2016-10-22 19:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-11-23 13:54 - 2016-10-22 19:27 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-23 13:54 - 2016-10-22 19:21 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-11-23 13:54 - 2016-10-22 18:58 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-23 13:54 - 2016-10-22 18:57 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-23 13:54 - 2016-10-22 18:56 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-23 13:54 - 2016-10-22 18:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-23 13:54 - 2016-10-22 18:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-11-23 13:54 - 2016-10-22 18:45 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-23 13:54 - 2016-10-22 18:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-23 13:54 - 2016-10-22 18:44 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-23 13:54 - 2016-10-22 18:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-23 13:54 - 2016-10-22 18:30 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-23 13:54 - 2016-10-22 18:12 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-23 13:54 - 2016-10-22 18:09 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-23 13:54 - 2016-10-22 18:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-23 13:54 - 2016-10-13 21:06 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-23 13:54 - 2016-10-13 21:06 - 01124376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-23 13:54 - 2016-10-12 10:01 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-23 13:54 - 2016-10-11 22:21 - 00497448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-23 13:54 - 2016-10-11 22:21 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-23 13:54 - 2016-10-11 20:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-23 13:54 - 2016-10-11 19:47 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-23 13:54 - 2016-10-11 18:55 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-23 13:54 - 2016-10-10 23:17 - 00444248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-23 13:54 - 2016-10-10 23:17 - 00333656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-23 13:54 - 2016-10-10 00:59 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-23 13:54 - 2016-10-09 01:12 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-11-23 13:54 - 2016-10-09 00:53 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-23 13:54 - 2016-10-09 00:21 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-23 13:54 - 2016-10-09 00:18 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-11-23 13:54 - 2016-10-09 00:07 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-23 13:54 - 2016-10-09 00:02 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-11-23 13:54 - 2016-10-08 23:49 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-23 13:54 - 2016-10-08 23:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-23 13:54 - 2016-10-08 03:34 - 01660040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-23 13:54 - 2016-10-08 03:34 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-23 13:54 - 2016-10-04 22:39 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-23 13:54 - 2016-10-04 22:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-23 13:54 - 2016-10-04 22:08 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-23 13:54 - 2016-10-04 22:08 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-23 13:54 - 2016-09-10 00:52 - 00921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-11-23 13:54 - 2016-09-10 00:14 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-11-23 13:54 - 2016-09-09 16:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-11-23 13:54 - 2016-09-09 16:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-11-23 13:54 - 2016-09-09 16:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-11-23 13:54 - 2016-09-09 16:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-23 13:54 - 2016-09-09 16:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-23 13:54 - 2016-09-09 15:38 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-23 13:54 - 2016-09-03 20:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2016-11-23 13:54 - 2016-09-03 20:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2016-11-23 13:54 - 2016-09-03 19:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2016-11-23 13:54 - 2016-09-03 19:18 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2016-11-23 13:54 - 2016-09-03 18:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-11-23 13:54 - 2016-09-03 18:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-11-23 13:54 - 2016-09-03 17:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-11-23 13:54 - 2016-09-02 16:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-11-23 13:54 - 2016-09-02 16:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-11-23 13:54 - 2016-09-01 16:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-11-23 13:54 - 2016-09-01 16:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-11-23 13:54 - 2016-09-01 16:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-11-23 13:54 - 2016-08-30 16:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-23 13:54 - 2016-08-30 04:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-11-23 13:54 - 2016-08-30 04:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-11-23 13:54 - 2016-08-30 04:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-11-23 13:54 - 2016-08-30 04:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-11-23 13:54 - 2016-08-22 15:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-23 13:54 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2016-11-22 22:16 - 2016-11-22 22:16 - 00000000 ____D C:\Users\Phill\AppData\LocalLow\uTorrent
2016-11-22 22:15 - 2016-11-22 22:15 - 00159585 _____ C:\Users\Phill\Downloads\Suits.S02.720p.HDTV.x264.torrent
2016-11-22 00:06 - 2016-11-22 00:06 - 00000761 _____ C:\Users\Phill\Desktop\Assassins Crеed Brotherhood.lnk
2016-11-21 15:56 - 2016-11-21 15:56 - 00002202 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 SteamRIP.lnk
2016-11-21 15:56 - 2016-11-21 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 SteamRIP
2016-11-17 01:12 - 2016-11-23 16:33 - 00000000 ____D C:\ProgramData\Ubisoft
2016-11-17 00:25 - 2016-11-17 00:25 - 00189248 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-11-17 00:25 - 2016-11-17 00:25 - 00075136 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-11-17 00:25 - 2016-11-17 00:25 - 00000000 ____D C:\Users\Phill\AppData\Roaming\PunkBuster
2016-11-17 00:24 - 2016-11-17 00:24 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-11-17 00:24 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-11-16 22:17 - 2016-11-16 22:17 - 00274155 _____ C:\Users\Phill\Downloads\Assassins.Creed.Collection-BlackEcho.torrent
2016-11-16 00:44 - 2016-11-16 00:44 - 00000258 __RSH C:\Users\Phill\ntuser.pol
2016-11-15 17:06 - 2016-11-15 17:07 - 00000000 ____D C:\Program Files\My Web Shield
2016-11-15 17:06 - 2016-11-15 17:06 - 00001548 __RSH C:\ProgramData\ntuser.pol
2016-11-15 17:06 - 2016-08-31 16:00 - 00057680 _____ C:\WINDOWS\system32\Drivers\mwescontroller.sys
2016-11-14 18:35 - 2016-09-22 15:55 - 00102690 ____R C:\Users\Phill\Desktop\suits.s01e01.720p.hdtv.x264-orenji.srt
2016-11-11 01:58 - 2015-06-04 15:28 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00062304 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00064352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 00:37 - 2016-11-11 00:37 - 00000898 _____ C:\Users\Phill\Desktop\Start CSGO No Internet.lnk
2016-11-11 00:37 - 2016-11-11 00:37 - 00000895 _____ C:\Users\Phill\Desktop\Counter-Strike Global Offensive.lnk
2016-11-11 00:37 - 2016-11-11 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive
2016-11-10 21:19 - 2016-11-10 21:19 - 00014805 _____ C:\Users\Phill\Downloads\Crazy.Stupid.Love.2011.720p.BluRay.x264.DTS-WiKi.torrent
2016-11-10 20:16 - 2016-11-10 20:16 - 00013713 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 Mega Edition (4).torrent
2016-11-10 20:16 - 2016-11-10 20:16 - 00012555 _____ C:\Users\Phill\Downloads\Counter-Strike Global Offensive v1.35.5.6 [Repack].torrent
2016-11-10 20:13 - 2016-11-10 20:13 - 00013713 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 Mega Edition (3).torrent
2016-11-10 20:01 - 2016-11-10 20:01 - 00013693 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 SteamRIP (1).torrent
2016-11-10 19:58 - 2016-11-21 16:03 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 SteamRIP
2016-11-10 19:12 - 2016-11-10 19:12 - 00013693 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 SteamRIP.torrent
2016-11-06 21:59 - 2016-11-06 21:59 - 00012642 _____ C:\Users\Phill\Downloads\Dirty.Dancing.1987.BDRip.x264-WAR.torrent
2016-11-06 21:56 - 2016-11-06 21:56 - 00021610 _____ C:\Users\Phill\Downloads\Dirty.Dancing.1987.1080p.BluRay.x264-WARHD.torrent
2016-11-02 23:27 - 2016-11-02 23:27 - 00001007 _____ C:\Users\Public\Desktop\HiSuite.lnk
2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Phill\Documents\HiSuite
2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-11-02 23:27 - 2016-05-25 12:53 - 02152176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
2016-11-02 23:27 - 2016-05-25 12:53 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01009.dll
2016-11-02 23:27 - 2016-05-25 12:53 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
2016-11-02 23:27 - 2016-05-25 12:53 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00126592 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00018816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys
2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Phill\AppData\Local\Hisuite
2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-10-30 21:24 - 2016-10-30 21:24 - 00023180 _____ C:\Users\Phill\Downloads\Beauty.and.the.Beast.Extended.Version.1991.1080p.BluRay.Bulgarian-PEPSi.mkv.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 13:14 - 2015-08-05 03:06 - 01007104 ___SH C:\Users\Phill\Desktop\Thumbs.db
2016-11-29 12:32 - 2015-11-16 20:14 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-29 12:09 - 2015-08-05 00:49 - 00000000 ____D C:\Users\Phill\AppData\Local\CrashDumps
2016-11-29 09:59 - 2016-02-25 03:05 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-11-29 09:59 - 2015-11-16 20:14 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-29 09:59 - 2015-11-12 22:22 - 00000000 ____D C:\Users\Phill\OneDrive
2016-11-29 09:58 - 2015-07-18 17:52 - 00000000 __SHD C:\Users\Phill\IntelGraphicsProfiles
2016-11-29 00:25 - 2015-09-05 07:25 - 00000000 ____D C:\Users\Phill\AppData\Roaming\vlc
2016-11-24 21:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-23 21:56 - 2015-08-04 23:48 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3535237292-2376840269-2226161949-1000
2016-11-23 16:31 - 2015-08-05 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-23 16:31 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-23 16:25 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-23 16:25 - 2013-08-22 16:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-23 16:23 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-11-23 16:20 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-11-23 16:19 - 2015-08-05 05:27 - 00000000 ____D C:\Users\Phill\AppData\Roaming\uTorrent
2016-11-23 15:27 - 2015-08-04 23:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-23 14:24 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-23 14:02 - 2015-08-04 23:42 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-23 01:15 - 2014-11-21 09:38 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-23 00:53 - 2015-11-12 22:36 - 00000000 ____D C:\Users\Phill\AppData\Roaming\Skype
2016-11-22 23:52 - 2015-11-12 22:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-22 23:52 - 2015-11-12 22:35 - 00000000 ____D C:\ProgramData\Skype
2016-11-16 00:44 - 2015-08-04 23:37 - 00000000 ____D C:\Users\Phill
2016-11-15 17:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-11-14 23:33 - 2015-08-05 01:37 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 01:58 - 2015-12-30 12:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-10 21:39 - 2015-08-05 03:18 - 00457216 ___SH C:\Users\Phill\Downloads\Thumbs.db
2016-11-10 20:00 - 2015-08-04 23:43 - 00000000 ____D C:\Users\Phill\AppData\Local\VirtualStore
2016-11-06 21:55 - 2015-08-05 00:57 - 00000000 ____D C:\Users\Phill\AppData\Local\Google
2016-11-02 23:45 - 2015-11-26 18:08 - 00000000 ____D C:\Temp

