Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websites failed to load


  • This topic is locked This topic is locked
10 replies to this topic

#1 kostya86

kostya86

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 04 October 2014 - 04:14 AM

Hi,

 

Every few months or so I will encounter a problem where my computer will begin to have problems with loading websites. Google Chrome will just display a blank page or say "no data received". I have to reload the website in Chrome a couple of times and it will sometimes sluggishly open or not at all. Obviously, rebooting the computer does not help and other devices on the local network, which access the internet via the same router function perfectly fine. Opening websites through a different browser such as Firefox can sometimes help, but does not always. Pinging websites works fine and downloading files also works fine. 

 

Last time I had this problem I scanned my computer with HijackThis and uploaded the log to some auto analyzer forum, which found no threats. Then scanned with MalawareByes, HitmanPro, and RougueKiller, some of which I believe found small things (like a bad website cookie or corrupt registry entry), but did not fix the problem. Finally I ran ComboFix, which at one point helped me get rid of a nasty virus, and that was the only thing that was able to resolved the problem. I no longer have the log from that ComboFix run but I remember that the main drawback I had was that it somehow broke the update feature of my Kaspersky Internet Security, and I had to reinstall the software for it to work properly. 

 

This time around I started having a similar problem a couple of days ago and just ran ComboFix straight away. As last time, it corrupted the update feature of Kaserpsky Internet Security, but after a restart the problem was gone. Looking at the log file, I can see that ComboFix deleted 4 files: 

 

c:\users\hds\adguardInstaller.exe
c:\users\kostya86\AppData\Local\Temp\sfamcc00001.dll
c:\users\kostya86\AppData\Local\Temp\sfareca00001.dll
c:\windows\PFRO.log
 
Websites load fine now, but I'd like to understand what kind of Malaware I removed and whether the problem is gone for good. I've ran the DDS diagnostics tool as requested by boopme.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by kostya86 at 12:07:52 on 2014-10-04
Microsoft Windows 7 Professional   6.1.7601.1.1251.7.1033.18.8150.5304 [GMT 3:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Progz\Serviio\bin\ServiioService.exe
C:\Progz\Serviio\bin\ServiioService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
D:\!progz\VMware\vmware-authd.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Progz\3rvx\3RVX.exe
C:\Progz\Serviio\bin\ServiioConsole.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Progz\SpeedFan\speedfan.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\kostya86\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Progz\Powercalc\PowerCalc.exe
C:\Progz\Download Master\dmaster.exe
C:\Gamez\Fraps\fraps.exe
C:\Gamez\Fraps\fraps64.dat
C:\Users\kostya86\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IE 4.x-6.x BHO for Download Master: {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\Progz\Download Master\dmiehlp.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [3RVX] C:\Progz\3rvx\3RVX.exe
uRun: [DAEMON Tools Lite] "C:\Progz\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\kostya86\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\3RVX.lnk - C:\Progz\3rvx\3RVX.exe
StartupFolder: C:\Users\kostya86\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Progz\Serviio\bin\ServiioConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SpeedFan.lnk - C:\Progz\SpeedFan\speedfan.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Добавить в Анти-Баннер - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Закачать ВСЕ при помощи Download Master - C:\Progz\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - C:\Progz\Download Master\dmie.htm
IE: Передать на удаленную закачку DM - C:\Progz\Download Master\remdown.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Progz\Download Master\dmaster.exe
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 193.239.255.129 193.239.255.21
TCP: Interfaces\{AC0030CA-1542-4526-AC3B-16FC70EABE44} : DHCPNameServer = 193.239.255.129 193.239.255.21
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kostya86\AppData\Roaming\Mozilla\Firefox\Profiles\pujwx5cw.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\kostya86\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\kostya86\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-6-6 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-6-6 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-6 19224]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-2-17 73296]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-5-23 27552]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-2-28 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-2-28 356128]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-11-18 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-16 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 21055432]
R2 Serviio;Serviio;C:\Progz\Serviio\bin\ServiioService.exe [2014-3-21 359936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-2 411968]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-11-18 27792]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-10-9 905272]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-6 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-6 789272]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-2-28 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-2-28 29280]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-5-16 110744]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-22 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-22 40392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-11-18 2206352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-8-13 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-8-13 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2013-5-17 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-5-17 30528]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-5-17 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-19 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-5-23 137336]
S4 KMSEmulator;KMS Server Service;C:\Users\All Users\KMSAuto\KMSES.exe 1688 55041-01849-662-662235-03-1049-9200.0000-1692012 KillProcessOnPort --> C:\Users\All Users\KMSAuto\KMSES.exe 1688 55041-01849-662-662235-03-1049-9200.0000-1692012 KillProcessOnPort [?]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="D:/gamez/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="D:/gamez/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-10-04 02:47:29 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC436721-B79C-4FBC-91ED-F365953FC1D4}\offreg.dll
2014-10-04 02:47:01 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CC436721-B79C-4FBC-91ED-F365953FC1D4}\mpengine.dll
2014-10-02 10:18:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-02 00:49:45 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-09-29 15:58:36 -------- d-----w- C:\Users\kostya86\AppData\Roaming\CLOUD
2014-09-29 15:24:15 -------- d-----w- C:\Windows\Migration
2014-09-29 15:23:03 -------- d-----w- C:\Users\kostya86\AppData\Roaming\Endless Legend
2014-09-23 23:24:31 -------- d-----w- C:\Users\kostya86\AppData\Local\Sublight
.
==================== Find3M  ====================
.
2014-10-02 14:37:30 27552 ----a-w- C:\Windows\System32\drivers\HWiNFO64A.SYS
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-15 06:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-13 21:53:36 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-09-13 21:53:36 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-09-13 21:53:34 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-09-13 21:53:34 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-09-13 21:53:34 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-09-11 15:37:55 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-08-21 19:14:08 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-08-04 09:20:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-04 09:20:54 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 12:08:04.22 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 08 October 2014 - 09:19 PM

Greetings kostya86 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 kostya86

kostya86
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 09 October 2014 - 03:46 AM

Hi Gary,

 

My name is Konstantin. Thank you for taking the time to help me. 