==================== Files in the root of some directories =======

2015-10-08 02:56 - 2015-10-08 02:56 - 0007602 _____ () C:\Users\Phill\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Phill\AppData\Local\Temp\AutoRun.exe
C:\Users\Phill\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Phill\AppData\Local\Temp\CH.dll
C:\Users\Phill\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Phill\AppData\Local\Temp\EAInstall.dll
C:\Users\Phill\AppData\Local\Temp\eauninstall.exe
C:\Users\Phill\AppData\Local\Temp\Gw2.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Phill\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
C:\Users\Phill\AppData\Local\Temp\pylE938.tmp.exe
C:\Users\Phill\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Phill\AppData\Local\Temp\sqlite3.dll
C:\Users\Phill\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Phill\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Phill\AppData\Local\Temp\_is4B86.exe
C:\Users\Phill\AppData\Local\Temp\_isA1BD.exe
C:\Users\Phill\AppData\Local\Temp\_isA6D8.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-24 21:43

==================== End of FRST.txt ============================

Благодаря за отделеното време.

 

Untitled.jpg

Addition.txt

 

Едит: Mywebshield очевидно е адуеъра... Нямам такава инсталирана програма в листа с програми обаче.

Линк към коментара
Сподели в други сайтове

Стъпка 1

  • Деинсталирайте от контролния панел следния софтуер:
My Web Shield
Youtube AdBlock

 

Стъпка 2

Изтеглете: 8864097u.png ADWCleaner.

  • Затворете всички браузъри и стартирайте AdwCleaner.exe.
  • Натиснете бутона SCAN.
  • След като приключи проверката натиснете бутона CLEAN.
  • Програмата ще затвори излишния софтуер и ще започне почистването.
  • След като приключи почистването ADWCleaner ще поиска рестарт. Съгласете се.
  • След зареждането на системата отидете до: C:\AdwCleaner и потърсете лог файл с името AdwCleaner[C0].txt.
  • Публикувайте съдържанието на "AdwCleaner[C0]" в следващия Ви коментар.

 

Стъпка 3

Изтеглете: 8864098w.png JRT.

  • Запазете файла на вашия десктоп.
  • Затворете всички браузъри.
  • Стартирайте JRT.exe.
  • След като се появи съобщението "Press any key to continue . . .". Натиснете което и да е копче от клавиатурата.
  • Програмата ще започне почистването. Не прекъсвайте работата и, и не използвайте системата докато протича почистването.
  • След като приключи почистването ще се отвори лог файл, който се намира на десктопа с име JRT.txt.
  • Копирайте съдържанието му и го поставете към следващия Ви коментар.

 

Стъпка 4

  • Направете нови логове с FRST и ги прикачете към следващия ви коментар.
Линк към коментара
Сподели в други сайтове

Благодаря за бързата реакция, но не мога да изпълня първа стъпка. Не ми позволява да инсталирам нито една от двете програми, излиза ето този прозорец:

 

Untitled1.jpg

И на двете програми излиза едно и също съобщение.

Редактирано от Collins (преглед на промените)
Линк към коментара
Сподели в други сайтове

AdwCleaner[C0]

# AdwCleaner v6.030 - Logfile created 29/11/2016 at 13:58:52
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-28.2 [Server]
# Operating System : Windows 8.1 Pro  (X64)
# Username : Phill - ASUNATOR
# Running from : C:\Users\Phill\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: mweshield
[-] Service deleted: mweshieldup
[-] Service deleted: mwescontroller


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Phill\AppData\Roaming\Tencent
[-] Folder deleted: C:\Program Files\My Web Shield
[-] Folder deleted: C:\Program Files (x86)\ProcessMaker
[-] Folder deleted: C:\Users\Phill\AppData\Local\Temp\Tencent


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\drivers\mwescontroller.sys


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Youtube AdBlock
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Youtube AdBlock_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F6DF4318-A699-4E88-BE1D-84F4A009B08A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{45965C76-4C88-4512-9358-368483E1C3B1}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Youtube AdBlock
[-] Key deleted: [x64] HKLM\SOFTWARE\mweshield
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mweshield
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]


***** [ Web browsers ] *****

[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: delta-homes
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.delta-homes.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: omiga-plus
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: cheat-engine.en.softonic.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: istart.webssearches.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: isearch.omiga-plus.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mystartsearch
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mystartsearch.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: dts.search.ask.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: anidb.net
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-210&v=n12521-347&t=4
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.mystartsearch.com/?type=hp&ts=1416439125&from=amt&uid=SAMSUNGXHM160HC_S12TJD0S966470
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.delta-homes.com/?type=hp&ts=1419445398&from=wpm12233&uid=ST3320620AS_5QF190G5XXXX5QF190G5
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://isearch.omiga-plus.com/?type=hp&ts=1419544132&from=obw&uid=SAMSUNGXHM160HC_S12TJD0S966470
[-] [C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: kpocjpoifmommoiiiamepombpeoaehfh


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6440 Bytes] - [29/11/2016 13:58:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [6363 Bytes] - [29/11/2016 13:56:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6586 Bytes] ##########
 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 Pro x64 
Ran by Phill (Administrator) on ўв 29.11.2016 Ј. at 14:03:58,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ўв 29.11.2016 Ј. at 14:06:17,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by Phill (administrator) on ASUNATOR (29-11-2016 14:08:10)
Running from C:\Users\Phill\Desktop
Loaded Profiles: Phill (Available Profiles: Phill)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\GLOBUL Connection Manager\OnlineUpdate\ouc.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files\KMSpico\Service_KMS.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
() C:\Windows\System32\KMSServer.exe
Failed to access process -> Service_KMS.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499240 2014-09-29] (Lenovo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Steam] => D:\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [uTorrent] => C:\Users\Phill\AppData\Roaming\uTorrent\uTorrent.exe [2145472 2016-11-22] (BitTorrent Inc.)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Spotify Web Helper] => C:\Users\Phill\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-08-08] (Spotify Ltd)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Spotify] => C:\Users\Phill\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-08-08] (Spotify Ltd)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [RGSC] => D:\Games\Rockstar Games\GTA lV\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb638f9-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb63905-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {1521a98d-c92c-11e5-8289-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {251215bd-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121661-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121b17-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {395190d1-54da-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {413bd7d5-5951-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7b5479d6-5743-11e6-82ad-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64edde-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64f000-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7fa52f3f-5de7-11e5-8269-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9011868b-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {90118693-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {901186ac-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9e783-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9f31e-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9a843e16-8fc9-11e6-82b1-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {af58f2ad-e7e8-11e5-8295-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b00206a9-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b0020723-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b244836b-9abf-11e5-827c-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {d4d39be5-1241-11e6-82a3-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {e2243fdb-3afa-11e5-8259-40e23059e252} - "F:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd28198-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd2889f-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-28] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A78E9DE8-6EE8-49F6-B263-76182DBC8CD1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C2B264B5-2EB0-48D7-B271-33A5B8566016}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.bg/
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-210&v=n12521-347&t=4","hxxp://www.mystartsearch.com/?type=hp&ts=1416439125&from=amt&uid=SAMSUNGXHM160HC_S12TJD0S966470","hxxp://www.delta-homes.com/?type=hp&ts=1419445398&from=wpm12233&uid=ST3320620AS_5QF190G5XXXX5QF190G5","hxxp://isearch.omiga-plus.com/?type=hp&ts=1419544132&from=obw&uid=SAMSUNGXHM160HC_S12TJD0S966470","hxxp://www.istartsurf.com/?type=hp&ts=1437087111&z=bc30721319c3a4577d4c330g1z6cam3e5b0maefzfz&from=obw&uid=ST1000LM024XHN-M101MBB_S32XJ9HFA06771"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default [2016-11-29]
CHR Extension: (Adblock Plus) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (TunnelBear VPN) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2016-07-24]
CHR Extension: (Chrome Media Router) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-28] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S2 GLOBUL Connection Manager. RunOuc; C:\Program Files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe [655712 2016-03-08] ()
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-11-17] ()
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [691480 2013-11-20] () [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-08-18] (RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-28] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-28] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-28] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-28] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-28] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-28] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-18] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-10-07] (ASUS Corporation)
R3 BTATH_LWFLT; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S3 cmnxusbser; C:\WINDOWS\system32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 cpuz138; C:\Users\Phill\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-10-23] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [271424 2015-08-05] (DT Soft Ltd)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2016-03-08] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 qcfilter; C:\WINDOWS\System32\drivers\qcusbfilter.sys [40448 2014-05-23] (QUALCOMM Incorporated)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [243712 2014-05-23] (QUALCOMM Incorporated) [File not signed]
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-02] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 14:06 - 2016-11-29 14:06 - 00000559 _____ C:\Users\Phill\Desktop\JRT.txt
2016-11-29 13:54 - 2016-11-29 13:58 - 00000000 ____D C:\AdwCleaner
2016-11-29 13:46 - 2016-11-29 13:46 - 01631928 _____ (Malwarebytes) C:\Users\Phill\Desktop\JRT.exe
2016-11-29 13:43 - 2016-11-29 13:44 - 03910208 _____ C:\Users\Phill\Desktop\adwcleaner_6.030.exe
2016-11-29 13:09 - 2016-11-29 14:08 - 00021137 _____ C:\Users\Phill\Desktop\FRST.txt
2016-11-29 13:09 - 2016-11-29 14:08 - 00000000 ____D C:\FRST
2016-11-29 13:08 - 2016-11-29 13:08 - 02411520 _____ (Farbar) C:\Users\Phill\Downloads\FRST64 (1).exe
2016-11-29 13:07 - 2016-11-29 13:08 - 02411520 _____ (Farbar) C:\Users\Phill\Desktop\FRST64.exe
2016-11-23 16:33 - 2016-11-23 16:33 - 00001148 _____ C:\Users\Phill\Desktop\Assassins Creed II.lnk
2016-11-23 16:33 - 2016-11-23 16:33 - 00000000 ____D C:\Users\Phill\AppData\Roaming\Ubisoft
2016-11-23 16:27 - 2016-10-28 23:04 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-11-23 16:27 - 2016-10-28 23:04 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-23 13:54 - 2016-11-02 22:48 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-23 13:54 - 2016-11-02 22:48 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-23 13:54 - 2016-11-02 16:03 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-23 13:54 - 2016-11-02 16:00 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-23 13:54 - 2016-10-27 20:53 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-23 13:54 - 2016-10-27 20:51 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-23 13:54 - 2016-10-27 20:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-11-23 13:54 - 2016-10-27 20:28 - 25763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-23 13:54 - 2016-10-27 20:19 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-23 13:54 - 2016-10-27 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-23 13:54 - 2016-10-27 20:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-23 13:54 - 2016-10-27 20:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-23 13:54 - 2016-10-27 19:57 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-23 13:54 - 2016-10-27 19:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-11-23 13:54 - 2016-10-27 19:47 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-23 13:54 - 2016-10-27 19:46 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-23 13:54 - 2016-10-27 19:46 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-23 13:54 - 2016-10-27 19:44 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-23 13:54 - 2016-10-27 19:17 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-23 13:54 - 2016-10-27 19:16 - 02920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-23 13:54 - 2016-10-27 19:03 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-23 13:54 - 2016-10-27 18:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-23 13:54 - 2016-10-27 17:05 - 20304896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-23 13:54 - 2016-10-25 16:11 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-23 13:54 - 2016-10-22 19:35 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-23 13:54 - 2016-10-22 19:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-11-23 13:54 - 2016-10-22 19:27 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-23 13:54 - 2016-10-22 19:21 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-11-23 13:54 - 2016-10-22 18:58 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-23 13:54 - 2016-10-22 18:57 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-23 13:54 - 2016-10-22 18:56 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-23 13:54 - 2016-10-22 18:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-23 13:54 - 2016-10-22 18:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-11-23 13:54 - 2016-10-22 18:45 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-23 13:54 - 2016-10-22 18:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-23 13:54 - 2016-10-22 18:44 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-23 13:54 - 2016-10-22 18:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-23 13:54 - 2016-10-22 18:30 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-23 13:54 - 2016-10-22 18:12 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-23 13:54 - 2016-10-22 18:09 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-23 13:54 - 2016-10-22 18:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-23 13:54 - 2016-10-13 21:06 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-23 13:54 - 2016-10-13 21:06 - 01124376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-23 13:54 - 2016-10-12 10:01 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-23 13:54 - 2016-10-11 22:21 - 00497448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-23 13:54 - 2016-10-11 22:21 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-23 13:54 - 2016-10-11 20:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-23 13:54 - 2016-10-11 19:47 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-23 13:54 - 2016-10-11 18:55 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-23 13:54 - 2016-10-10 23:17 - 00444248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-23 13:54 - 2016-10-10 23:17 - 00333656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-23 13:54 - 2016-10-10 00:59 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-23 13:54 - 2016-10-09 01:12 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-11-23 13:54 - 2016-10-09 00:53 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-23 13:54 - 2016-10-09 00:21 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-23 13:54 - 2016-10-09 00:18 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-11-23 13:54 - 2016-10-09 00:07 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-23 13:54 - 2016-10-09 00:02 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-11-23 13:54 - 2016-10-08 23:49 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-23 13:54 - 2016-10-08 23:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-23 13:54 - 2016-10-08 03:34 - 01660040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-23 13:54 - 2016-10-08 03:34 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-23 13:54 - 2016-10-04 22:39 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-23 13:54 - 2016-10-04 22:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-23 13:54 - 2016-10-04 22:08 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-23 13:54 - 2016-10-04 22:08 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-23 13:54 - 2016-09-10 00:52 - 00921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-11-23 13:54 - 2016-09-10 00:14 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-11-23 13:54 - 2016-09-09 16:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-11-23 13:54 - 2016-09-09 16:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-11-23 13:54 - 2016-09-09 16:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-11-23 13:54 - 2016-09-09 16:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-23 13:54 - 2016-09-09 16:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-23 13:54 - 2016-09-09 15:38 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-23 13:54 - 2016-09-03 20:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2016-11-23 13:54 - 2016-09-03 20:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2016-11-23 13:54 - 2016-09-03 19:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2016-11-23 13:54 - 2016-09-03 19:18 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2016-11-23 13:54 - 2016-09-03 18:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-11-23 13:54 - 2016-09-03 18:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-11-23 13:54 - 2016-09-03 17:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-11-23 13:54 - 2016-09-02 16:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-11-23 13:54 - 2016-09-02 16:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-11-23 13:54 - 2016-09-01 16:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-11-23 13:54 - 2016-09-01 16:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-11-23 13:54 - 2016-09-01 16:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-11-23 13:54 - 2016-08-30 16:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-23 13:54 - 2016-08-30 04:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-11-23 13:54 - 2016-08-30 04:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-11-23 13:54 - 2016-08-30 04:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-11-23 13:54 - 2016-08-30 04:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-11-23 13:54 - 2016-08-22 15:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-23 13:54 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2016-11-22 22:16 - 2016-11-22 22:16 - 00000000 ____D C:\Users\Phill\AppData\LocalLow\uTorrent
2016-11-22 22:15 - 2016-11-22 22:15 - 00159585 _____ C:\Users\Phill\Downloads\Suits.S02.720p.HDTV.x264.torrent
2016-11-22 00:06 - 2016-11-22 00:06 - 00000761 _____ C:\Users\Phill\Desktop\Assassins Crеed Brotherhood.lnk
2016-11-21 15:56 - 2016-11-21 15:56 - 00002202 _____ C:\Users\Public\Desktop\Counter-Strike 1.6 SteamRIP.lnk
2016-11-21 15:56 - 2016-11-21 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 SteamRIP
2016-11-17 01:12 - 2016-11-23 16:33 - 00000000 ____D C:\ProgramData\Ubisoft
2016-11-17 00:25 - 2016-11-17 00:25 - 00189248 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-11-17 00:25 - 2016-11-17 00:25 - 00075136 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-11-17 00:25 - 2016-11-17 00:25 - 00000000 ____D C:\Users\Phill\AppData\Roaming\PunkBuster
2016-11-17 00:24 - 2016-11-17 00:24 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-11-17 00:24 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-11-17 00:24 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-11-16 22:17 - 2016-11-16 22:17 - 00274155 _____ C:\Users\Phill\Downloads\Assassins.Creed.Collection-BlackEcho.torrent
2016-11-16 00:44 - 2016-11-16 00:44 - 00000258 __RSH C:\Users\Phill\ntuser.pol
2016-11-15 17:06 - 2016-11-15 17:06 - 00001548 __RSH C:\ProgramData\ntuser.pol
2016-11-14 18:35 - 2016-09-22 15:55 - 00102690 ____R C:\Users\Phill\Desktop\suits.s01e01.720p.hdtv.x264-orenji.srt
2016-11-11 01:58 - 2015-06-04 15:28 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00062304 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:28 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00064352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-11 01:58 - 2015-06-04 15:26 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-11-11 00:37 - 2016-11-11 00:37 - 00000898 _____ C:\Users\Phill\Desktop\Start CSGO No Internet.lnk
2016-11-11 00:37 - 2016-11-11 00:37 - 00000895 _____ C:\Users\Phill\Desktop\Counter-Strike Global Offensive.lnk
2016-11-11 00:37 - 2016-11-11 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Global Offensive
2016-11-10 21:19 - 2016-11-10 21:19 - 00014805 _____ C:\Users\Phill\Downloads\Crazy.Stupid.Love.2011.720p.BluRay.x264.DTS-WiKi.torrent
2016-11-10 20:16 - 2016-11-10 20:16 - 00013713 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 Mega Edition (4).torrent
2016-11-10 20:16 - 2016-11-10 20:16 - 00012555 _____ C:\Users\Phill\Downloads\Counter-Strike Global Offensive v1.35.5.6 [Repack].torrent
2016-11-10 20:13 - 2016-11-10 20:13 - 00013713 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 Mega Edition (3).torrent
2016-11-10 20:01 - 2016-11-10 20:01 - 00013693 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 SteamRIP (1).torrent
2016-11-10 19:58 - 2016-11-21 16:03 - 00000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 SteamRIP
2016-11-10 19:12 - 2016-11-10 19:12 - 00013693 _____ C:\Users\Phill\Downloads\Counter-Strike 1.6 SteamRIP.torrent
2016-11-06 21:59 - 2016-11-06 21:59 - 00012642 _____ C:\Users\Phill\Downloads\Dirty.Dancing.1987.BDRip.x264-WAR.torrent
2016-11-06 21:56 - 2016-11-06 21:56 - 00021610 _____ C:\Users\Phill\Downloads\Dirty.Dancing.1987.1080p.BluRay.x264-WARHD.torrent
2016-11-02 23:27 - 2016-11-02 23:27 - 00001007 _____ C:\Users\Public\Desktop\HiSuite.lnk
2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Phill\Documents\HiSuite
2016-11-02 23:27 - 2016-11-02 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-11-02 23:27 - 2016-05-25 12:53 - 02152176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
2016-11-02 23:27 - 2016-05-25 12:53 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01009.dll
2016-11-02 23:27 - 2016-05-25 12:53 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
2016-11-02 23:27 - 2016-05-25 12:53 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00126592 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-11-02 23:27 - 2016-05-25 12:53 - 00018816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys
2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ____D C:\Users\Phill\AppData\Local\Hisuite
2016-11-02 23:26 - 2016-11-02 23:27 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-10-30 21:24 - 2016-10-30 21:24 - 00023180 _____ C:\Users\Phill\Downloads\Beauty.and.the.Beast.Extended.Version.1991.1080p.BluRay.Bulgarian-PEPSi.mkv.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 14:08 - 2015-11-12 22:22 - 00000000 ___RD C:\Users\Phill\OneDrive
2016-11-29 14:03 - 2016-02-25 03:05 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-11-29 14:03 - 2015-11-16 20:14 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-29 14:02 - 2015-07-18 17:52 - 00000000 __SHD C:\Users\Phill\IntelGraphicsProfiles
2016-11-29 14:01 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-29 14:00 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-11-29 13:40 - 2015-08-05 03:06 - 01015296 ___SH C:\Users\Phill\Desktop\Thumbs.db
2016-11-29 13:32 - 2015-11-16 20:14 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-29 12:09 - 2015-08-05 00:49 - 00000000 ____D C:\Users\Phill\AppData\Local\CrashDumps
2016-11-29 00:25 - 2015-09-05 07:25 - 00000000 ____D C:\Users\Phill\AppData\Roaming\vlc
2016-11-24 21:50 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-23 21:56 - 2015-08-04 23:48 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3535237292-2376840269-2226161949-1000
2016-11-23 16:31 - 2015-08-05 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-23 16:31 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-23 16:25 - 2013-08-22 16:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-23 16:20 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-11-23 16:19 - 2015-08-05 05:27 - 00000000 ____D C:\Users\Phill\AppData\Roaming\uTorrent
2016-11-23 15:27 - 2015-08-04 23:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-23 14:24 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-23 14:02 - 2015-08-04 23:42 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-23 01:15 - 2014-11-21 09:38 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-23 00:53 - 2015-11-12 22:36 - 00000000 ____D C:\Users\Phill\AppData\Roaming\Skype
2016-11-22 23:52 - 2015-11-12 22:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-22 23:52 - 2015-11-12 22:35 - 00000000 ____D C:\ProgramData\Skype
2016-11-16 00:44 - 2015-08-04 23:37 - 00000000 ____D C:\Users\Phill
2016-11-15 17:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-11-14 23:33 - 2015-08-05 01:37 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 01:58 - 2015-12-30 12:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-10 21:39 - 2015-08-05 03:18 - 00457216 ___SH C:\Users\Phill\Downloads\Thumbs.db
2016-11-10 20:00 - 2015-08-04 23:43 - 00000000 ____D C:\Users\Phill\AppData\Local\VirtualStore
2016-11-06 21:55 - 2015-08-05 00:57 - 00000000 ____D C:\Users\Phill\AppData\Local\Google
2016-11-02 23:45 - 2015-11-26 18:08 - 00000000 ____D C:\Temp