 

As per your instructions:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by kostya86 (administrator) on KOSTYA on 09-10-2014 11:39:07
Running from C:\Users\kostya86\Desktop
Loaded Profile: kostya86 (Available profiles: kostya86)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Progz\Serviio\bin\ServiioService.exe
() C:\Progz\Serviio\bin\ServiioService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) D:\!progz\VMware\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(matt.malensek.net) C:\Progz\3rvx\3RVX.exe
() C:\Progz\Serviio\bin\ServiioConsole.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(WestByte) C:\Progz\Download Master\dmaster.exe
(BitTorrent Inc.) C:\Users\kostya86\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\kostya86\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
(Blizzard Entertainment) D:\gamez\Battle.net\Battle.net.5134\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-03-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2492114592-3282431463-4005970237-1000\...\Run: [3RVX] => C:\Progz\3rvx\3RVX.exe [159232 2008-10-14] (matt.malensek.net)
HKU\S-1-5-21-2492114592-3282431463-4005970237-1000\...\Run: [DAEMON Tools Lite] => C:\Progz\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2492114592-3282431463-4005970237-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe [851632 2014-08-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Progz\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Startup: C:\Users\kostya86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3RVX.lnk
ShortcutTarget: 3RVX.lnk -> C:\Progz\3rvx\3RVX.exe (matt.malensek.net)
Startup: C:\Users\kostya86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Progz\Serviio\bin\ServiioConsole.exe ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65B4F09CB951CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Progz\Download Master\dmiehlp.dll (WestByte)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWow64\Msdxm6.ocx (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 193.239.255.129 193.239.255.21
 
FireFox:
========
FF ProfilePath: C:\Users\kostya86\AppData\Roaming\Mozilla\Firefox\Profiles\pujwx5cw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\kostya86\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\kostya86\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\kostya86\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\kostya86\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-05-24]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-03-31]
FF StartMenuInternet: FIREFOX.EXE - C:\Progz\Firefox\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-10-08]
CHR Extension: (Google Docs) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16]
CHR Extension: (Google Drive) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (ServiioTube) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakaojhfbcaonblkoflkbfjpmehpgmbc [2014-10-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google Search) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-03-31]
CHR Extension: (Google Calendar) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-10-08]
CHR Extension: (Safe Money) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-03-31]
CHR Extension: (Content Blocker) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-31]
CHR Extension: (IMG Rotate) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcoonajankpbolkgbipphpmbhefkengn [2014-10-08]
CHR Extension: (Poppit!) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]
CHR Extension: (Anti-Banner) - C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-02-28]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-05-24]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-02-28]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-02-28]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-02-28]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-02-28]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-02-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-03-31] (Kaspersky Lab ZAO)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 KMSEmulator; C:\Users\All Users\KMSAuto\KMSES.exe [277504 2013-07-02] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-05-22] ()
R2 Serviio; C:\Progz\Serviio\bin\ServiioService.exe [359936 2014-03-21] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 VMAuthdService; D:\!progz\VMware\vmware-authd.exe [86096 2013-10-18] (VMware, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-06-11] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2014-10-02] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-31] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-31] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-31] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-03-31] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-03-31] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-03-31] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-19] (Duplex Secure Ltd.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [32848 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
U3 ayyq1eb8; C:\Windows\System32\Drivers\ayyq1eb8.sys [0 ] (Intel Corporation)
S2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-09 11:39 - 2014-10-09 11:39 - 00023613 _____ () C:\Users\kostya86\Desktop\FRST.txt
2014-10-09 11:39 - 2014-10-09 11:39 - 00000000 ____D () C:\FRST
2014-10-09 11:38 - 2014-10-09 11:38 - 02109952 _____ (Farbar) C:\Users\kostya86\Desktop\FRST64.exe
2014-10-09 00:35 - 2014-10-09 00:35 - 00000696 _____ () C:\Users\kostya86\Desktop\FTL.lnk
2014-10-09 00:34 - 2014-10-09 00:34 - 00000788 _____ () C:\Users\kostya86\Desktop\FTL Faster Than Light.lnk
2014-10-07 14:52 - 2006-12-27 17:21 - 00001176 _____ () C:\Windows\kaillera.ini
2014-10-06 23:30 - 2014-10-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-06 15:18 - 2014-10-06 15:18 - 00000208 _____ () C:\Users\kostya86\Desktop\Lethal League.url
2014-10-06 14:08 - 2014-05-08 10:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-06 14:08 - 2014-05-08 09:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-06 14:08 - 2014-05-08 08:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-06 14:08 - 2014-05-08 07:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-06 14:07 - 2014-05-08 08:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-06 14:07 - 2014-05-08 07:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-06 14:07 - 2013-05-10 08:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-06 14:07 - 2013-05-10 08:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-06 14:07 - 2013-05-10 07:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-06 14:07 - 2013-05-10 07:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-06 13:57 - 2014-06-27 05:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-06 13:57 - 2014-06-27 04:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-06 13:57 - 2013-12-21 12:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-06 13:57 - 2013-12-21 11:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-06 13:56 - 2014-09-10 01:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-06 13:56 - 2014-09-10 00:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-06 13:56 - 2014-07-07 05:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-06 13:56 - 2014-07-07 05:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-06 13:56 - 2014-07-07 04:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-06 13:56 - 2014-07-07 04:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-06 13:56 - 2014-07-07 04:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-06 13:56 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-06 13:56 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-06 13:56 - 2014-06-25 05:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-06 13:56 - 2014-06-25 04:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-06 13:56 - 2014-06-24 06:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-06 13:56 - 2014-06-24 05:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-06 13:56 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-06 13:56 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-06 13:56 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-06 13:56 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-06 13:56 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-06 13:56 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-06 13:56 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-06 13:56 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-06 13:56 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-06 13:56 - 2014-04-12 05:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-06 13:56 - 2014-04-12 05:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-06 13:56 - 2014-04-12 05:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-06 13:56 - 2014-04-12 05:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-06 13:56 - 2014-04-12 05:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-06 13:56 - 2014-04-12 05:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-06 13:56 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-06 13:56 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-06 13:56 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-06 13:56 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-06 13:56 - 2014-03-04 12:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-06 13:56 - 2014-03-04 12:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-06 13:56 - 2014-03-04 12:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-06 13:56 - 2014-03-04 12:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-10-06 13:56 - 2014-03-04 12:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-06 13:56 - 2014-03-04 12:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-10-06 13:56 - 2014-03-04 12:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-10-06 13:56 - 2014-03-04 12:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-10-06 13:56 - 2014-03-04 12:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-10-06 13:56 - 2014-03-04 12:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-06 13:56 - 2014-03-04 12:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-06 13:56 - 2014-03-04 12:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-06 13:56 - 2014-03-04 12:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-10-06 13:56 - 2014-03-04 12:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-10-06 13:56 - 2014-03-04 12:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-10-06 13:56 - 2014-03-04 12:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-10-06 13:56 - 2014-03-04 12:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-10-06 13:56 - 2014-03-04 12:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-10-06 13:56 - 2014-03-04 12:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-10-06 13:56 - 2014-03-04 12:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-06 13:56 - 2014-02-04 05:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-06 13:56 - 2014-02-04 05:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-06 13:56 - 2014-02-04 05:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-10-06 13:56 - 2014-02-04 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-10-06 13:56 - 2014-02-04 05:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-10-06 13:56 - 2013-12-04 05:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-10-06 13:56 - 2013-12-04 05:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-10-06 13:56 - 2013-12-04 05:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-10-06 13:56 - 2013-12-04 05:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-10-06 13:56 - 2013-12-04 05:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-06 13:56 - 2013-12-04 05:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-10-06 13:56 - 2013-12-04 05:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-10-06 13:56 - 2013-12-04 05:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-10-06 13:56 - 2013-12-04 05:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-06 13:56 - 2013-12-04 05:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-10-06 13:56 - 2013-12-04 05:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-10-06 13:56 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-10-06 13:56 - 2013-12-04 05:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-10-06 13:56 - 2013-12-04 05:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-10-06 13:56 - 2013-12-04 04:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-10-06 13:56 - 2013-12-04 04:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-10-06 13:56 - 2013-12-04 04:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-10-06 13:56 - 2013-12-04 04:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-10-06 13:56 - 2013-11-26 11:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-06 13:56 - 2013-11-23 21:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-06 13:56 - 2013-11-23 20:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-06 13:56 - 2013-11-23 01:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-06 13:55 - 2014-09-25 05:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-06 13:55 - 2014-09-25 04:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-06 13:55 - 2014-09-05 05:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-06 13:55 - 2014-09-05 05:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-06 13:55 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-06 13:55 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-06 13:55 - 2014-08-23 03:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-06 13:55 - 2014-08-01 14:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-06 13:55 - 2014-08-01 14:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-06 13:55 - 2014-06-18 05:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-06 13:55 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-06 13:55 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-06 13:55 - 2014-06-06 13:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-06 13:55 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-06 13:55 - 2014-05-30 11:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-06 13:55 - 2014-05-30 11:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-06 13:55 - 2014-05-30 11:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-06 13:55 - 2014-05-30 11:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-06 13:55 - 2014-05-30 11:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-06 13:55 - 2014-05-30 11:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-06 13:55 - 2014-05-30 10:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-06 13:55 - 2014-05-30 10:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-06 13:55 - 2014-05-30 10:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-06 13:55 - 2014-05-30 10:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-06 13:55 - 2014-05-30 10:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-06 13:55 - 2014-05-30 10:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-06 13:55 - 2014-05-30 09:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-06 13:55 - 2014-04-25 05:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-06 13:55 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-10-06 13:55 - 2014-04-05 05:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-06 13:55 - 2014-04-05 05:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-06 13:55 - 2014-03-26 17:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-06 13:55 - 2014-03-26 17:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-06 13:55 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-06 13:55 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-06 13:55 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-10-06 13:55 - 2014-03-26 17:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-06 13:55 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-10-06 13:55 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-10-06 13:55 - 2014-03-04 12:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-06 13:55 - 2014-03-04 12:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-10-06 13:55 - 2014-03-04 12:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-10-06 13:55 - 2014-03-04 12:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-10-06 13:55 - 2014-03-04 12:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-10-06 13:55 - 2014-03-04 12:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-10-06 13:55 - 2014-03-04 12:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-06 13:55 - 2014-03-04 12:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-10-06 13:55 - 2014-03-04 12:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-10-06 13:55 - 2014-03-04 11:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-10-06 13:55 - 2014-03-04 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-10-06 13:55 - 2014-02-04 05:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-06 13:55 - 2014-02-04 05:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-06 13:55 - 2014-01-29 05:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-10-06 13:55 - 2014-01-29 05:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-10-06 13:55 - 2014-01-28 05:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-10-06 13:55 - 2014-01-24 05:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-06 13:55 - 2014-01-01 02:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-06 13:55 - 2014-01-01 02:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-10-06 13:55 - 2013-11-27 04:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-06 13:55 - 2013-11-27 04:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-10-06 13:55 - 2013-11-27 04:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-10-06 13:55 - 2013-11-27 04:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-06 13:55 - 2013-11-27 04:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-10-06 13:55 - 2013-11-27 04:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-10-06 13:55 - 2013-11-27 04:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-10-06 13:55 - 2013-11-26 14:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-06 13:55 - 2013-10-30 05:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-10-06 13:55 - 2013-10-30 05:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-10-06 13:55 - 2013-10-19 05:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-10-06 13:55 - 2013-10-19 04:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-10-06 13:55 - 2013-10-12 05:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-06 13:55 - 2013-10-12 05:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-06 13:55 - 2013-10-12 05:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-10-06 13:55 - 2013-10-12 05:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-10-06 13:55 - 2013-10-12 04:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-10-06 13:55 - 2013-10-12 04:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-06 13:55 - 2013-10-12 04:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-10-06 13:55 - 2013-10-12 04:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-10-06 13:55 - 2013-10-04 05:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-10-06 13:55 - 2013-10-04 04:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-10-06 13:53 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-06 13:53 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-05 22:27 - 2014-10-05 22:27 - 00000794 _____ () C:\Users\Public\Desktop\Age of Wonders III.lnk
2014-10-05 22:27 - 2014-10-05 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-10-02 17:32 - 2014-10-02 17:32 - 00000791 _____ () C:\Users\kostya86\Desktop\MSI Afterburner.lnk
2014-10-02 13:20 - 2014-10-02 13:20 - 00000546 _____ () C:\Windows\PFRO.log
2014-10-02 13:18 - 2014-10-02 13:18 - 00020231 _____ () C:\ComboFix.txt
2014-10-02 03:50 - 2014-10-02 03:50 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-02 03:49 - 2014-09-13 23:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-02 03:48 - 2014-09-17 07:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-02 03:48 - 2014-09-17 07:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-02 03:48 - 2014-09-14 02:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-02 03:48 - 2014-09-14 02:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-02 03:37 - 2014-10-02 03:37 - 00000000 ____D () C:\Users\kostya86\Documents\WB Games
2014-10-02 03:13 - 2014-10-02 03:13 - 00019318 _____ () C:\20141001 ComboFix.txt
2014-10-02 03:01 - 2014-10-02 03:01 - 00000853 _____ () C:\Users\kostya86\Desktop\Middle Earth Shadow of Mordor.lnk
2014-10-02 03:01 - 2014-10-02 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Middle Earth Shadow of Mordor
2014-09-30 16:36 - 2014-09-30 16:36 - 01172563 _____ () C:\Users\kostya86\Desktop\model sample.xlsx
2014-09-30 13:44 - 2014-09-30 13:44 - 00000948 _____ () C:\Users\kostya86\Desktop\Super Meat Boy.lnk
2014-09-29 20:07 - 2014-09-30 17:12 - 00000000 ____D () C:\Users\kostya86\Documents\Endless Legend
2014-09-29 18:58 - 2014-09-29 18:58 - 00000000 ____D () C:\Users\kostya86\AppData\Roaming\CLOUD
2014-09-24 02:24 - 2014-09-24 02:24 - 00000747 _____ () C:\Users\Public\Desktop\Sublight.lnk
2014-09-24 02:24 - 2014-09-24 02:24 - 00000000 ____D () C:\Users\kostya86\AppData\Local\Sublight
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-09 11:39 - 2013-05-17 03:05 - 00000000 ____D () C:\Users\kostya86\AppData\Roaming\BitTorrent
2014-10-09 11:38 - 2013-10-22 19:53 - 00000000 ____D () C:\Users\kostya86\AppData\Local\Battle.net
2014-10-09 11:34 - 2013-06-28 13:39 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492114592-3282431463-4005970237-1000UA.job
2014-10-09 11:18 - 2013-11-06 15:41 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 09:59 - 2014-03-31 02:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-09 04:32 - 2013-11-06 15:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 03:54 - 2009-07-14 07:45 - 00035120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 03:54 - 2009-07-14 07:45 - 00035120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 03:44 - 2013-05-16 15:42 - 01636744 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 03:34 - 2013-06-28 13:39 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492114592-3282431463-4005970237-1000Core.job
2014-10-08 23:32 - 2013-05-18 19:02 - 00001096 _____ () C:\.dir
2014-10-08 19:20 - 2014-03-01 16:37 - 00000000 ____D () C:\Users\kostya86\AppData\Roaming\vlc
2014-10-08 17:58 - 2013-11-06 15:42 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 23:57 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-10-06 23:37 - 2009-07-14 08:13 - 00801294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 23:31 - 2013-11-08 19:44 - 00034506 _____ () C:\Windows\setupact.log
2014-10-06 23:31 - 2013-06-06 00:17 - 00000000 ____D () C:\ProgramData\VMware
2014-10-06 23:31 - 2013-05-16 01:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 23:31 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-06 23:31 - 2009-07-14 07:45 - 00366256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 23:30 - 2011-04-12 11:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-06 23:30 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-06 23:30 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-06 23:30 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-06 14:05 - 2013-05-25 00:10 - 00785160 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-05 21:57 - 2013-05-18 17:04 - 00000000 ____D () C:\Users\kostya86\AppData\Roaming\Skype
2014-10-04 00:39 - 2014-04-21 22:00 - 00007604 _____ () C:\Users\kostya86\AppData\Local\Resmon.ResmonCfg
2014-10-02 17:37 - 2013-05-23 18:12 - 00027552 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2014-10-02 17:37 - 2013-05-23 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2014-10-02 17:32 - 2013-05-20 20:34 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-02 17:32 - 2013-05-16 01:17 - 00000000 ____D () C:\Progz
2014-10-02 13:18 - 2014-02-26 16:51 - 00000000 ____D () C:\Qoobox
2014-10-02 13:17 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-02 03:50 - 2013-05-21 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-02 03:49 - 2013-05-16 01:15 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-02 03:27 - 2013-05-16 00:51 - 00000000 ____D () C:\Users\kostya86
2014-10-02 03:13 - 2014-05-20 19:54 - 00000000 ____D () C:\Users\hds
2014-10-02 03:11 - 2014-02-26 16:50 - 00000000 ____D () C:\Windows\erdnt
2014-10-02 03:11 - 2009-07-14 05:34 - 69730304 _____ () C:\Windows\system32\config\software.bak
2014-10-02 03:11 - 2009-07-14 05:34 - 44040192 _____ () C:\Windows\system32\config\components.bak
2014-10-02 03:11 - 2009-07-14 05:34 - 17039360 _____ () C:\Windows\system32\config\system.bak
2014-10-02 03:11 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-10-02 03:11 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-10-02 03:11 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-10-01 14:40 - 2013-11-08 16:16 - 00000000 ____D () C:\Users\kostya86\AppData\Local\CrashDumps
2014-09-30 13:44 - 2014-02-20 02:44 - 00000000 ____D () C:\Users\kostya86\AppData\Local\SKIDROW
2014-09-29 18:23 - 2013-11-13 00:25 - 00143424 _____ () C:\Windows\DirectX.log
2014-09-17 07:51 - 2014-01-22 21:30 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-09-15 18:10 - 2014-08-18 11:52 - 00000000 ____D () C:\Users\kostya86\Desktop\Nyree job
2014-09-15 09:06 - 2010-11-21 06:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 02:48 - 2014-06-22 21:39 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-14 02:48 - 2013-10-29 12:18 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-14 02:48 - 2013-05-16 01:23 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-14 02:48 - 2013-05-16 01:23 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-09-14 02:48 - 2013-05-16 01:23 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-09-14 02:48 - 2013-05-16 01:23 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-09-14 02:48 - 2013-05-16 01:23 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-09-14 02:48 - 2013-05-16 01:23 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-09-14 02:48 - 2013-05-16 01:15 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-14 02:48 - 2013-05-16 01:15 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-14 00:53 - 2013-05-16 01:23 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-14 00:53 - 2013-05-16 01:23 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-09-14 00:53 - 2013-05-16 01:23 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-14 00:53 - 2013-05-16 01:23 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-14 00:53 - 2013-05-16 01:23 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-11 18:37 - 2013-05-16 01:23 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
 