==================== Files in the root of some directories =======

2015-10-08 02:56 - 2015-10-08 02:56 - 0007602 _____ () C:\Users\Phill\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Phill\AppData\Local\Temp\AutoRun.exe
C:\Users\Phill\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Phill\AppData\Local\Temp\CH.dll
C:\Users\Phill\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Phill\AppData\Local\Temp\EAInstall.dll
C:\Users\Phill\AppData\Local\Temp\eauninstall.exe
C:\Users\Phill\AppData\Local\Temp\Gw2.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\libeay32.dll
C:\Users\Phill\AppData\Local\Temp\msvcr120.dll
C:\Users\Phill\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Phill\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
C:\Users\Phill\AppData\Local\Temp\pylE938.tmp.exe
C:\Users\Phill\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Phill\AppData\Local\Temp\sqlite3.dll
C:\Users\Phill\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Phill\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Phill\AppData\Local\Temp\_is4B86.exe
C:\Users\Phill\AppData\Local\Temp\_isA1BD.exe
C:\Users\Phill\AppData\Local\Temp\_isA6D8.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-24 21:43

==================== End of FRST.txt ============================

 

 

Addition.txt

Линк към коментара
Сподели в други сайтове

Стъпка 1

Изтеглете файла fixlist и го запазете на вашия десктоп.

  • Стартирайте FRST.exe и натиснете бутона FIX веднъж!
  • Почистването ще започне, не използвайте системата!
  • След като приключи, ако ви поиска рестартиране, съгласете се.
  • След като зареди системата публикувайте лог файла с име fixlog.txt, който се намира на десктопа Ви.

Забележка: Текущия фикс да не се използва на други системи!

 

Стъпка 2

 

Изтеглете: 8864095R.jpg Malwarebytes Anti-Malware.

  • Стартирайте инсталационния файл и следвайте съветника за инсталация.
  • Преди края на инсталацията премахнете отметката от: "Enable free trial of Malwarebytes Anti-Malware Premium" и се уверете че има отметка пред "Launch Malwarebytes Anti-Malware".
  • Отидете до табът Settings => Detection and Protection => сложете отметка на "Scan for rootkits".
  • Отидете до табът Dashboard => натиснете бутона "SCAN NOW".
  • Програмата автоматично ще провери за актуализации и ще започне сканирането.

Забележка: Ако видите съобщението "Could not load DDA driver" натиснете бутона "YES". След което разрешете на системата да се рестартира.

  • След като проверката приключи натиснете бутона "Apply Actions".
  • Системата ще поиска рестарт, съгласете се.
  • След като системата зареди MBAB ще зареди.
  • Отидете до табът History => Applications Logs.
  • Потърсете лог с име "SCAN LOG" с последната дата и час и натиснете върху него.
  • Натиснете бутона EXPORT => Copy to Clipboard.
  • Поставете съдържанието на лога с клавишната комбинация CTRL+V към следващия Ви коментар.