Some content of TEMP:
====================
C:\Users\kostya86\AppData\Local\Temp\i4jdel0.exe
C:\Users\kostya86\AppData\Local\Temp\sfamcc00001.dll
C:\Users\kostya86\AppData\Local\Temp\sfamcc00002.dll
C:\Users\kostya86\AppData\Local\Temp\sfareca00001.dll
C:\Users\kostya86\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kostya86\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 00:51
 
==================== End Of Log ============================
 
Additon txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by kostya86 at 2014-10-09 11:39:26
Running from C:\Users\kostya86\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
3RVX (HKLM-x32\...\{66BB5D8F-D9BD-4799-A9FA-5731B3B7839A}) (Version: 2.5 - matt.malensek.net)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Age of Wonders III (HKLM-x32\...\GOGPACKAGEOFWONDERS3_is1) (Version: 2.0.0.4 - GOG.com)
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version:  - )
Assessments on Client (x32 Version: 8.100.26629 - Microsoft) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.3.7.3 - ASUSTek COMPUTER INC.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.1.19 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Combined Community Codec Pack 2014-03-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.03.09.0 - CCCP Project)
CPUID CPU-Z 1.64.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Download Master version 5.15.3.1345 (HKLM-x32\...\Download Master_is1) (Version: 5.15.3.1345 - WestByte)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foxit PhantomPDF Business (HKLM-x32\...\{A6161A48-9AE9-47E4-9A3D-89D368A9E11F}) (Version: 6.0.2.413 - Foxit Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FTL Faster Than Light ver. 1.5.10 (HKLM-x32\...\{12346898-72AE-89BA-96F5-98DD6F2186AC}_is1) (Version: 1.5.10 - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HWiNFO64 Version 4.44 (HKLM\...\HWiNFO64_is1) (Version: 4.44 - Martin Malнk - REALiX)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Лаборатория Касперского)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Лаборатория Касперского) Hidden
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
KMSnano 25 (HKLM\...\KMSnano 25_is1) (Version: KMSnano 25 - )
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Lethal League (HKLM-x32\...\Steam App 261180) (Version:  - Team Reptile)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Mass Effect 2 (HKLM-x32\...\Mass Effect 2_is1) (Version: RePack - Ultra)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (x32 Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (x32 Version: 8.0.51011 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (x32 Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (x32 Version: 8.0.58299 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (x32 Version: 8.0.59193 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (x32 Version: 9.0.21022.218 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (x32 Version: 9.0.30411 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (x32 Version: 9.0.30729.4048 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (x32 Version: 9.0.30729.5570 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 False (x32 Version: 11.0.50727.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False (x32 Version: 11.0.51106.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False (x32 Version: 11.0.60610.1 - Корпорация Майкрософт) Hidden
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
MKVToolNix 7.1.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.1.0 - Moritz Bunkus)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-cf27d0b3-29ad-4443-ac61-fe7a249bfdae) (Version:  - Epic Games, Inc.)
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Screen Capturer Recorder uninstall (HKLM-x32\...\Screen Capturer Recorder_is1) (Version:  - )
Serviio (HKLM\...\Serviio) (Version:  - )
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spectromancer (HKLM-x32\...\Steam App 22500) (Version:  - Apus Software)
Spectromancer: Gathering of Power (HKLM-x32\...\['{F634E3D7-B968-497B-A888-685597C901F6}']) (Version:  - Apus Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sublight (HKLM\...\Sublight_is1) (Version: 4 - Sublight Labs)
Subtitle Edit 3.4.0 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.0.3 - Nikse)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TheDarkSmartTVServer (HKLM-x32\...\TheDarkSmartTVServer) (Version: 7.0.7 - TheDark Design)
Toolkit Documentation (x32 Version: 8.100.26629 - Microsoft) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
Unified Remote (HKLM-x32\...\{D3EFFB62-5795-4C17-B64C-AF2E276050EF}) (Version: 2.12.1.0 - Unified Remote)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VIA Диспетчер устройств платформы (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Virtual Audio Capture Grabber uninstall (HKLM-x32\...\Virtual Audio Capture Grabber_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{9277b0c4-2ca8-431b-b4e2-98daf4005ec0}) (Version: 8.100.26629 - Microsoft Corporation)
Windows Assessment Toolkit (AMD64 Architecture Specific) (x32 Version: 8.100.25984 - Microsoft) Hidden
Windows Assessment Toolkit (x32 Version: 8.100.26629 - Microsoft) Hidden
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (08/20/2012 1.0.0000.00000) (HKLM\...\289137531F7C014BF296EFFBFC7E3748A293FEE9) (Version: 08/20/2012 1.0.0000.00000 - Amazon.com)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WPT Redistributables (x32 Version: 8.100.26629 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26629 - Microsoft) Hidden
Засоби перевірки правопису Microsoft Office 2013 – Українська версія (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2014-10-02 03:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04496C02-ED90-4494-9D03-BAAE4B2C5D1D} - System32\Tasks\{0454CD5E-78AB-4005-841C-59BF7C42EFD0} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {18236384-C353-4DF7-93FD-88A6FD90BB18} - System32\Tasks\{86ED9389-78B1-4700-92D2-D05F2FB2D477} => D:\gamez\The Swapper\TheSwapper.exe
Task: {1B1CC872-1719-4C44-8F2E-3BA826E151B2} - System32\Tasks\{978EFED8-51AD-4FDF-AEC7-1648E30505A7} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {22F31921-796C-49B4-A9F4-8F6DD940DD32} - System32\Tasks\AutoPico Daily Restart => D:\!progz\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {23A7C8F8-EF18-4E69-91A9-A7F1D9917F24} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {23D14177-627B-4FB9-A645-8F64C30B2A1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {365F58FA-8966-49BD-953D-EB577E63B16F} - System32\Tasks\{E097A655-75ED-47D6-A27D-C614B86BFE5C} => D:\gamez\The Swapper\TheSwapper.exe