 

Стъпка 3

Изтеглете: 8864024K.jpgEmsissoft Emergency Kit

  • Стартирайте файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте файла Start Emsisoft Emergency Kit от десктопа за да стартирате програмата.
  • Натиснете бутона "Yes", когато бъдете подканени да обновите дефинициите на програмата.
  • След като обновяването на дефинициите приключи натиснете бутона "Scan".
  • Програмата ще Ви попита дали искате да включите засичането на Potentially Unwanted Applications,  натиснете бутона "Yes".
  • Натиснете бутона "Custom Scan". Премахнете от списъка оставете само дял C:\.
  • Натиснете "Next" за да започне проверката.
  • Когато проверката приключи натиснете бутона "View Report".
  • Копирайте съдържанието на лог файла в следващия Ви коментар.
Линк към коментара
Сподели в други сайтове

Съжалявам за късния отговор:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Phill (30-11-2016 00:57:56) Run:1
Running from C:\Users\Phill\Desktop
Loaded Profiles: Phill (Available Profiles: Phill)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb638f9-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {0bb63905-2bd6-11e6-82a8-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {1521a98d-c92c-11e5-8289-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {251215bd-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121661-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {25121b17-bd5d-11e5-8283-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {395190d1-54da-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {413bd7d5-5951-11e5-8267-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7b5479d6-5743-11e6-82ad-40e23059e252} - "G:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64edde-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7d64f000-e191-11e5-8293-40e23059e252} - "G:\AutoRun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {7fa52f3f-5de7-11e5-8269-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9011868b-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {90118693-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {901186ac-9bb1-11e6-82b3-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9e783-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {93b9f31e-259c-11e6-82a8-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {9a843e16-8fc9-11e6-82b1-40e23059e252} - "G:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {af58f2ad-e7e8-11e5-8295-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b00206a9-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b0020723-3c0a-11e5-825d-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {b244836b-9abf-11e5-827c-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {d4d39be5-1241-11e6-82a3-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {e2243fdb-3afa-11e5-8259-40e23059e252} - "F:\autorun.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd28198-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\...\MountPoints2: {ecd2889f-fd92-11e5-829c-40e23059e252} - "G:\Lenovo_Suite.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
C:\Users\Phill\AppData\Local\Temp\AutoRun.exe
C:\Users\Phill\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Phill\AppData\Local\Temp\CH.dll
C:\Users\Phill\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Phill\AppData\Local\Temp\EAInstall.dll
C:\Users\Phill\AppData\Local\Temp\eauninstall.exe
C:\Users\Phill\AppData\Local\Temp\Gw2.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Phill\AppData\Local\Temp\libeay32.dll
C:\Users\Phill\AppData\Local\Temp\msvcr120.dll
C:\Users\Phill\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Phill\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
C:\Users\Phill\AppData\Local\Temp\pylE938.tmp.exe
C:\Users\Phill\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Phill\AppData\Local\Temp\sqlite3.dll
C:\Users\Phill\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Phill\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Phill\AppData\Local\Temp\_is4B86.exe
C:\Users\Phill\AppData\Local\Temp\_isA1BD.exe
C:\Users\Phill\AppData\Local\Temp\_isA6D8.exe
C:\Users\Phill\AppData\Local\Temp
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
EmptyTemp:
Reboot:
end
*****************

"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bb638f9-2bd6-11e6-82a8-40e23059e252}" => key removed successfully
HKCR\CLSID\{0bb638f9-2bd6-11e6-82a8-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bb63905-2bd6-11e6-82a8-40e23059e252}" => key removed successfully
HKCR\CLSID\{0bb63905-2bd6-11e6-82a8-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1521a98d-c92c-11e5-8289-40e23059e252}" => key removed successfully
HKCR\CLSID\{1521a98d-c92c-11e5-8289-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251215bd-bd5d-11e5-8283-40e23059e252}" => key removed successfully
HKCR\CLSID\{251215bd-bd5d-11e5-8283-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25121661-bd5d-11e5-8283-40e23059e252}" => key removed successfully
HKCR\CLSID\{25121661-bd5d-11e5-8283-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25121b17-bd5d-11e5-8283-40e23059e252}" => key removed successfully
HKCR\CLSID\{25121b17-bd5d-11e5-8283-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{395190d1-54da-11e5-8267-40e23059e252}" => key removed successfully
HKCR\CLSID\{395190d1-54da-11e5-8267-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{413bd7d5-5951-11e5-8267-40e23059e252}" => key removed successfully
HKCR\CLSID\{413bd7d5-5951-11e5-8267-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5479d6-5743-11e6-82ad-40e23059e252}" => key removed successfully
HKCR\CLSID\{7b5479d6-5743-11e6-82ad-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d64edde-e191-11e5-8293-40e23059e252}" => key removed successfully
HKCR\CLSID\{7d64edde-e191-11e5-8293-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d64f000-e191-11e5-8293-40e23059e252}" => key removed successfully
HKCR\CLSID\{7d64f000-e191-11e5-8293-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa52f3f-5de7-11e5-8269-40e23059e252}" => key removed successfully
HKCR\CLSID\{7fa52f3f-5de7-11e5-8269-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9011868b-9bb1-11e6-82b3-40e23059e252}" => key removed successfully
HKCR\CLSID\{9011868b-9bb1-11e6-82b3-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90118693-9bb1-11e6-82b3-40e23059e252}" => key removed successfully
HKCR\CLSID\{90118693-9bb1-11e6-82b3-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{901186ac-9bb1-11e6-82b3-40e23059e252}" => key removed successfully
HKCR\CLSID\{901186ac-9bb1-11e6-82b3-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93b9e783-259c-11e6-82a8-40e23059e252}" => key removed successfully
HKCR\CLSID\{93b9e783-259c-11e6-82a8-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93b9f31e-259c-11e6-82a8-40e23059e252}" => key removed successfully
HKCR\CLSID\{93b9f31e-259c-11e6-82a8-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a843e16-8fc9-11e6-82b1-40e23059e252}" => key removed successfully
HKCR\CLSID\{9a843e16-8fc9-11e6-82b1-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af58f2ad-e7e8-11e5-8295-40e23059e252}" => key removed successfully
HKCR\CLSID\{af58f2ad-e7e8-11e5-8295-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b00206a9-3c0a-11e5-825d-40e23059e252}" => key removed successfully
HKCR\CLSID\{b00206a9-3c0a-11e5-825d-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0020723-3c0a-11e5-825d-40e23059e252}" => key removed successfully
HKCR\CLSID\{b0020723-3c0a-11e5-825d-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b244836b-9abf-11e5-827c-40e23059e252}" => key removed successfully
HKCR\CLSID\{b244836b-9abf-11e5-827c-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4d39be5-1241-11e6-82a3-40e23059e252}" => key removed successfully
HKCR\CLSID\{d4d39be5-1241-11e6-82a3-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2243fdb-3afa-11e5-8259-40e23059e252}" => key removed successfully
HKCR\CLSID\{e2243fdb-3afa-11e5-8259-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecd28198-fd92-11e5-829c-40e23059e252}" => key removed successfully
HKCR\CLSID\{ecd28198-fd92-11e5-829c-40e23059e252} => key not found. 
"HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecd2889f-fd92-11e5-829c-40e23059e252}" => key removed successfully
HKCR\CLSID\{ecd2889f-fd92-11e5-829c-40e23059e252} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\Users\Phill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
C:\Users\Phill\AppData\Local\Temp\AutoRun.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\AutoRunGUI.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\CH.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\drm_dialogs.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7340014.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\drm_dyndata_7380014.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\EAInstall.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\eauninstall.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\Gw2.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u73-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u77-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\Need for Speed Carbon_uninst.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\pylE938.tmp.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\SpotifyUninstall.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Phill\AppData\Local\Temp\vcredist_x64.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\vcredist_x86.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\_is4B86.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\_isA1BD.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp\_isA6D8.exe => moved successfully
C:\Users\Phill\AppData\Local\Temp => moved successfully

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49314511 B
Java, Flash, Steam htmlcache => 356398641 B
Windows/system/drivers => 1082917771 B
Edge => 0 B
Chrome => 879288106 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 451004 B
NetworkService => 90568 B
Phill => 230526108 B

RecycleBin => 2450727 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:59:13 ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30.11.2016 г.
Scan Time: 1:08
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.29.13
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Phill

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283852
Time Elapsed: 10 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\INTERFACE\{B28F9114-243E-4046-B173-11825352D18A}, Quarantined, [fb16ac1a6e2c53e385f7f5b3fb06a957], 
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}, Quarantined, [8e83b80e9703b284ea92c4e44fb2a25e], 
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\INTERFACE\{B910D9A1-9F21-484A-8650-82250DABF38E}, Quarantined, [62af46803d5d3afc65185e4ae61b16ea], 
PUP.Optional.ContentDefender, HKLM\SOFTWARE\CLASSES\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}, Quarantined, [3bd6dbeb8d0df14593eae2c614edc33d], 
PUP.Optional.YTAdBlocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}, Quarantined, [828f24a213871521585c9e3c48bbd030], 
PUP.Optional.YTAdBlocker, HKU\S-1-5-21-3535237292-2376840269-2226161949-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}, Quarantined, [977adaec99013600ddd86a70cb38b34d], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Agent.H, C:\Program Files (x86)\Counter-Strike 1.6 SteamRIP\cdhack.dll, Quarantined, [71a0b70fff9b64d277ccf5747d8425db], 
HackTool.HotKeysHook, C:\Users\Phill\Downloads\NFSPS.US.EU.v1.0.Plus14.Trainer-bleep.zip, Quarantined, [f21fc501c9d1bb7bb2bc9d6751b2be42], 
PUP.Optional.OpenCandy, C:\Users\Phill\Downloads\CheatEngine651.exe, Quarantined, [6aa7c7ff5545ac8ae48a35d28b76e31d], 