Task: {3737291C-72B8-4670-A405-857A014AFE61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2492114592-3282431463-4005970237-1000UA => C:\Users\kostya86\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {3F1653D6-09F5-4CFE-BF7A-F70F74D3FE49} - System32\Tasks\CCleanerSkipUAC => C:\Progz\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {46C71F0E-0AB1-41C0-B13D-E8A5D4070ED2} - System32\Tasks\{AD913699-251F-445E-BF22-2717A1D67341} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {4BA03601-1BA0-46FF-8803-E81C2CB4717B} - System32\Tasks\{EE445AF1-A4C7-4D4D-B835-75C573271DD1} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {586B864A-77B9-4162-9D76-DBD79C143442} - System32\Tasks\{8B97D0AD-9AEB-4459-805D-73DBF4284F7E} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {5C292F1A-807D-47CB-8714-535638681031} - System32\Tasks\{A4070A05-DBB6-4305-8340-7BDDD6AB09D9} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {605A70B2-707A-493D-9F69-2DE2F409EC12} - \AmiUpdXp No Task File <==== ATTENTION
Task: {6AFB9505-9FB4-47DF-A2A3-F98F644ED6F6} - System32\Tasks\{3B5D1C13-A3F0-4718-965D-D22A78828FD2} => D:\gamez\The Swapper\TheSwapper.exe
Task: {6C8688C6-3017-4EEC-9497-833BE421E9A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2492114592-3282431463-4005970237-1000Core => C:\Users\kostya86\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {8D28D4B6-73E7-41A1-895E-16432DF61A2A} - System32\Tasks\{2AC43021-C934-4DB2-A9A1-2F48057B0681} => C:\Progz\Powercalc\PowerCalc.exe [2002-03-19] ()
Task: {9845C4D6-8560-4BD6-87D4-7570AA4C8DF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {A606A6A8-EF2E-4487-BAF8-D85B381CC91F} - System32\Tasks\{4F97C3A0-E598-439E-ACA4-A915167B6F51} => Chrome.exe http://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?page=tsPlugin
Task: {A9E43A7E-F92D-43AD-8A4C-0BA6E62ED714} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {BE41AD92-B45C-4660-A8A6-92AAF85C6313} - System32\Tasks\{42E59947-2BF0-4659-8A10-6EC3080D99ED} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {BE9249BF-6ACD-4AD1-BF82-8556CE089F0D} - System32\Tasks\{306CA6D6-E082-4D9C-8BEF-72AEE9289C50} => C:\Progz\Powercalc\PowerCalc.exe [2002-03-19] ()
Task: {CE9BC9EF-FB4A-40CF-830B-97B786062B82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D5CE05FE-AE45-431E-B979-414018CD95C6} - System32\Tasks\{85764A4C-3871-4FDA-9CCB-7D49CAACD496} => C:\Gamez\Crysis1\Bin64\Crysis.exe
Task: {E35E4169-9D25-4FF9-9438-4C6BB18A4A39} - System32\Tasks\{BE279718-D949-4E79-9AAF-F7D271620667} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {E454A020-0B65-4715-9741-EC697187FFD5} - System32\Tasks\{47A02AE6-92A2-4278-A88A-91AAA5665CFA} => C:\Program Files (x86)\GIGABYTE\ET6\ET6SC.exe [2012-07-09] ()
Task: {E5B32FC9-C0C7-4F42-B369-0A3D4AD274B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {EA8B7EF2-2A05-4123-980E-E547C58551BC} - System32\Tasks\{C08F44F6-1304-48CB-B91F-96CC0A7A7FFB} => D:\gamez\Bastion\Bastion.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492114592-3282431463-4005970237-1000Core.job => C:\Users\kostya86\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2492114592-3282431463-4005970237-1000UA.job => C:\Users\kostya86\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-19 12:04 - 2013-05-22 19:44 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-21 04:57 - 2014-03-21 04:57 - 00359936 _____ () C:\Progz\Serviio\bin\ServiioService.exe
2013-05-16 01:23 - 2014-09-14 00:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-06 23:37 - 2014-10-06 23:37 - 00178688 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\WaveLibMixer\828c17809465771249ab39ef26f86b90\WaveLibMixer.ni.dll
2014-10-06 23:37 - 2014-10-06 23:37 - 00108032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\CoreAudioApi\7fd494c22406deed2dfcc8e29c82cb65\CoreAudioApi.ni.dll
2014-03-21 04:57 - 2014-03-21 04:57 - 00399360 _____ () C:\Progz\Serviio\bin\ServiioConsole.exe
2013-02-28 23:20 - 2013-02-28 23:20 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () D:\!progz\VMware\libxml2.dll
2014-04-13 15:56 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 21:40 - 2012-08-17 21:40 - 00068024 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
2013-06-03 01:10 - 2012-12-12 12:48 - 00185784 _____ () C:\Progz\Download Master\unrar.dll
2014-02-18 21:31 - 2014-01-29 12:38 - 00054784 _____ () C:\Progz\Screen Capturer Recorder\screen-capture-recorder.dll
2014-04-17 03:27 - 2014-04-17 03:27 - 00087552 _____ () C:\Progz\IpCameraAdapter\IPCameraAdapter.dll
2014-10-08 17:58 - 2014-10-01 08:54 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-08 17:58 - 2014-10-01 08:54 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-08 17:58 - 2014-10-01 08:54 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-08 17:58 - 2014-10-01 08:54 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 26065408 _____ () D:\gamez\Battle.net\Battle.net.5134\libcef.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00739840 _____ () D:\gamez\Battle.net\Battle.net.5134\libGLESv2.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00905216 _____ () D:\gamez\Battle.net\Battle.net.5134\platforms\qwindows.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00130048 _____ () D:\gamez\Battle.net\Battle.net.5134\libEGL.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00020992 _____ () D:\gamez\Battle.net\Battle.net.5134\imageformats\qgif.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00020992 _____ () D:\gamez\Battle.net\Battle.net.5134\imageformats\qico.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00205312 _____ () D:\gamez\Battle.net\Battle.net.5134\imageformats\qjpeg.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00225792 _____ () D:\gamez\Battle.net\Battle.net.5134\imageformats\qmng.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00312832 _____ () D:\gamez\Battle.net\Battle.net.5134\imageformats\qtiff.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00010240 _____ () D:\gamez\Battle.net\Battle.net.5134\qml\QtQuick.2\qtquick2plugin.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00054272 _____ () D:\gamez\Battle.net\Battle.net.5134\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-10-09 01:41 - 2014-10-09 01:41 - 00010240 _____ () D:\gamez\Battle.net\Battle.net.5134\qml\QtQml\Models.2\modelsplugin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: KMSEmulator => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Image Transfer Utility.lnk => C:\Windows\pss\Image Transfer Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^kostya86^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^kostya86^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: Adobe Flash Player SU => C:\Users\kostya86\AppData\Roaming\Adobe\www.adobe.com.url
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Progz\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DNS7reminder => "C:\Progz\Naurally Speaking\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\kostya86\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Officejet Pro 8600 (NET) => "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22HAT1C205KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2492114592-3282431463-4005970237-500 - Administrator - Disabled)
Guest (S-1-5-21-2492114592-3282431463-4005970237-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2492114592-3282431463-4005970237-1005 - Limited - Enabled)
kostya86 (S-1-5-21-2492114592-3282431463-4005970237-1000 - Administrator - Enabled) => C:\Users\kostya86
 
==================== Faulty Device Manager Devices =============
 
Name: ASInsHelp
Description: ASInsHelp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ASInsHelp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/06/2014 11:33:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 01:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 04:04:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 03:13:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 03:04:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 02:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SuperMeatBoy.exe, version: 0.0.0.0, time stamp: 0x4e1e9302
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x1848
Faulting application start time: 0xSuperMeatBoy.exe0
Faulting application path: SuperMeatBoy.exe1
Faulting module path: SuperMeatBoy.exe2
Report Id: SuperMeatBoy.exe3
 
Error: (09/29/2014 07:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: setup.tmp, version: 51.52.0.0, time stamp: 0x2a425e19
Faulting module name: MFC42.DLL, version: 6.6.8064.0, time stamp: 0x4d79b238
Exception code: 0xc0000005
Fault offset: 0x0000f551
Faulting process id: 0x2170
Faulting application start time: 0xsetup.tmp0
Faulting application path: setup.tmp1
Faulting module path: setup.tmp2
Report Id: setup.tmp3
 
Error: (09/29/2014 06:28:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/24/2014 07:11:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/15/2014 04:12:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/06/2014 11:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASInsHelp service failed to start due to the following error: 
%%2
 
Error: (10/06/2014 03:02:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (10/06/2014 03:02:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (10/02/2014 01:20:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASInsHelp service failed to start due to the following error: 
%%2
 
Error: (10/02/2014 01:17:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/02/2014 01:16:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/02/2014 04:03:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASInsHelp service failed to start due to the following error: 
%%2
 
Error: (10/02/2014 03:11:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASInsHelp service failed to start due to the following error: 
%%2
 
Error: (10/02/2014 03:11:06 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/02/2014 03:11:03 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (10/06/2014 11:33:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 01:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 04:04:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 03:13:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 03:04:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 02:40:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SuperMeatBoy.exe0.0.0.04e1e9302ntdll.dll6.1.7601.18247521ea8e7c000000500038e19184801cfdd6c80fbca22D:\!junk\meatboy\Super Meat Boy\SuperMeatBoy.exeC:\Windows\SysWOW64\ntdll.dllc29a6e25-495f-11e4-99b4-005056c00008
 
Error: (09/29/2014 07:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.tmp51.52.0.02a425e19MFC42.DLL6.6.8064.04d79b238c00000050000f551217001cfdc01286c125dC:\Users\kostya86\AppData\Local\Temp\is-UOA91.tmp\setup.tmpC:\Windows\system32\MFC42.DLLb739fda3-47f4-11e4-99b4-005056c00008
 
Error: (09/29/2014 06:28:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/24/2014 07:11:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/15/2014 04:12:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-09 03:49:15.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:49:15.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:49:15.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:49:15.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:48:31.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:48:31.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:46:08.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:46:08.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:46:08.752
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-09 03:46:08.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8150.19 MB
Available physical RAM: 5025.36 MB
Total Pagefile: 16298.56 MB
Available Pagefile: 12014.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:47.29 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:2794.39 GB) (Free:2163.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 96F5296E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: BD34F2F9)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
The summary.zip is attached

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 09 October 2014 - 08:23 AM

Greetings Konstantin, nice to meet you.

There is no evidence of malicious software on your computer. I can't speak to your previous experiences because I don't have any data in front of me for that. I can only deal with what we currently have.

Combofix, as well as other programs, may flag certain files not because they are purely malware related but also because they may be of lesser than malware concern (adware or junkware). The particular criteria used by these programs is not made available either to the public or within the malware community. To do so would potentially equip malware writers to circumvent what the program is created and intended to do, namely fight malware/adware/junkware.

I do want to caution you regarding the use of Peer 2 Peer software and the dangers related to it.

Please consider and complete the following for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {605A70B2-707A-493D-9F69-2DE2F409EC12} - \AmiUpdXp No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 kostya86

kostya86
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 10 October 2014 - 06:04 AM

Gary, 
 
Thanks for making me aware of the torrent threats. I don't use it too much, actually.
 
As per your request, here is the fixlog:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by kostya86 at 2014-10-09 16:51:51 Run:1
Running from C:\Users\kostya86\Desktop
Loaded Profile: kostya86 (Available profiles: kostya86)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kostya86\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {605A70B2-707A-493D-9F69-2DE2F409EC12} - \AmiUpdXp No Task File <==== ATTENTION
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCR\PROTOCOLS\Handler\vnd.ms.radio" => Key deleted successfully.
"HKCR\CLSID\{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
ASInsHelp => Service deleted successfully.
catchme => Service deleted successfully.
cleanhlp => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
"HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2492114592-3282431463-4005970237-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{605A70B2-707A-493D-9F69-2DE2F409EC12}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{605A70B2-707A-493D-9F69-2DE2F409EC12}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.
 
==== End of Fixlog ====
 
I was surprised to find that despite having Kaspersky Internet Security running at all times the EST scanner was able to find 15 infections!
 
C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000 Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
C:\Users\kostya86\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 a variant of Win32/4Shared.U potentially unwanted application deleted - quarantined
C:\Users\kostya86\Downloads\AnySendSetup.exe a variant of Win32/InstallCore.BQ potentially unwanted application deleted - quarantined
D:\!junk\downloader_turbobitua_b7f38bbd7d18120d8f840ac590cb5ecb.exe Win32/Toolbar.MailRU.A potentially unwanted application deleted - quarantined
D:\!junk\downloader_turbobitua_eb0cec1e554238db4748c9dcdadcd352.exe Win32/Toolbar.MailRU.A potentially unwanted application deleted - quarantined
D:\!junk\Fargo.S01E09.A.Fox.a.Rabbit.and.a.Cabbage.1080p.WEB-DL.DD5.1.H.264-BS[rarbg].mkv (1).exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
D:\!junk\Fargo.S01E09.A.Fox.a.Rabbit.and.a.Cabbage.1080p.WEB-DL.DD5.1.H.264-BS[rarbg].mkv.exe Win32/AdWare.1ClickDownload.AT application cleaned by deleting - quarantined
D:\!junk\KMSpico.exe a variant of Win32/InstallMonstr.Q potentially unwanted application deleted - quarantined
D:\!junk\obnovleni.exe a variant of Win32/Kryptik.CMHQ trojan cleaned by deleting - quarantined
D:\!junk\Rectify.S02E04.Donald.th...5.1.h.264-NTb[rartv].exe a variant of Win32/4Shared.U potentially unwanted application deleted - quarantined
D:\!junk\SpeedUpMyComputer.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
D:\!junk\TorchSetup-r260-n-bc.exe a variant of Win32/TorchMedia potentially unwanted application deleted - quarantined
D:\!junk\WordViewerSetup.exe Win32/InstallCore.BN potentially unwanted application deleted - quarantined
D:\!junk\ZipOpenerSetup.exe Win32/InstallCore.BN potentially unwanted application deleted - quarantined
D:\!junk\Ee??e.exe a variant of Win32/InstallMonstr.DU potentially unwanted application deleted - quarantined
 
And here's the security check output:
 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version out of Date! 
  Adobe Flash Player 14.0.0.145 Flash Player out of Date!  
 Mozilla Firefox 29.0.1 Firefox out of Date!  
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.101  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 2013 x64 wmi64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
The computer is running about the same as it was after the combofix run


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 10 October 2014 - 12:05 PM

Greetings Konstantin,

All but one of the items ESET flagged were Potentially Unwanted Applications. Those are different than malicious software. And the one file it did locate was in your D:\!junk folder, which indicates to me it is a secondary location.

You have some security vulnerabilities I would like to close. Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Update Adobe Flash Player

--------------------

Please update your Adobe Flash Player to the latest version
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Double click on the adobeflashplayer.jpg icon to launch the installation
  • If you are presented with a warning popup select "Run"
  • Once the installation is complete click "Finish"
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the updates go well
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 kostya86

kostya86
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 11 October 2014 - 03:16 PM

Hi Gary,

 

I've completed the Adobe and the Java updates. I could not, however, remove an older version of Java as I have a program that, for some reason, does not work with the newer version of Java (it's called Serviio).

 

The computer runs fine now. Given the history and everything we have done - what would your guess be as to what kind of infection the system had to begin with? 

Many thanks for your help and time



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 11 October 2014 - 03:45 PM

My pleasure to help.

It is hard for me to even speculate what the issue is. None of the files that Combofix deleted are obvious culprits. At least your web pages are loading again. :)

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 kostya86

kostya86
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 11 October 2014 - 05:06 PM

Thanks very much for your help!



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 11 October 2014 - 05:42 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 12 October 2014 - 09:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users