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Emsisoft Emergency Kit - Version 11.9
Last update: 30.11.2016 г. 1:31:16
User account: ASUNATOR\Phill
Computer name: ASUNATOR
OS version: Windows 8.1x64 

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    30.11.2016 г. 14:57:51
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8772EB82-7261-4CD9-8A86-DE155B461D9E}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8772EB82-7261-4CD9-8A86-DE155B461D9E}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8E76BEF1-650D-4C37-92CA-301FE1715505}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{8E76BEF1-650D-4C37-92CA-301FE1715505}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AE293C34-0380-4BEB-B499-003F0A34605C}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{AE293C34-0380-4BEB-B499-003F0A34605C}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EC137CF8-6A75-47AE-958A-6127DE633658}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{EC137CF8-6A75-47AE-958A-6127DE633658}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}     detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}     detected: Application.Toolbar (A)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\mwesmanager.exe     detected: Application.Generic.1667496 (B)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\mweshield.exe     detected: Application.Generic.1666829 (B)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\mweshieldup.exe     detected: Application.Generic.1666830 (B)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\mwessweeper.exe     detected: Gen:Variant.Mikey.52823 (B)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\My Web Shield.zip -> mweshield.exe     detected: Application.Generic.1666829 (B)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\My Web Shield.zip -> mweshieldup.exe     detected: Application.Generic.1666830 (B)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\My Web Shield.zip -> mwesmanager.exe     detected: Application.Generic.1667496 (B)
C:\AdwCleaner\quarantine\files\udnpajajugzxfshtftexlabvlzuxbdhf\My Web Shield.zip -> mwessweeper.exe     detected: Gen:Variant.Mikey.52823 (B)
C:\FRST\Quarantine\C\Users\Phill\AppData\Local\Temp\Temp\2F12D46A-F48B-48A7-954C-6909616703DB\9b33448929168974fa305a0ec4a35bc9.exe     detected: Adware.Mewishid.A (B)
C:\FRST\Quarantine\C\Users\Phill\AppData\Local\Temp\Temp\3CB0BBE3-4434-4ECB-A6F4-36DD84C5FD67\yt.exe     detected: Gen:Variant.Graftor.313780 (B)
C:\FRST\Quarantine\C\Users\Phill\AppData\Local\Temp\Temp\HYD6A33.tmp.1441051528\HTA\3rdparty\OCComSDK.dll     detected: Application.InstallAd (A)
C:\Program Files\KMSpico\AutoPico.exe     detected: Trojan.Generic.10016734 (B)
C:\Program Files\KMSpico\Service_KMS.exe     detected: Trojan.GenericKD.1417921 (B)
C:\Users\Phill\AppData\Roaming\KingRoot\3.2.0\root\root_1_1426841414_001_1\libexploit.so     detected: Android.Exploit.Root.A (B)
C:\Users\Phill\AppData\Roaming\KingRoot\3.2.0\root\root_1_1446539077_001_1\Kinguser.apk -> resources.arsc     detected: Android.Riskware.Downloader.gMKNZ (B)
C:\Users\Phill\AppData\Roaming\KingRoot\3.2.0\root\root_1_1446539077_001_1\xkinguser.apk -> resources.arsc     detected: Android.Riskware.Downloader.gMKNZ (B)
C:\Users\Phill\AppData\Roaming\KingRoot\3.2.0\root\root_1_1449720219_001_1\xkinguser.apk -> resources.arsc     detected: Android.Riskware.Downloader.gMKNZ (B)
C:\Users\Phill\AppData\Roaming\KingRoot\3.2.0\root\root_1_1463642178_343264_1_bat2exe\xkinguser.apk -> resources.arsc     detected: Android.Riskware.Downloader.gMKNZ (B)
C:\Users\Phill\Downloads\FaceNiff-2.4.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.Faceniff.A (B)
C:\Users\Phill\Downloads\avc-free.exe     detected: Application.InstallAd (A)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\DROID SNIFF STUFF\Droid sheep+ Droid sheep guard\droidsheep-current.apk -> classes.dex     detected: Android.Hacktool.DroidSheep.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\GAME CHEATING APPS\GameKiller\GameKiller_2.50.apk -> META-INF/CERT.RSA     detected: Android.Trojan.SMSSend.KW (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\USB\USB Cleaver\USB Cleaver.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.UsbCleaver.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\WIFI STUFF\Faceniff\FaceNiff-2.1b.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.Faceniff.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\WIFI STUFF\Netspoof\android-netspoof-0.9.apk -> META-INF/CERT.RSA     detected: Android.Riskware.Agent.gXXGA (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\WIFI STUFF\Anit\Anti.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.ZAnti.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\WIFI STUFF\WiFi kil\WiFiKill-1.7.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.WifiKill.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\DROID SNIFF STUFF\Droid sheep+ Droid sheep guard\DroidSheepGuard FREE_3.apk -> classes.dex     detected: Android.Riskware.Agent.gVUS (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> GAME CHEATING APPS/GameKiller/GameKiller_2.50.apk -> META-INF/CERT.RSA     detected: Android.Trojan.SMSSend.KW (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> USB/USB Cleaver/USB Cleaver.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.UsbCleaver.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0\WIFI STUFF\dSploit\dSploit-1.0.31b.apk -> META-INF/CERT.RSA     detected: Android.Riskware.Agent.gVTO (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> WIFI STUFF/Anit/Anti.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.ZAnti.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> WIFI STUFF/dSploit/dSploit-1.0.31b.apk -> META-INF/CERT.RSA     detected: Android.Riskware.Agent.gVTO (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> WIFI STUFF/Faceniff/FaceNiff-2.1b.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.Faceniff.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> WIFI STUFF/Netspoof/android-netspoof-0.9.apk -> META-INF/CERT.RSA     detected: Android.Riskware.Agent.gXXGA (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> WIFI STUFF/WiFi kil/WiFiKill-1.7.apk -> META-INF/CERT.RSA     detected: Android.Hacktool.WifiKill.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> DROID SNIFF STUFF/Droid sheep+ Droid sheep guard/droidsheep-current.apk -> classes.dex     detected: Android.Hacktool.DroidSheep.A (B)
C:\Users\Phill\Downloads\Sniffing+Apps+By+Flashalot+v6.0.zip -> DROID SNIFF STUFF/Droid sheep+ Droid sheep guard/DroidSheepGuard FREE_3.apk -> classes.dex     detected: Android.Riskware.Agent.gVUS (B)

Scanned    262828
Found    48

Scan end:    30.11.2016 г. 15:50:52
Scan time:    0:53:01
 

 

Линк към коментара
Сподели в други сайтове

Осезаемо по-добре, рекламите изчезнаха, но след последния рестарт (току-що) ми изчезна ленгуидж бара... И аваст не желае да се включи, снощи при проверката с ЕЕК, го спрях за да няма конфликти. 

Едит: Да опитам преинсталация на аваста?

Едит2: Ленгуидж бара се появи.

Редактирано от Collins (преглед на промените)
Линк към коментара
Сподели в други сайтове

преди 31 минути, Collins написа:

Едит: Да опитам преинсталация на аваста?

Когато се опитате да пуснете щитовете на аваст излиза ли някаква грешка или просто не се пускат?

С последната версия на аваст ли сте?

Линк към коментара
Сподели в други сайтове

С последната версия съм, програмата изобщо не стартира, без грешка, без нищо. Ще опитам с преинсталация.

Линк към коментара
Сподели в други сайтове

Не мога да го деинсталирам. Излиза това съобщение:

с.jpg

В лог-а няма никаква информация. Това е след рестарт на системата.

Редактирано от Collins (преглед на промените)
Линк към коментара
Сподели в други сайтове

Здравейте.

Стъпка 1

  • Деинсталирайте Avast от контролния панел.

Стъпка 2

  • Изтеглете този инструмент за премахване на остатъците от Avast.
  • Стартирайте системата в Safe Mode.
  • Стартирайте инструмента за премахване на остатъците от аваст и следвайте стъпките на съветника.
  • Системата ще се рестартира и ще стартира в Normal Mode.

Стъпка 3

Линк към коментара
Сподели в други сайтове

преди 14 часа, Stoyannnov написа:

Стъпка 1

  • Деинсталирайте Avast от контролния панел.

 

В горния ми пост, съм показал какво се случва при опит за деинсталация. Ще продължа да го мъча обаче.

Линк към коментара
Сподели в други сайтове

преди 1 час, Stoyannnov написа:

Тогава стартирайте системата в Safe Mode и пробвай да я деинсталираш.

Няма кой да се сети за това :D Благодаря, всичко вече е наред!

Линк към коментара
Сподели в други сайтове

Системата е чиста.

Изтрийте намерените обекти от Malwarebyes.

Изтеглете: 8864064T.png Delfix.

  • Стартирайте Delfix.exе.
  • По подразбиране трябва да има 2 отметки на "Remove disinfection tools" и "Purge system restore ". Ако липсват, ги сложете.
  • Натиснете бутона "Run". 
  • Инструмента ще се самоизтрие след като приключи своята задача.
  • Изтрийте лог файла от Delfix.
  • Ако има останали програми, които сме използвали и не са се изтрили, ги изтрийте ръчно.

 

Маркирам темата като решена.

Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
  • Подобни теми

    • от Wizard
      Здравейте, имам съмнение, че системата ми е заразена, тъй като наскоро пробваха да ми източат дебитната карта през Фейсбук, въпреки че паролите ми са силни и ги сменям често. Не ходя по порносайтове, но въпреки това... Благодаря предварително за помощта!
      Addition.txt FRST.txt
    • от Yavor Stoyanov
      Здравейте, става дума за Windows 8 64б. 
      Съветвам се с вас и моля за помощ, тъй като компютъра имаше сериозни проблеми с този лаптоп. Като цяло с инсталациите на множество програми беше вкарала няколко гадни червея с които се справих с лекота, но остана проблема с свалянето на файлове като цяло, като дава грешка ( сканирането за вируси не може да бъде завършено). Абсолютно всяка програма която се слага на лаптопа минава през флашка и моя компютър. На лаптопа преди моята намеса имаше инсталирани съвместно множество антивирусни, които премахнах, или поне тези които можах, възможни са останки от тях!
      Пробвах да активирам дефендъра на уиндоус ама и той ми каза да си гледам работата, защото е забранен от груповите правила, а познайте какво не виждам там: раздел Windows Defender
      Прикрепям логовете, и моля за помощ, с вързани ръце съм...
       
      Addition.txt FRST.txt
    • от miroslav24
      Здравейте,странно нещо се случи след като си пуснах компютъра и опитах да си вляза в пощата,установих че при натискане на един бутон се изписват две букви.Прави го само на горния ред и на някои от цифрите.Сканирах с Malwarebytes и публикувам резултата.Не съм предприемал никакви действия по карантиниране или изчистване на намереното.
      Malwarebytes
      www.malwarebytes.com
      -Log Details-
      Scan Date: 11/5/21
      Scan Time: 11:58 AM
      Log File: e0e93651-3e1e-11ec-93b7-180373dd34b3.json
      -Software Information-
      Version: 4.4.10.144
      Components Version: 1.0.1499
      Update Package Version: 1.0.46810
      License: Trial
      -System Information-
      OS: Windows 7 Service Pack 1
      CPU: x64
      File System: NTFS
      User: m-PC\user
      -Scan Summary-
      Scan Type: Threat Scan
      Scan Initiated By: Manual
      Result: Completed
      Objects Scanned: 314020
      Threats Detected: 1
      Threats Quarantined: 0
      Time Elapsed: 5 min, 16 sec
      -Scan Options-
      Memory: Enabled
      Startup: Enabled
      Filesystem: Enabled
      Archives: Enabled
      Rootkits: Disabled
      Heuristics: Enabled
      PUP: Detect
      PUM: Detect
      -Scan Details-
      Process: 0
      (No malicious items detected)
      Module: 0
      (No malicious items detected)
      Registry Key: 0
      (No malicious items detected)
      Registry Value: 0
      (No malicious items detected)
      Registry Data: 0
      (No malicious items detected)
      Data Stream: 0
      (No malicious items detected)
      Folder: 0
      (No malicious items detected)
      File: 1
      Adware.InstallCore, C:\USERS\USER\APPDATA\LOCAL\TEMP\BITC986.TMP.EXE, No Action By User, 517, 640569, 1.0.46810, 760370905C2B1C149042EF74, dds, 01496465, C292D40EF8D20CA5CCCEBA246BE70754, 622A4F58BBAE04994DFA4625E24009DE2B1AE01FE6B7691C6D24BCA0014BAE21
      Physical Sector: 0
      (No malicious items detected)
      WMI: 0
      (No malicious items detected)

      (end)
      прикачам и файлове от сканиране с FRST
       
       
      FRST.txt Addition.txt
    • от valyo_93
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2021
      Ran by Administrator (administrator) on GLBG1543PC04 (Hewlett-Packard HP Compaq 6005 Pro SFF PC) (16-09-2021 11:56:16)
      Running from D:\Users\Administrator\Desktop
      Loaded Profiles: Administrator
      Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
      Default browser: IE
      Boot Mode: Normal
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      () [File not signed] C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe
      () [File not signed] C:\Windows\System32\xWD35bgnd.exe
      () [File not signed] C:\Windows\Xerox\PanelMgr\SSMMgr.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      (Advanced Micro Devices Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
      (ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
      (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
      (Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.102\GoogleCrashHandler.exe
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsService.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsSystray.exe
      (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
      (Skype Software Sarl -> Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
      (Xerox Corporation) [File not signed] C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
      ==================== Registry (Whitelisted) ===================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IME JPN 2007 Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [63856 2011-09-19] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [XeroxScanUtility] => C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [430080 2008-04-15] (Xerox Corporation) [File not signed]
      HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\Windows\system32\xWD35bgnd.exe [80896 2008-04-14] () [File not signed]
      HKLM\...\Run: [Xerox PanelMgr] => C:\Windows\Xerox\PanelMgr\SSMMgr.exe [626688 2010-01-26] () [File not signed]
      HKLM\...\Run: [Stanley-H_XRX_S2P] => C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe [253952 2010-01-26] () [File not signed]
      HKLM\...\Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [112920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Run: [Google Update] => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [AvastBrowserAutoLaunch_9E0AB01C37B94381383AE0CDA0DCCFE4] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\MountPoints2: {6a2c2d8e-b410-11e3-9029-3cd92b632c53} - G:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKLM\...\Windows NT x86\Print Processors\sxs2mPC: C:\Windows\System32\spool\prtprocs\W32X86\sxs2mpc.dll [19968 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) 2000 DDK provider)
      HKLM\...\Windows NT x86\Print Processors\XeroxV5Print: C:\Windows\System32\spool\prtprocs\W32X86\x5print.dll [10752 2008-05-09] (Xerox Corporation) [File not signed]
      HKLM\...\Windows NT x86\Print Processors\xp3220: C:\Windows\System32\spool\prtprocs\W32X86\xp3220pp.dll [56320 2009-06-17] (Windows (R) Codename Longhorn DDK provider) [File not signed]
      HKLM\...\Print\Monitors\Language Monitor for Xerox Phaser 6125N: C:\Windows\SYSTEM32\XRZWSLBI.DLL [135284 2009-08-30] (Xerox Co., Ltd.) [File not signed]
      HKLM\...\Print\Monitors\sxs2m Langmon: C:\Windows\SYSTEM32\sxs2ml3.dll [22723 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
      HKLM\...\Print\Monitors\Xerox PC Fax Port: C:\Windows\SYSTEM32\XeroxFaxPort.dll [94208 2009-04-02] () [File not signed]
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\Installer\chrmstp.exe [2021-09-03] (Avast Software s.r.o. -> AVAST Software)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-14] (Google LLC -> Google LLC)
      HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk [2013-09-20]
      ShortcutTarget: OCS Inventory NG Systray.lnk -> C:\Program Files\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG) [File not signed]
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1006\User: Restriction <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1005\User: Restriction <==== ATTENTION
      Policies: C:\Users\Administrator\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Librarian\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Visitor\NTUSER.pol: Restriction <==== ATTENTION
      HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      ==================== Scheduled Tasks (Whitelisted) ============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {08DF9C6D-7CB5-4684-B618-67D60F53BEA0} - System32\Tasks\Del Old File => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {30793A5D-DAF8-4DCF-9F2D-90350B4C812B} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-07] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
      Task: {3267B5BB-592E-4EB5-BABA-3B6CFF35A841} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {3559AB34-18E1-482D-8F96-4536BA328936} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1546480 2021-06-25] (Avast Software s.r.o. -> Avast Software)
      Task: {3910E168-A173-4EF4-A61E-E5D13CCE99DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\{671B1A2E-C698-451F-BF5F-C59EABFF1053}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\{B082BF56-1FC4-46B4-A49A-712889734CCB}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
      Task: {4E4163B2-2F9B-40BC-BCE1-8CA082945A05} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {59788F2F-057B-497D-AD10-26F6EBE7DD6E} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001Core -> No File <==== ATTENTION
      Task: {5CC8CDED-13A6-4AB9-B10C-ADC7F2CE961B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      Task: {5F353FD2-DAE7-4B61-B6D2-013DE73E0D84} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4364056 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      Task: {67F3E56F-BF81-40A9-9B43-E0B8D326CF35} - System32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053} => C:\Program Files\Skype\\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      Task: {6D041990-9703-495B-922D-A29D1E951CF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {6D725850-4BEA-4C22-ADFF-0B008091ECAD} - System32\Tasks\delete => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {6E99A771-BE6E-4451-865F-6FB9DCBBDFCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {88F25EBE-0AD6-45B2-BB52-208CF5A62B03} - System32\Tasks\Log off => C:\Windows\Scripts\logoff.bat [16 2010-10-31] () [File not signed]
      Task: {982A605B-F3AD-4C0D-8BBF-E7630ADB1F1E} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {9F2A0AEF-F85F-4784-A1C3-68726ED402A0} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001UA -> No File <==== ATTENTION
      Task: {A2DF1937-8BB7-429B-838F-9BB6B671ABA2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      Task: {AED1AD05-FC83-4BAD-945F-721B4890EC84} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_pepper.exe [1497656 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {B1AE9B04-84F1-4831-8527-D76B753CBA2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      Task: {BBBB72F5-3A2B-4A01-A640-A5FF57FD1EB6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-09-09] (Adobe Inc. -> Adobe)
      Task: {BD743956-DC62-4307-843F-D62CE84AD182} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      Task: {C55964AC-A211-4B5D-B595-C77C191E72DB} - System32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
      Task: {DDA3604F-53D8-4D74-AB76-64F76053088A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {EF23F159-7109-499A-A25E-2BF8A8FE9116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001Core.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001UA.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{A753DA6E-FE95-49B7-AA56-3DC81D3E4609}: [DhcpNameServer] 192.168.0.1
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      FireFox:
      ========
      FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c21lr0at.default [2018-09-27]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-09] (Adobe Inc. -> )
      FF Plugin: @IPC/WebClient -> C:\windows\system32\SuperClient2\npSuperClient.dll [2013-09-26] (Chipspoint Electronics Co., Ltd -> )
      FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-25] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.) [File not signed]
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Visitor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies SF -> Unity Technologies ApS)
      FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\services-sync.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-branding.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-l10n.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2013-08-12]
      FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2007-04-03] <==== ATTENTION
      Chrome: 
      =======
      CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-09-16]
      CHR Notifications: Default -> hxxps://www.facebook.com
      CHR Extension: (Документи) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-27]
      CHR Extension: (Google Диск) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-31]
      CHR Extension: (Google Документи офлайн) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-01]
      CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-08-31]
      CHR Extension: (Skype) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-09-27]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-31]
      CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-31]
      CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
      CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
      CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
      ==================== Services (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      S2 AgentService; C:\Program Files\LibraryClient\globalLibx32\service.exe [46592 2012-02-20] () [File not signed]
      R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
      R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7466064 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [575768 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [357656 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\elevation_service.exe [1197032 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R2 OCS Inventory Service; C:\Program Files\OCS Inventory Agent\OcsService.exe [38912 2013-04-08] (OCS Inventory NG) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
      R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1713536 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      ===================== Drivers (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 amdiox86; C:\Windows\System32\DRIVERS\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8395776 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
      R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [247296 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
      R2 AODDriver4.01; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39424 2011-06-24] (Advanced Micro Devices) [File not signed]
      R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [33600 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185776 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [309264 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206352 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [91664 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39312 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [153496 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [393016 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2020-06-18] (AVAST Software s.r.o. -> AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [92752 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [690128 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [161864 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [278184 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [259800 2021-09-07] (Bluestack Systems, Inc -> Bluestack System Inc.)
      S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed]
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
      R3 MpKslc0e71772; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AEB6EB6-B91A-4C67-B3E5-99CBE32CCFF4}\MpKslDrv.sys [36072 2021-09-16] (Microsoft Windows -> Microsoft Corporation)
      S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18560 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 qcusbser-forge; C:\Windows\System32\DRIVERS\qcusbser.sys [214080 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      S3 qcusbwwan-forge; C:\Windows\System32\DRIVERS\qcusbwwan.sys [422976 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed]
      S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI Corporation -> MCCI)
      S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Windows -> Microsoft Corporation)
      S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      U1 aswbdisk; no ImagePath
      S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
      S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One month (created) (Whitelisted) =========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:55 - 2021-09-16 11:57 - 000000000 ____D C:\FRST
      2021-09-16 11:39 - 2021-09-16 11:39 - 000003872 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002141 _____ C:\Users\Public\Desktop\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000001993 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
      2021-09-16 11:38 - 2021-09-16 11:38 - 000006890 _____ C:\Users\Administrator\-1.14-windows.xml
      2021-09-16 11:36 - 2021-09-16 11:49 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
      2021-09-16 11:36 - 2021-09-16 11:36 - 000000000 ____D C:\Program Files\BlueStacks_nxt
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\BlueStacksSetup
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Bluestacks
      2021-09-16 11:33 - 2021-09-16 11:33 - 000000000 ____D C:\Users\Public\BlueStacks
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000262 _____ C:\Users\Administrator\advanced_ip_scanner_MAC.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Comments.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Aliases.bin
      2021-09-16 08:51 - 2013-09-26 14:21 - 000000000 ____D C:\Windows\system32\SuperClient2
      2021-09-16 08:51 - 2013-09-26 14:07 - 000237568 _____ () C:\Windows\system32\SuperClient Save.exe
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000957 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\Program Files\Advanced IP Scanner
      2021-09-08 12:11 - 2021-09-08 12:09 - 000287000 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2021-09-08 12:11 - 2021-09-08 12:09 - 000161864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2021-09-02 09:25 - 2021-09-13 09:22 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
      2021-08-31 14:56 - 2021-08-31 14:56 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
      ==================== One month (modified) ==================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:56 - 2010-10-25 14:45 - 000000000 ____D C:\Users\Visitor
      2021-09-16 11:56 - 2010-10-25 14:24 - 000000000 ____D C:\Users\Librarian
      2021-09-16 11:52 - 2010-10-31 18:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
      2021-09-16 11:45 - 2011-04-04 16:21 - 000000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job
      2021-09-16 11:39 - 2010-10-25 14:50 - 000000000 ____D C:\Users\Administrator
      2021-09-16 11:24 - 2013-09-25 11:17 - 000000000 ____D C:\Program Files\Google
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 08:39 - 2017-07-18 16:04 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
      2021-09-16 08:37 - 2017-07-18 16:00 - 000000000 ____D C:\ProgramData\AVAST Software
      2021-09-16 08:37 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2021-09-15 15:07 - 2018-09-27 09:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\AVAST Software
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2021-09-08 12:13 - 2017-07-18 16:03 - 000278184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2021-09-08 12:09 - 2020-07-30 09:14 - 000153496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2021-09-08 12:09 - 2020-06-18 16:34 - 000393016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000206352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000091664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
      2021-09-08 12:09 - 2017-07-18 16:06 - 000039312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000455920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000092752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000071920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000309264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000033600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
      2021-09-08 12:08 - 2017-11-17 09:11 - 000185776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2021-09-08 12:08 - 2017-07-18 16:03 - 000690128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2021-09-03 09:26 - 2019-04-12 09:35 - 000003720 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002338 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
      2021-09-03 09:16 - 2010-10-30 10:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
      2021-09-02 12:01 - 2011-04-04 16:21 - 000000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job
      2021-09-02 09:04 - 2018-03-28 15:58 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003322 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003194 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
      2021-09-02 09:04 - 2017-06-20 10:51 - 000004486 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
      2021-09-02 09:04 - 2013-09-25 11:14 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
      2021-09-02 09:04 - 2012-07-26 12:09 - 000003068 _____ C:\Windows\system32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB}
      2021-09-02 09:04 - 2012-03-30 10:56 - 000003950 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003912 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003516 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core
      2021-09-02 09:04 - 2010-10-24 18:33 - 000002866 _____ C:\Windows\system32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053}
      2021-09-01 12:43 - 2017-12-07 11:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
      2021-09-01 12:25 - 2010-10-24 19:51 - 000000000 ____D C:\ProgramData\Adobe
      2021-08-31 14:56 - 2010-10-29 10:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
      2021-08-31 14:56 - 2010-10-24 19:26 - 003890712 _____ C:\Windows\system32\perfh01F.dat
      2021-08-31 14:56 - 2010-10-24 19:26 - 003245800 _____ C:\Windows\system32\perfc01F.dat
      2021-08-31 14:56 - 2010-10-24 18:25 - 000006252 _____ C:\Windows\system32\PerfStringBackup.INI
      2021-08-30 23:45 - 2010-10-24 18:20 - 000652664 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      ==================== Files in the root of some directories ========
      2010-10-29 19:41 - 2010-10-30 10:58 - 000008049 _____ () C:\Users\Administrator\AppData\Roaming\XeroxFaxOptions.xml
      2010-10-26 17:33 - 2010-10-26 17:33 - 000000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
      ==================== SigCheck ============================
      (There is no automatic fix for files that do not pass verification.)

      LastRegBack: 2021-09-09 10:36
      ==================== End of FRST.txt ========================
      Addition.txt
    • от vlado1985
      Здравейте мисля че имам вирус, следкато днес инсталирах една актуализация защото ми показваше че има проблем с сертификатите и не ми се зареждаха някои страници. Следкато инсталирах въпросната актуализация ми се появи този страмен сервиз и немога да го махна. Атктуализацията която качих е тази https://www.microsoft.com/en-us/download/details.aspx?id=45633 от тази страница видях че въпросната актуализация е помогнала на няколко човека и аз я качих на мен https://support.google.com/chrome/thread/128686072/net-err-cert-date-invalid-error?hl=en 
      Прилагам снимки на сервиза който ми се появи


×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване