Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Access denied when installing Realtek Audio driver


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dragokas

Dragokas

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:07:35 PM

Posted 30 November 2014 - 11:00 AM

Hi !

 

Please, inspect my system for potential malware threats that may cause this problem.

Screenshot is attached. This a log of Process Monitor before the problem occurs, if it will help: http://dragokas.com/log/Logfile_audio.zip

 

Thanks, Alex.

 

Here is a DDS' log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.71.2
Run by Alex at 17:51:08 on 2014-11-30
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.7.1049.18.8159.5803 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\ufdsvc.exe
C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM_usr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\CNAB4RPD.EXE
C:\Program Files (x86)\Download Master\dmaster.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\MirandaFinal\miranda32.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IE 4.x-6.x BHO for Download Master: {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\Program Files (x86)\Download Master\dmiehlp.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Визуальные закладки: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - C:\Program Files (x86)\Yandex\FastDial\fastdial.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: Элементы Яндекса: {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files (x86)\Yandex\Elements\bartab.dll
TB: Элементы Яндекса: {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files (x86)\Yandex\Elements\bartab.dll
uRun: [Download Master] C:\Program Files (x86)\Download Master\dmaster.exe -autorun
uRun: [uTorrent] "C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MIRAND~1.LNK - C:\Program Files (x86)\MirandaFinal\miranda32.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Закачать ВСЕ при помощи Download Master - C:\Program Files (x86)\Download Master\dmieall.htm
IE: Закачать при помощи Download Master - C:\Program Files (x86)\Download Master\dmie.htm
IE: Передать на удаленную закачку DM - C:\Program Files (x86)\Download Master\remdown.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{BD3E75F8-264B-4F1E-8548-5B43B7A57D80} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yandex.ru/?clid=1993841
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\plugins\npdm.dll
FF - plugin: C:\Windows\npapi.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 22381473;22381473;C:\Windows\System32\drivers\22381473.sys [2014-11-2 458336]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-5-27 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-5-27 178272]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-30 1149760]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-30 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-9-30 133800]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-30 1796928]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-11-30 19821376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-30 409800]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-21 5024576]
R2 USBDLM;USBDLM;C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM.exe [2014-11-20 409552]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-5-27 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2014-5-27 29280]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-11-30 20800]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-30 38216]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
S2 AmmyyAdmin_1410;AmmyyAdmin_1410;"C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch --> C:\Users\Alex\Desktop\AA_v3.exe [?]
S2 AmmyyAdmin_280;AmmyyAdmin_280;"C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch --> C:\Users\Alex\Desktop\AA_v3.exe [?]
S2 AmmyyAdmin_BF8;AmmyyAdmin_BF8;"C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch --> C:\Users\Alex\Desktop\AA_v3.exe [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2014-5-27 214512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-11-1 13234176]
S3 FilterMon;FilterMon;P:\Программы_Systematic\Программирование\Reverse, Identifier\File Monitor\FilterMon\x86\FilterMon.sys [2014-11-23 33000]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-30 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-30 19456]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 12288]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]
S3 WinRing0_1_2_0;WinRing0_1_2_0;P:\Программы_Systematic\Информационные\Мониторинг\RealTemp_360\WinRing0x64.sys [2011-8-15 14544]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-11-24 115296]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-11-30 15:29:35 7168 -c--a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-11-30 15:29:35 7168 -c--a-w- C:\Windows\System32\KBDYAK.DLL
2014-11-30 15:29:35 7168 -c--a-w- C:\Windows\System32\KBDBASH.DLL
2014-11-30 15:29:35 6656 -c--a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-11-30 15:25:45 -------- d-sh--w- C:\Users\Alex\AppData\Local\EmieBrowserModeList
2014-11-30 15:25:28 260696 ----a-w- C:\Windows\System32\unrar64.dll
2014-11-30 15:10:10 -------- d-----w- C:\Users\Alex\AppData\Local\NVIDIA Corporation
2014-11-30 15:09:05 -------- d-----w- C:\Users\Alex\AppData\Local\NVIDIA
2014-11-30 15:07:55 74056 ----a-w- C:\Windows\System32\OpenCL.dll
2014-11-30 15:01:36 190464 ----a-w- C:\Windows\PAExec.exe
2014-11-30 14:06:13 3072 -c--a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2014-11-30 14:05:16 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-11-30 13:06:58 5120 ----a-w- C:\Windows\System32\drivers\en-US\fltmgr.sys.mui
2014-11-29 23:38:44 2777088 -c--a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-29 23:38:44 2285056 -c--a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-29 23:38:14 99480 -c--a-w- C:\Windows\SysWow64\infocardapi.dll
2014-11-29 23:38:14 619672 -c--a-w- C:\Windows\SysWow64\icardagt.exe
2014-11-29 23:38:14 171160 -c--a-w- C:\Windows\System32\infocardapi.dll
2014-11-29 23:38:14 1389208 -c--a-w- C:\Windows\System32\icardagt.exe
2014-11-29 23:38:13 8856 -c--a-w- C:\Windows\SysWow64\icardres.dll
2014-11-29 23:38:13 8856 -c--a-w- C:\Windows\System32\icardres.dll
2014-11-29 23:38:11 35480 -c--a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-11-29 23:38:11 35480 -c--a-w- C:\Windows\System32\TsWpfWrp.exe
2014-11-29 23:36:58 81560 -c--a-w- C:\Windows\SysWow64\mscories.dll
2014-11-29 23:35:50 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-11-29 23:34:24 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{207CB5E6-4E19-4C80-8257-9573B61FC5C2}\mpengine.dll
2014-11-29 23:33:28 504320 -c--a-w- C:\Windows\System32\msihnd.dll
2014-11-29 23:33:28 337408 -c--a-w- C:\Windows\SysWow64\msihnd.dll
2014-11-29 23:33:28 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-11-29 23:33:28 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-11-29 23:33:28 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-11-29 23:33:28 1805824 -c--a-w- C:\Windows\SysWow64\authui.dll
2014-11-29 23:33:28 112064 -c--a-w- C:\Windows\System32\consent.exe
2014-11-29 23:23:31 -------- d-----w- C:\NVIDIA
2014-11-29 23:13:48 757760 ------w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe2D8C.tmp
2014-11-29 23:13:48 5632 ------w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\Dot2D9C.tmp
2014-11-29 23:11:28 -------- d-----w- C:\Intel
2014-11-29 23:08:54 16896 ----a-w- C:\Windows\AsTaskSched.dll
2014-11-29 23:08:54 -------- d-----w- C:\Windows\Intel_Chipset_XPVistaWin7_VER9301019
2014-11-29 23:08:50 296320 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2014-11-29 22:54:25 -------- d--h--w- C:\Program Files (x86)\Temp
2014-11-29 16:17:46 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-11-29 16:17:46 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-11-26 22:04:44 13312 ----a-w- C:\Windows\SysWow64\drivers\vdm5odgy.sys
2014-11-24 18:52:05 -------- d-----w- C:\Users\Alex\AppData\Roaming\R-TT
2014-11-24 18:51:40 -------- d-----w- C:\Program Files (x86)\R-Studio
2014-11-24 18:45:08 -------- d-----w- C:\Program Files (x86)\HD Tune Pro
2014-11-24 18:43:02 -------- d-----w- C:\Program Files (x86)\Restorer2000 Pro
2014-11-24 18:03:49 110176 ----a-w- C:\Windows\System32\klfphc.dll
2014-11-24 18:03:43 -------- d-----w- C:\Windows\ELAMBKUP
2014-11-24 18:03:41 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-11-24 18:03:39 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-11-20 21:53:36 551 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiHidden\Не открывать проводник после лечения флешки.cmd
2014-11-20 21:53:36 10744 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiHidden\Удалить AntiHidden.vbs
2014-11-20 21:53:36 -------- d-----w- C:\Users\Alex\AppData\Roaming\AntiHidden
2014-11-18 19:09:24 -------- d-----w- C:\Program Files (x86)\Common Files\Enterbrain
2014-11-18 19:08:55 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2014-11-18 19:08:13 -------- d-----w- C:\Program Files (x86)\Enterbrain
2014-11-11 18:22:13 -------- d-----r- C:\Users\Alex\Dropbox
2014-11-11 18:19:12 -------- d-----w- C:\Users\Alex\AppData\Roaming\Dropbox
2014-11-09 20:08:47 -------- d-----w- C:\Users\Alex\AppData\Local\IsolatedStorage
2014-11-09 20:08:47 -------- d-----w- C:\Users\Alex\AppData\Local\HockeyCrashes
2014-11-09 13:03:05 -------- d-----w- C:\Users\Alex\AppData\Roaming\FlashFXP
2014-11-09 13:03:05 -------- d-----w- C:\ProgramData\FlashFXP
2014-11-09 09:14:37 18 ----a-w- C:\Users\Alex\1.bat
2014-11-08 22:04:16 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-11-08 22:04:16 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-11-08 13:46:53 -------- d-----w- C:\ProgramData\{7208DF9D-6E39-4967-B7FA-59BE8909B69D}
2014-11-02 21:37:38 458336 ----a-w- C:\Windows\System32\drivers\22381473.sys
2014-11-01 22:45:48 -------- d-----w- C:\Users\Alex\AppData\Roaming\Durbetsel 7.2
2014-11-01 22:45:19 -------- dc-h--w- C:\ProgramData\{982ADA31-085E-44CB-A4A8-44EA6B352FBB}
2014-10-31 22:22:23 32435 ----a-w- C:\ProgramData\1414794124.bdinstall.bin
.
==================== Find3M  ====================
.
2014-11-29 23:48:57 793600 -c--a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-11-29 23:48:57 1031168 -c--a-w- C:\Windows\System32\TSWorkspace.dll
2014-11-29 23:46:29 73880 -c--a-w- C:\Windows\System32\mscories.dll
2014-11-29 23:46:29 1943696 -c--a-w- C:\Windows\System32\dfshim.dll
2014-11-29 23:46:29 156824 -c--a-w- C:\Windows\SysWow64\mscorier.dll
2014-11-29 23:46:29 156312 -c--a-w- C:\Windows\System32\mscorier.dll
2014-11-29 23:46:29 1131664 -c--a-w- C:\Windows\SysWow64\dfshim.dll
2014-11-29 23:45:53 683520 -c--a-w- C:\Windows\System32\termsrv.dll
2014-11-29 23:45:53 681984 -c--a-w- C:\Windows\SysWow64\adtschema.dll
2014-11-29 23:45:53 681984 -c--a-w- C:\Windows\System32\adtschema.dll
2014-11-29 23:45:53 146432 -c--a-w- C:\Windows\SysWow64\msaudite.dll
2014-11-29 23:45:53 146432 -c--a-w- C:\Windows\System32\msaudite.dll
2014-11-29 23:45:34 2565120 -c--a-w- C:\Windows\System32\d3d10warp.dll
2014-11-29 23:43:03 519680 -c--a-w- C:\Windows\SysWow64\qdvd.dll
2014-11-29 23:43:03 371712 -c--a-w- C:\Windows\System32\qdvd.dll
2014-11-29 23:42:54 878080 -c--a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-29 23:42:54 701440 -c--a-w- C:\Windows\SysWow64\IMJP10K.DLL
2014-11-29 23:42:46 985536 -c--a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-11-29 23:42:37 550912 -c--a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-29 23:42:37 186880 -c--a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-29 23:42:37 155064 -c--a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-29 23:42:24 442880 -c--a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-11-29 23:42:24 374784 -c--a-w- C:\Windows\SysWow64\AudioEng.dll
2014-11-29 23:42:24 284672 -c--a-w- C:\Windows\System32\EncDump.dll
2014-11-29 23:42:17 3179520 -c--a-w- C:\Windows\System32\rdpcorets.dll
2014-11-29 23:42:08 2048 -c--a-w- C:\Windows\SysWow64\tzres.dll
2014-11-29 23:42:08 2048 -c--a-w- C:\Windows\System32\tzres.dll
2014-11-29 23:41:47 424448 -c--a-w- C:\Windows\System32\rastls.dll
2014-11-29 23:41:47 372736 -c--a-w- C:\Windows\SysWow64\rastls.dll
2014-11-29 23:39:12 65536 -c--a-w- C:\Windows\SysWow64\TSpkg.dll
2014-11-29 23:39:12 172032 -c--a-w- C:\Windows\SysWow64\wdigest.dll
2014-11-29 23:39:02 77824 -c--a-w- C:\Windows\System32\packager.dll
2014-11-29 23:39:02 67584 -c--a-w- C:\Windows\SysWow64\packager.dll
2014-11-29 23:38:58 39936 -c--a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-11-29 23:38:58 212480 -c--a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-11-29 23:38:58 150528 -c--a-w- C:\Windows\System32\rdpcorekmts.dll
2014-11-29 23:38:50 3198976 -c--a-w- C:\Windows\System32\win32k.sys
2014-11-29 23:38:36 6584320 -c--a-w- C:\Windows\System32\mstscax.dll
2014-11-29 23:38:36 5703168 -c--a-w- C:\Windows\SysWow64\mstscax.dll
2014-11-29 23:27:17 97792 -c--a-w- C:\Windows\System32\wudriver.dll
2014-11-29 23:27:17 92672 -c--a-w- C:\Windows\SysWow64\wudriver.dll
2014-11-29 23:14:39 36864 -c--a-w- C:\Windows\System32\wuapp.exe
2014-11-29 23:14:39 33792 -c--a-w- C:\Windows\SysWow64\wuapp.exe
2014-11-29 23:14:39 198600 -c--a-w- C:\Windows\System32\wuwebv.dll
2014-11-29 23:14:39 179656 -c--a-w- C:\Windows\SysWow64\wuwebv.dll
2014-11-29 23:14:38 2620928 -c--a-w- C:\Windows\System32\wucltux.dll
2014-11-26 20:39:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 20:39:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 12:04:56 275080 ----a-w- C:\Windows\System32\MpSigStub.exe
2014-11-23 02:01:19 267776 ----a-w- C:\Windows\SysWow64\mscomctl32.oca
2014-11-17 22:18:52 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-11-17 22:18:52 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-11-17 22:18:52 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-11-17 20:02:44 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-11-17 20:02:44 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-11-17 20:02:31 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-11-17 20:02:31 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-11-12 21:56:45 6897352 ----a-w- C:\Windows\System32\nvcpl.dll
2014-11-12 21:56:45 3534152 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-11-12 21:56:42 934032 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-11-12 21:56:42 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-11-12 21:56:42 386368 ----a-w- C:\Windows\System32\nvmctray.dll
2014-11-12 21:56:42 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-11-12 20:46:11 615624 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-11-11 10:29:54 4100776 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-03 12:39:16 218712 ----a-w- C:\Windows\SysWow64\unrar.dll
2014-10-23 20:11:20 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-23 20:03:38 50033 ----a-w- C:\ProgramData\1414094593.bdinstall.bin
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-04 18:36:55 122584 ----a-w- C:\Windows\System32\drivers\49986C93.sys
2014-10-04 18:36:20 122584 ----a-w- C:\Windows\System32\drivers\48230029.sys
2014-10-03 19:23:02 38216 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-10-03 19:23:02 35144 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-10-03 19:23:00 32584 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-30 20:07:36 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-09-30 20:02:18 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-09-30 20:02:18 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-09-27 10:21:37 30 ----a-w- C:\Users\Alex\1.vbs
2014-09-24 14:59:29 426 ----a-w- C:\Windows\System32\Console_CU.reg
2014-09-19 21:09:11 18 ----a-w- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
.
============= FINISH: 17:51:18.05 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Dragokas

Dragokas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:07:35 PM

Posted 04 December 2014 - 02:28 PM

Still actual. Response to instructions.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 05 December 2014 - 08:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If you are installing this driver from the original CD it may just be that the CD is corrupted.

If the installation file was downloaded from the net it might be that the download failed.
Try again.

===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 Dragokas

Dragokas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:07:35 PM

Posted 05 December 2014 - 01:55 PM

Hi, nasdaq !

Thanks for your help.

 

Driver has no corruption. I had the same problem with clear installation of Nvidia driver (code 5),

but "Display Driver Uninstaller" helped me.

 

I suspect some system files has wrong DACL. Anyway, I tried to reset permissions through the Safe mode. But, there are still no effect.

 

Here is Farbar log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Alex (administrator) on ALEX-PC on 05-12-2014 20:34:58
Running from C:\Users\Alex\Desktop
Loaded Profile: Alex (Available profiles: Alex & Гость)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Russian (Russia)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files\FERRO Software\FtpUse\mounter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Generic) C:\Windows\SysWOW64\ufdsvc.exe
(Uwe Sieber - www.uwe-sieber.de) C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(Uwe Sieber - www.uwe-sieber.de) C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM_usr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(WestByte) C:\Program Files (x86)\Download Master\dmaster.exe
(BitTorrent Inc.) C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Miranda NG Team) C:\Program Files (x86)\MirandaFinal\miranda32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Ghisler Software GmbH) C:\kITPPP\TC\TOTALCMD64.EXE
(SmartSoft Ltd.) C:\Program Files\SmartFTP Client\SmartFTP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\...\Run: [Download Master] => C:\Program Files (x86)\Download Master\dmaster.exe [5032224 2014-03-21] (WestByte)
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\...\Run: [uTorrent] => C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22057568 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\...\MountPoints2: {1ce13e19-c192-11e3-8726-f46d04e31126} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\...\MountPoints2: {23e2cb2a-b4c1-11e3-9a51-f46d04e31126} - F:\setup.exe
AppInit_DLLs: 123 => 123 File Not Found
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM Final Pack.lnk
ShortcutTarget: Miranda IM Final Pack.lnk -> C:\Program Files (x86)\MirandaFinal\miranda32.exe (Miranda NG Team)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll (SmartSoft Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?ocid=iehp
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBA5DBCE212BECE01
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ru
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files (x86)\Download Master\dmiehlp.dll (WestByte)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> C:\Program Files (x86)\Yandex\FastDial\fastdial.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Элементы Яндекса - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files (x86)\Yandex\Elements\bartab.dll ()
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
Toolbar: HKU\S-1-5-21-2757108031-2077976367-87274058-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2757108031-2077976367-87274058-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default
FF NewTab: yafd:tabs
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.yandex.ru/?clid=1993841
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @alawar.com/npapi -> C:\Windows\npapi.dll (Alawar)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3182\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\searchplugins\yandex.ru-123941.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\searchplugins\yandex.ru-201040.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\searchplugins\yandex.ru-211740.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\searchplugins\yandex.ru-212614.xml
FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\searchplugins\ybqs-yandex.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex.xml
FF Extension: Download Master Toolbar - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\dmbarff@westbyte.com [2014-02-17]
FF Extension: Download Master Media Monitor - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\dmmm@westbyte.com [2014-02-17]
FF Extension: Download Master Plugin - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\dmpluginff@westbyte.com [2014-02-17]
FF Extension: Download Master Remote Download - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\dmremote@westbyte.com [2014-02-17]
FF Extension: Візуальныя закладкі - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\vb@yandex.ru [2014-04-09]
FF Extension: Кампанент &quot;Элементы Яндекса&quot; - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\yasearch@yandex.ru [2014-09-05]
FF Extension: WOT - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-14]
FF Extension: Malware Search - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8nto4tsi.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2014-01-12]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-11-24]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yandex.ru/?win=107&clid=1993841
CHR StartupUrls: Default -> "hxxp://www.yandex.ru/?win=107&clid=1993841"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-30]
CHR Extension: (Kaspersky Protection) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-11-25]
CHR Extension: (Search and Replace) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldchfkhmnkoimaciljpilanilmbnofo [2014-06-27]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (Download Master) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfanjejklfmnldbbclpocdbceaeemkn [2013-10-08]
CHR Extension: (Safe Money) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-11-25]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-11-25]
CHR Extension: (Virtual Keyboard) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-11-25]
CHR Extension: (AS Magic Player) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-09-30]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR Extension: (Anti-Banner) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-11-25]
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Презентации) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-03]
CHR Extension: (Документы Google) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-03]
CHR Extension: (Диск Google) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-03]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-03]
CHR Extension: (Поиск Google) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-03]
CHR Extension: (Download Master) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ehfanjejklfmnldbbclpocdbceaeemkn [2014-11-03]
CHR Extension: (Google Таблицы) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-03]
CHR Extension: (Magic Player) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpckgflgdapkpabemgkielbefdildaio [2014-11-03]
CHR Extension: (Google Кошелек) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-03]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [ehfanjejklfmnldbbclpocdbceaeemkn] - C:\Program Files (x86)\Download Master\dm_chrome.crx [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Alex\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-05-27]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Enterprise\mpoe.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-05-27] (Kaspersky Lab ZAO)
R2 DokanMounter; C:\Program Files\FERRO Software\FtpUse\mounter.exe [25088 2011-02-04] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
S4 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-09-30] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 UFDSVC; C:\Windows\SysWOW64\ufdsvc.exe [69632 2006-02-15] (Generic) [File not signed]
R2 USBDLM; C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM.exe [409552 2014-11-10] (Uwe Sieber - www.uwe-sieber.de) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-10-31] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] () [File not signed]
S2 AmmyyAdmin_1410; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S2 AmmyyAdmin_280; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S2 AmmyyAdmin_BF8; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S3 SbieSvc; C:\\Users\\Alex\\Desktop\\Sandboxie-portable\\Sandboxie\\SbieSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 22381473; C:\Windows\System32\DRIVERS\22381473.sys [458336 2014-11-02] (Kaspersky Lab ZAO)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-21] () [File not signed]
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-14] () [File not signed]
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-14] () [File not signed]
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] () [File not signed]
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] () [File not signed]
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] () [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-03-11] () [File not signed]
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] () [File not signed]
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] () [File not signed]
R3 AthDfu; C:\Windows\System32\Drivers\AthDfu.sys [55336 2010-05-31] () [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] () [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] () [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [File not signed]
S3 Compbatt; C:\Windows\system32\drivers\compbatt.sys [21584 2009-07-14] () [File not signed]
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] () [File not signed]
S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [71168 2010-11-21] () [File not signed]
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-02-04] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-26] () [File not signed]
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c62x64.sys [313520 2010-09-21] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] () [File not signed]
S3 FilterMon; P:\Программы_Systematic\Программирование\Reverse, Identifier\File Monitor\FilterMon\x86\FilterMon.sys [33000 2009-10-20] (Daniel Pistelli) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2010-02-03] () [File not signed]
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [52376 2012-10-11] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] () [File not signed]
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [438808 2010-11-05] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed]
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] () [File not signed]
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2536040 2010-11-02] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [File not signed]
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-27] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-05-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-05-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-05-27] (Kaspersky Lab ZAO)
R3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2013-12-11] () [File not signed]
S4 LMIRfsClientNP; No ImagePath
R2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [72216 2013-12-11] () [File not signed]
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] () [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-19] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 mv91cons; C:\Windows\System32\DRIVERS\mv91cons.sys [24880 2010-11-22] () [File not signed]
R0 mv91xx; C:\Windows\System32\DRIVERS\mv91xx.sys [303408 2010-11-22] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] () [File not signed]
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 Revoflt; C:\Windows\System32\DRIVERS\revoflt.sys [31800 2009-12-30] () [File not signed]
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-22] () [File not signed]
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [65688 2013-03-12] () [File not signed]
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [539240 2011-06-10] () [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-21] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-25] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-21] () [File not signed]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-21] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
S3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [88960 2010-11-21] () [File not signed]
S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [29696 2012-08-23] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] () [File not signed]
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
S1 vdm5odgy; C:\Windows\SysWOW64\Drivers\vdm5odgy.sys [13312 2014-11-27] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [199552 2010-11-21] () [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-21] () [File not signed]
R0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [85104 2012-10-24] () [File not signed]
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [20120 2012-11-01] () [File not signed]
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [45720 2012-11-01] () [File not signed]
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [30360 2012-11-01] () [File not signed]
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [37680 2012-10-11] () [File not signed]
R2 vmx86; C:\Windows\system32\drivers\vmx86.sys [67224 2012-11-01] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
S3 WinRing0_1_2_0; P:\Программы_Systematic\Информационные\Мониторинг\RealTemp_360\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S2 am7pro; \??\C:\Program Files (x86)\ArtMoney Pro\am74064.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MMPSY; \??\C:\Users\Alex\AppData\Local\Temp\mmpsy64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-05 20:34 - 2014-12-05 20:35 - 00040779 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-12-05 20:34 - 2014-12-05 20:34 - 02117632 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-12-05 20:07 - 2014-12-05 20:07 - 00075176 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.12.05-10.50.zip
2014-12-05 20:06 - 2014-12-05 20:06 - 00077022 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.12.03-19.05 (1).zip
2014-12-05 20:05 - 2014-12-05 20:05 - 00077022 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.12.03-19.05.zip
2014-12-05 00:11 - 2014-12-05 00:12 - 00000523 _____ () C:\Users\Alex\Desktop\VBS Locale name.txt
2014-12-04 22:58 - 2014-12-04 22:58 - 00007348 _____ () C:\Users\Alex\Desktop\SetThreadLocale.txt
2014-12-04 21:21 - 2014-12-04 21:21 - 00019017 _____ () C:\Users\Alex\Downloads\DDS.virus.txt
2014-12-04 21:00 - 2014-12-04 21:00 - 00160631 _____ () C:\Users\Alex\Downloads\sfcdoc.log
2014-12-04 20:24 - 2014-12-04 20:24 - 00001347 _____ () C:\Users\Alex\Downloads\Report.zip
2014-12-04 01:18 - 2014-12-04 01:18 - 00099809 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.12.02-17.52.zip
2014-12-01 23:49 - 2014-12-01 23:49 - 02091520 _____ (Conner Bernhard) C:\Users\Alex\Downloads\NetAdapterRepair1.2.exe
2014-12-01 22:29 - 2014-12-01 22:29 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\MPC-HC
2014-12-01 22:11 - 2014-12-01 22:11 - 00000006 _____ () C:\Users\Alex\test
2014-12-01 01:20 - 2008-01-17 01:16 - 01630208 _____ () C:\Windows\SysWOW64\RGSS104E.dll
2014-12-01 01:00 - 2014-12-04 21:45 - 00000000 ____D () C:\Users\Alex\Documents\RPGVX2
2014-11-30 23:33 - 2014-11-30 23:33 - 00002659 _____ () C:\Users\Public\Desktop\SmartFTP Client.lnk
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 ____D () C:\Windows\System32\Tasks\SmartFTP
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\SmartFTP
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client
2014-11-30 23:33 - 2014-11-30 23:33 - 00000000 ____D () C:\Program Files\SmartFTP Client
2014-11-30 23:32 - 2014-11-30 23:32 - 22414456 _____ (SmartSoft Ltd) C:\Users\Alex\Downloads\SFTPMSI.exe
2014-11-30 23:32 - 2014-11-30 23:32 - 06126536 _____ (Tim Kosse) C:\Users\Alex\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-30 22:57 - 2011-02-04 16:23 - 00120408 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dokan.sys
2014-11-30 21:56 - 2014-11-30 22:57 - 00000000 ____D () C:\Program Files\FERRO Software
2014-11-30 18:25 - 2014-12-01 23:49 - 00000000 ____D () C:\Users\Alex\Desktop\tools
2014-11-30 18:24 - 2014-11-30 18:25 - 00000000 ____D () C:\Users\Alex\Desktop\Bleeping cure
2014-11-30 17:31 - 2014-11-30 17:31 - 00408584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-30 17:29 - 2014-11-30 17:29 - 00419992 ____C () C:\Windows\SysWOW64\locale.nls
2014-11-30 17:29 - 2014-11-30 17:29 - 00419992 ____C () C:\Windows\system32\locale.nls
2014-11-30 17:29 - 2014-11-30 17:29 - 00007168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00007168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00007168 ____C (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00007168 ____C (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00007168 ____C (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00007168 ____C (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00006656 ____C (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00006656 ____C (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00006656 ____C (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-30 17:29 - 2014-11-30 17:29 - 00006656 ____C (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-30 17:25 - 2014-11-30 17:25 - 00003672 _____ () C:\Windows\System32\Tasks\klcp_update
2014-11-30 17:25 - 2014-11-30 17:25 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieBrowserModeList
2014-11-30 17:25 - 2014-11-30 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-11-30 17:25 - 2014-06-14 16:03 - 00260696 _____ () C:\Windows\system32\unrar64.dll
2014-11-30 17:13 - 2014-12-05 19:30 - 00002128 _____ () C:\Windows\setupact.log
2014-11-30 17:13 - 2014-11-30 17:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-30 17:10 - 2014-11-30 17:13 - 00000000 ____D () C:\Users\Alex\AppData\Local\NVIDIA Corporation
2014-11-30 17:09 - 2014-11-30 17:09 - 00000000 ____D () C:\Users\Alex\AppData\Local\NVIDIA
2014-11-30 17:08 - 2014-12-05 19:30 - 00000000 ____D () C:\Users\Все пользователи\NVIDIA
2014-11-30 17:08 - 2014-12-05 19:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-30 17:08 - 2014-11-30 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-30 17:08 - 2014-11-30 17:08 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-30 17:08 - 2014-11-17 22:02 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-30 17:08 - 2014-11-17 22:02 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-30 17:08 - 2014-11-17 22:02 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-30 17:08 - 2014-11-17 22:02 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-30 17:08 - 2014-11-12 23:56 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-30 17:08 - 2014-11-12 23:56 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-30 17:08 - 2014-11-12 23:56 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-30 17:08 - 2014-11-12 23:56 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-30 17:08 - 2014-11-12 23:56 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-30 17:08 - 2014-11-12 23:56 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-30 17:08 - 2014-11-12 22:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-30 17:08 - 2014-11-11 12:29 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-30 17:07 - 2014-11-30 17:10 - 00000000 ____D () C:\Users\Все пользователи\NVIDIA Corporation
2014-11-30 17:07 - 2014-11-30 17:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-30 17:07 - 2014-11-30 17:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-30 17:07 - 2014-11-30 17:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-30 17:07 - 2014-11-18 00:18 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-30 17:07 - 2014-11-18 00:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-30 17:07 - 2014-11-18 00:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-30 17:07 - 2014-11-13 02:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00059592 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-30 17:07 - 2014-11-13 02:20 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-30 17:07 - 2014-10-03 21:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-30 17:07 - 2014-10-03 21:23 - 00035144 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-30 17:07 - 2014-10-03 21:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-30 17:01 - 2014-11-30 17:03 - 00190464 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2014-11-30 15:44 - 2014-11-30 15:44 - 00000000 ____D () C:\Users\Alex\Downloads\Àðõèâû
2014-11-30 15:13 - 2014-11-30 15:13 - 00014006 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (68).log
2014-11-30 15:08 - 2014-11-30 15:08 - 00796592 _____ () C:\Users\Alex\Downloads\Regin.rar
2014-11-30 01:38 - 2014-11-30 01:38 - 02777088 ____C (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-30 01:38 - 2014-11-30 01:38 - 02285056 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-30 01:38 - 2014-11-30 01:38 - 01389208 ____C (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-30 01:38 - 2014-11-30 01:38 - 00619672 ____C (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-30 01:38 - 2014-11-30 01:38 - 00171160 ____C (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-30 01:38 - 2014-11-30 01:38 - 00099480 ____C (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-30 01:38 - 2014-11-30 01:38 - 00035480 ____C (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-30 01:38 - 2014-11-30 01:38 - 00035480 ____C (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-30 01:38 - 2014-11-30 01:38 - 00008856 ____C (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-30 01:38 - 2014-11-30 01:38 - 00008856 ____C (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-30 01:37 - 2014-11-30 01:45 - 00683520 ____C (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-30 01:37 - 2014-11-30 01:45 - 00681984 ____C (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-30 01:37 - 2014-11-30 01:45 - 00681984 ____C (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-30 01:37 - 2014-11-30 01:45 - 00146432 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-30 01:37 - 2014-11-30 01:45 - 00146432 ____C (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 06040064 ____C (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 02724864 ____C (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-30 01:37 - 2014-11-30 01:44 - 02124288 ____C (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-30 01:37 - 2014-11-30 01:44 - 02051072 ____C (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-30 01:37 - 2014-11-30 01:44 - 01359360 ____C (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 01155072 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00968704 ____C (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-30 01:37 - 2014-11-30 01:44 - 00814080 ____C (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00800768 ____C (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00799232 ____C (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00716800 ____C (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-30 01:37 - 2014-11-30 01:44 - 00688640 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00624128 ____C (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00620032 ____C (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00580096 ____C (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00509440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00490496 ____C (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00418304 ____C (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00388272 ____C (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00341168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00316928 ____C (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00285696 ____C (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00199680 ____C (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00168960 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00144384 ____C (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-30 01:37 - 2014-11-30 01:44 - 00115712 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-30 01:37 - 2014-11-30 01:44 - 00114688 ____C (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-30 01:37 - 2014-11-30 01:44 - 00092160 ____C (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00088064 ____C (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00077824 ____C (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00076288 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00066560 ____C (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00064000 ____C (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00062464 ____C (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00060416 ____C (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00054784 ____C (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00048640 ____C (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00047616 ____C (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00047104 ____C (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00034304 ____C (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00030720 ____C (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-30 01:37 - 2014-11-30 01:44 - 00004096 ____C (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-30 01:37 - 2014-11-30 01:38 - 00212480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-30 01:37 - 2014-11-30 01:38 - 00150528 ____C (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-30 01:37 - 2014-11-30 01:38 - 00039936 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-30 01:37 - 2014-11-06 06:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-30 01:37 - 2014-11-06 05:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-30 01:37 - 2014-11-06 05:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-30 01:37 - 2014-11-06 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-30 01:37 - 2014-11-06 05:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-30 01:37 - 2014-11-06 05:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-30 01:37 - 2014-11-06 05:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-30 01:37 - 2014-11-06 05:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-30 01:37 - 2014-11-06 04:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-30 01:37 - 2014-11-06 04:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-30 01:37 - 2014-11-06 04:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-30 01:37 - 2014-11-06 04:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-30 01:37 - 2014-11-06 04:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-30 01:37 - 2014-11-06 03:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-30 01:37 - 2014-11-06 03:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-30 01:37 - 2014-11-06 03:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-30 01:37 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-30 01:37 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-30 01:37 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-30 01:36 - 2014-11-30 01:46 - 01943696 ____C (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-30 01:36 - 2014-11-30 01:46 - 01131664 ____C (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-30 01:36 - 2014-11-30 01:46 - 00156824 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-30 01:36 - 2014-11-30 01:46 - 00156312 ____C (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-30 01:36 - 2014-11-30 01:46 - 00081560 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-30 01:36 - 2014-11-30 01:46 - 00073880 ____C (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-30 01:36 - 2014-11-30 01:44 - 01237504 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-30 01:36 - 2014-11-30 01:44 - 00692736 ____C (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-11-30 01:36 - 2014-11-30 01:44 - 00646144 ____C (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-11-30 01:36 - 2014-11-30 01:44 - 00497152 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-11-30 01:36 - 2014-11-30 01:44 - 00002048 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-30 01:36 - 2014-11-30 01:44 - 00002048 ____C (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-30 01:36 - 2014-11-30 01:42 - 03179520 ____C (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-30 01:36 - 2014-11-30 01:42 - 00985536 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-30 01:36 - 2014-11-30 01:42 - 00550912 ____C (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-30 01:36 - 2014-11-30 01:42 - 00186880 ____C (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-30 01:36 - 2014-11-30 01:42 - 00155064 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-30 01:36 - 2014-11-30 01:42 - 00002048 ____C (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-30 01:36 - 2014-11-30 01:42 - 00002048 ____C (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-30 01:36 - 2014-11-30 01:41 - 00424448 ____C (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-30 01:36 - 2014-11-30 01:41 - 00372736 ____C (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-30 01:36 - 2014-11-11 05:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-30 01:36 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-30 01:36 - 2014-10-14 04:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-30 01:36 - 2014-10-14 03:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-30 01:36 - 2014-10-14 03:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-30 01:36 - 2014-08-21 08:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-30 01:35 - 2014-11-30 01:48 - 01031168 ____C (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-30 01:35 - 2014-11-30 01:48 - 00793600 ____C (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-30 01:35 - 2014-11-30 01:45 - 02565120 ____C (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-30 01:35 - 2014-11-30 01:43 - 00519680 ____C (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-30 01:35 - 2014-11-30 01:43 - 00371712 ____C (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-30 01:35 - 2014-11-30 01:42 - 00878080 ____C (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-30 01:35 - 2014-11-30 01:42 - 00701440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-30 01:35 - 2014-11-30 01:42 - 00442880 ____C (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-30 01:35 - 2014-11-30 01:42 - 00374784 ____C (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-30 01:35 - 2014-11-30 01:42 - 00284672 ____C (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-30 01:35 - 2014-11-30 01:39 - 00172032 ____C (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-30 01:35 - 2014-11-30 01:39 - 00077824 ____C (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-30 01:35 - 2014-11-30 01:39 - 00067584 ____C (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-30 01:35 - 2014-11-30 01:39 - 00065536 ____C (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-30 01:35 - 2014-11-30 01:38 - 06584320 ____C (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-30 01:35 - 2014-11-30 01:38 - 05703168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-30 01:35 - 2014-11-30 01:38 - 03198976 ____C (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-30 01:35 - 2014-11-30 01:37 - 00000743 _____ () C:\Users\Alex\Desktop\Links.txt
2014-11-30 01:35 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-30 01:35 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-30 01:35 - 2014-10-03 04:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-30 01:35 - 2014-10-03 04:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-30 01:35 - 2014-10-03 04:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-30 01:35 - 2014-10-03 04:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-30 01:35 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-30 01:35 - 2014-09-19 11:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-30 01:35 - 2014-09-19 11:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-30 01:35 - 2014-09-19 11:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-30 01:35 - 2014-09-19 11:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-30 01:35 - 2014-09-19 11:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-30 01:35 - 2014-09-19 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-30 01:35 - 2014-09-19 11:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-30 01:35 - 2014-09-19 11:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-30 01:35 - 2014-09-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-30 01:35 - 2014-09-19 11:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-30 01:35 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-30 01:35 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-30 01:35 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-30 01:35 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-30 01:35 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-30 01:35 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-30 01:35 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-30 01:33 - 2014-11-30 01:38 - 01805824 ____C (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-30 01:33 - 2014-11-30 01:38 - 00504320 ____C (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-30 01:33 - 2014-11-30 01:38 - 00337408 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-30 01:33 - 2014-11-30 01:38 - 00112064 ____C (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-30 01:33 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-30 01:33 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-30 01:33 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-30 01:26 - 2014-11-30 01:26 - 00000000 _____ () C:\Users\Alex\Desktop\Новый точечный рисунок.bmp
2014-11-30 01:25 - 2014-11-30 01:30 - 00000000 ____D () C:\Users\Alex\Desktop\ShortCuts
2014-11-30 01:23 - 2014-11-30 01:23 - 00000000 ____D () C:\NVIDIA
2014-11-30 01:11 - 2014-11-30 01:11 - 00000000 ____D () C:\Intel
2014-11-30 01:08 - 2014-11-30 01:08 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2014-11-30 01:08 - 2014-11-30 01:08 - 00000000 ____D () C:\Windows\Intel_Chipset_XPVistaWin7_VER9301019
2014-11-30 01:08 - 2011-02-25 08:25 - 00296320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-30 01:06 - 2014-11-30 01:27 - 00581600 ____C (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-30 01:06 - 2014-11-30 01:27 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-30 01:06 - 2014-11-30 01:27 - 00092672 ____C (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-30 01:06 - 2014-11-30 01:27 - 00038880 ____C (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-30 01:06 - 2014-11-30 01:27 - 00036320 ____C (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-30 01:06 - 2014-11-30 01:14 - 02620928 ____C (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-30 01:06 - 2014-11-30 01:14 - 00198600 ____C (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-30 01:06 - 2014-11-30 01:14 - 00179656 ____C (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-30 01:06 - 2014-11-30 01:14 - 00058336 ____C (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-30 01:06 - 2014-11-30 01:14 - 00044512 ____C (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-30 01:06 - 2014-11-30 01:14 - 00036864 ____C (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-30 01:06 - 2014-11-30 01:14 - 00033792 ____C (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-30 01:06 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-30 01:06 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-30 00:54 - 2014-11-30 17:12 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-11-29 23:33 - 2014-11-29 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within
2014-11-29 18:17 - 2014-11-29 18:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-11-29 18:17 - 2014-11-29 18:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-11-28 21:14 - 2014-11-28 21:14 - 00010920 _____ () C:\Users\Alex\2.txt
2014-11-27 23:48 - 2014-11-27 23:48 - 00001548 _____ () C:\Users\Alex\Downloads\ClearLNK-16.11.2014_10-16.log
2014-11-27 23:31 - 2014-11-27 23:31 - 00302904 _____ ( Dragokas) C:\Users\Alex\Downloads\ClearLNK (2).exe
2014-11-27 23:31 - 2014-11-27 23:31 - 00131665 _____ () C:\Users\Alex\Downloads\CheckBrowsersLNK (15).zip
2014-11-27 23:30 - 2014-11-27 23:30 - 10910142 _____ () C:\Users\Alex\Downloads\AutoLogger (3).zip
2014-11-27 22:15 - 2014-11-27 22:16 - 01633851 _____ () C:\Users\Alex\Downloads\PhrozenWinFileMonitorV1-1.zip
2014-11-27 22:03 - 2014-11-27 22:03 - 00087327 _____ () C:\Users\Alex\Downloads\UNINIT.EXE.zip
2014-11-27 00:17 - 2014-11-27 00:17 - 01510400 _____ () C:\Users\Alex\Downloads\7z934-x64.msi
2014-11-27 00:17 - 2014-11-27 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-27 00:17 - 2014-11-27 00:17 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-27 00:16 - 2014-11-27 00:16 - 00077726 _____ () C:\Users\Alex\Downloads\sfcdetails (1).txt
2014-11-27 00:16 - 2014-11-27 00:16 - 00000075 _____ () C:\Users\Alex\Downloads\а.txt
2014-11-27 00:14 - 2014-11-27 00:14 - 01376768 _____ () C:\Users\Alex\Downloads\7z920-x64.msi
2014-11-27 00:04 - 2014-11-27 00:04 - 00013312 _____ () C:\Windows\SysWOW64\Drivers\vdm5odgy.sys
2014-11-26 20:51 - 2014-11-26 20:51 - 00025018 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (67).log
2014-11-26 00:35 - 2014-11-26 00:35 - 15576566 _____ () C:\Users\Alex\Downloads\SRP (2).avi
2014-11-26 00:35 - 2014-11-26 00:35 - 15576566 _____ () C:\Users\Alex\Downloads\SRP (1).avi
2014-11-26 00:34 - 2014-11-26 00:34 - 06420480 _____ () C:\Users\Alex\Downloads\SRP.avi
2014-11-26 00:24 - 2014-11-26 00:24 - 00000345 _____ () C:\Users\Alex\Downloads\GetServiceInfo.zip
2014-11-26 00:24 - 2014-11-26 00:24 - 00000000 ____D () C:\Users\Alex\Downloads\GetServiceInfo
2014-11-25 23:25 - 2014-11-25 23:25 - 00008568 _____ () C:\Users\Alex\Downloads\VB6IDEMouseWheelAddin.rar
2014-11-25 23:25 - 2014-11-25 23:25 - 00000000 ____D () C:\Users\Alex\Downloads\VB6IDEMouseWheelAddin
2014-11-24 23:33 - 2014-11-24 23:46 - 241336208 _____ () C:\Users\Alex\Downloads\autopsy-3.1.1-devplatform.zip
2014-11-24 23:33 - 2014-11-24 23:44 - 298099712 _____ () C:\Users\Alex\Downloads\autopsy-3.1.1-64bit.msi
2014-11-24 23:33 - 2014-11-24 23:43 - 294125568 _____ () C:\Users\Alex\Downloads\autopsy-3.1.1-32bit.msi
2014-11-24 23:31 - 2014-11-24 23:31 - 03452291 _____ () C:\Users\Alex\Downloads\sleuthkit-4.1.3-framework-win32.zip
2014-11-24 20:52 - 2014-11-24 20:52 - 00000000 ____D () C:\Users\Alex\Documents\R-TT
2014-11-24 20:52 - 2014-11-24 20:52 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\R-TT
2014-11-24 20:51 - 2014-11-24 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R-Studio
2014-11-24 20:51 - 2014-11-24 20:51 - 00000000 ____D () C:\Program Files (x86)\R-Studio
2014-11-24 20:47 - 2014-11-24 20:47 - 06823971 _____ () C:\Users\Alex\Downloads\CrystalDiskInfo5_6_2Shizuku.zip
2014-11-24 20:45 - 2014-11-24 20:45 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-11-24 20:43 - 2014-11-24 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restorer2000 Pro
2014-11-24 20:43 - 2014-11-24 20:43 - 00000000 ____D () C:\Program Files (x86)\Restorer2000 Pro
2014-11-24 20:03 - 2014-11-24 20:03 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-11-24 20:03 - 2014-11-24 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-11-24 20:03 - 2014-11-24 20:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-11-24 20:03 - 2014-05-27 18:23 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-11-24 20:03 - 2014-05-27 18:23 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-11-24 20:03 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-11-24 19:50 - 2014-11-24 19:50 - 00020664 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (66).log
2014-11-24 19:36 - 2014-11-24 19:36 - 00019536 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4758117.torrent
2014-11-23 16:52 - 2014-11-23 16:54 - 61413456 _____ (Colasoft ) C:\Users\Alex\Downloads\capsa_free_7.8.1.4863.exe
2014-11-23 16:33 - 2014-11-23 16:35 - 03828712 _____ (Heaventools Software) C:\Users\Alex\Downloads\PE.Explorer_setup.exe
2014-11-23 14:40 - 2014-11-23 14:45 - 359512829 _____ (Oleg N. Scherbakov) C:\Users\Alex\Downloads\MS_OFFICE_2003_SP3_07.10.2014.exe
2014-11-23 14:21 - 2014-11-23 14:21 - 00123115 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.22-17.29.zip
2014-11-23 14:21 - 2014-11-23 14:21 - 00021392 _____ () C:\Users\Alex\Downloads\комбофикс (2).txt
2014-11-23 02:08 - 2014-11-23 02:08 - 01105356 _____ () C:\Users\Alex\Downloads\tcpdump-4.6.2.tar.gz
2014-11-23 01:08 - 2014-11-23 01:08 - 00018788 _____ () C:\Users\Alex\Downloads\[kinozal.tv]id1022850.torrent
2014-11-23 00:18 - 2014-11-23 00:18 - 00021392 _____ () C:\Users\Alex\Downloads\комбофикс (1).txt
2014-11-23 00:17 - 2014-11-23 00:17 - 00021392 _____ () C:\Users\Alex\Downloads\комбофикс.txt
2014-11-22 23:34 - 2014-11-22 23:34 - 00016102 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (65).log
2014-11-22 21:41 - 2014-11-22 21:42 - 24147632 _____ () C:\Users\Alex\Downloads\FRoG-Creator-OSE-V0.6.3RC.zip
2014-11-22 00:41 - 2014-11-22 00:41 - 00132028 _____ () C:\Users\Alex\Downloads\ClearLNK (18).zip
2014-11-22 00:40 - 2014-11-22 00:40 - 00132028 _____ () C:\Users\Alex\Downloads\ClearLNK (17).zip
2014-11-21 23:01 - 2014-11-21 23:01 - 00494016 _____ (FERRO Software ) C:\Users\Alex\Downloads\FtpUseInst (1).exe
2014-11-21 22:47 - 2014-11-21 22:48 - 00494016 _____ (FERRO Software ) C:\Users\Alex\Downloads\FtpUseInst.exe
2014-11-21 22:20 - 2014-11-21 22:20 - 00000000 ____D () C:\Users\Alex\Downloads\C_Intercept (2)
2014-11-21 22:10 - 2014-11-21 22:10 - 00018483 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4832196.torrent
2014-11-21 20:48 - 2014-11-21 20:49 - 09475568 _____ () C:\Users\Alex\Downloads\exescripteditor (1).exe
2014-11-20 23:53 - 2014-11-20 23:53 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\AntiHidden
2014-11-20 23:53 - 2014-11-20 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiHidden
2014-11-20 21:14 - 2014-11-20 21:14 - 00136534 _____ () C:\Users\Alex\Downloads\CheckBrowsersLNK (14).zip
2014-11-20 20:15 - 2014-11-20 20:15 - 01222144 _____ () C:\Users\Alex\Downloads\RSITx64 (1).exe
2014-11-20 20:15 - 2014-11-20 20:15 - 01107968 _____ () C:\Users\Alex\Downloads\RSIT (2).exe
2014-11-20 20:14 - 2014-11-20 20:14 - 01222144 _____ () C:\Users\Alex\Downloads\RSITx64.exe
2014-11-20 20:14 - 2014-11-20 20:14 - 01107968 _____ () C:\Users\Alex\Downloads\RSIT (1).exe
2014-11-20 00:45 - 2014-11-20 00:45 - 00416350 _____ () C:\Users\Alex\Downloads\AVZ DeQuarantine.zip
2014-11-19 23:24 - 2014-11-19 23:24 - 01107968 _____ () C:\Users\Alex\Downloads\RSIT.exe
2014-11-19 23:10 - 2014-11-19 23:10 - 00048446 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (64).log
2014-11-19 23:09 - 2014-11-19 23:09 - 00060756 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.06-19.16.zip
2014-11-19 23:09 - 2014-11-19 23:09 - 00048446 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (63).log
2014-11-18 21:08 - 2014-11-18 21:09 - 00000000 ____D () C:\Program Files (x86)\Enterbrain
2014-11-18 21:08 - 2014-11-18 21:08 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RGSS-RTP Standard
2014-11-18 21:08 - 2014-11-18 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGSS-RTP Standard
2014-11-18 20:59 - 2014-11-18 20:59 - 00013869 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4086822.torrent
2014-11-18 01:59 - 2014-11-18 01:59 - 00019651 _____ () C:\Users\Alex\Downloads\[rutracker.org].t3775228.torrent
2014-11-18 01:59 - 2014-11-18 01:59 - 00016223 _____ () C:\Users\Alex\Downloads\[rutracker.org].t3797228.torrent
2014-11-18 01:59 - 2014-11-18 01:59 - 00013749 _____ () C:\Users\Alex\Downloads\[rutracker.org].t3540447.torrent
2014-11-18 01:58 - 2014-11-18 01:58 - 00015380 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4370002.torrent
2014-11-18 01:57 - 2014-11-18 01:57 - 00020095 _____ () C:\Users\Alex\Downloads\[rutracker.org].t3847756.torrent
2014-11-18 01:57 - 2014-11-18 01:57 - 00012227 _____ () C:\Users\Alex\Downloads\[rutracker.org].t3870716.torrent
2014-11-18 01:57 - 2014-11-18 01:57 - 00011829 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4425673.torrent
2014-11-18 01:56 - 2014-11-18 01:57 - 00020342 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4730650.torrent
2014-11-17 21:18 - 2014-11-17 21:18 - 00007678 _____ () C:\Users\Alex\Downloads\CheckBrowserLnk (37).log
2014-11-17 21:08 - 2014-11-17 21:08 - 00004312 _____ () C:\Users\Alex\Downloads\ClearLNK-2014.10.14-14.52.log
2014-11-17 21:06 - 2014-11-17 21:06 - 00015580 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (62).log
2014-11-17 20:11 - 2014-11-17 20:11 - 00129202 _____ () C:\Users\Alex\Downloads\CheckBrowsersLNK (13).zip
2014-11-17 20:10 - 2014-11-17 20:10 - 00131665 _____ () C:\Users\Alex\Downloads\CheckBrowsersLNK (12).zip
2014-11-17 20:09 - 2014-11-17 20:09 - 00131665 _____ () C:\Users\Alex\Downloads\CheckBrowsersLNK (11).zip
2014-11-17 20:06 - 2014-11-17 20:06 - 00007716 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (61).log
2014-11-17 19:51 - 2014-11-17 19:51 - 00302904 _____ ( Dragokas) C:\Users\Alex\Downloads\ClearLNK (1).exe
2014-11-17 00:08 - 2014-11-17 00:08 - 00302904 _____ ( Dragokas) C:\Users\Alex\Downloads\ClearLNK.exe
2014-11-16 23:44 - 2014-11-16 23:44 - 00076260 _____ () C:\Users\Alex\Downloads\Check Browsers LNK_i.rar
2014-11-16 23:06 - 2014-11-16 23:06 - 00008384 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (60).log
2014-11-16 23:05 - 2014-11-16 23:05 - 00026770 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (59).log
2014-11-16 22:40 - 2014-11-16 22:40 - 00013372 _____ () C:\Users\Alex\Downloads\BrowserInfo (1).csv
2014-11-16 21:44 - 2014-11-16 21:44 - 00097503 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.01-19.23 (2).zip
2014-11-16 20:53 - 2014-11-16 20:53 - 00000000 ____D () C:\Users\Alex\Downloads\AutoLogger (2)
2014-11-16 20:48 - 2014-11-16 20:48 - 10907357 _____ () C:\Users\Alex\Downloads\AutoLogger (2).zip
2014-11-16 17:52 - 2014-11-16 17:54 - 06049920 _____ () C:\Users\Alex\Downloads\LNK.zip
2014-11-16 17:29 - 2014-11-16 17:29 - 01922688 _____ () C:\Users\Alex\Downloads\winrar-x64-511.exe
2014-11-16 16:11 - 2014-11-16 16:12 - 33082184 _____ () C:\Users\Alex\Downloads\360TS_Setup_5.2.0.1072.exe
2014-11-16 15:22 - 2014-11-16 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 6.0
2014-11-16 14:36 - 2014-11-16 14:36 - 21979464 _____ () C:\Users\Alex\Downloads\360TS_Setup.exe
2014-11-16 14:31 - 2014-11-16 14:31 - 00085818 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (58).log
2014-11-16 14:13 - 2014-11-16 14:13 - 04466828 _____ () C:\Users\Alex\Downloads\08_integral_ona_lubit_xodit_na_sobraniya_myzuka.ru.rar
2014-11-16 01:39 - 2014-11-16 01:40 - 06770064 _____ () C:\Users\Alex\Downloads\bitdefender_antivirus.exe
2014-11-15 18:40 - 2014-11-15 18:40 - 00018495 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4163385.torrent
2014-11-15 18:40 - 2014-11-15 18:40 - 00014200 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4782647.torrent
2014-11-15 15:53 - 2014-11-15 15:53 - 00021882 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (57).log
2014-11-15 15:26 - 2014-11-15 15:26 - 00021882 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (56).log
2014-11-14 20:33 - 2014-11-14 20:33 - 00068673 _____ () C:\Users\Alex\Downloads\virusinfo_syscheck (4).zip
2014-11-14 20:31 - 2014-11-14 20:31 - 00018766 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (55).log
2014-11-13 22:10 - 2014-11-13 22:10 - 00101138 _____ () C:\Users\Alex\Downloads\ntstatus.zip
2014-11-13 21:29 - 2014-11-13 21:29 - 11501568 _____ () C:\Users\Alex\Downloads\EMET 5.1 Setup.msi
2014-11-12 22:30 - 2014-11-12 22:30 - 00365649 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.12-21.46.zip
2014-11-12 22:26 - 2014-11-12 22:26 - 00016586 _____ () C:\Users\Alex\Downloads\[rutracker.org].t2875919.torrent
2014-11-12 22:22 - 2014-11-12 22:22 - 00493600 _____ (MediaGet LLC) C:\Users\Alex\Downloads\MediaGet_id2438210ids2s.exe
2014-11-12 22:22 - 2014-11-12 22:22 - 00493600 _____ (MediaGet LLC) C:\Users\Alex\Downloads\MediaGet_id2438047ids2s.exe
2014-11-12 22:16 - 2014-11-12 22:16 - 00000464 _____ () C:\Users\Alex\path.txt
2014-11-12 22:00 - 2014-11-12 22:00 - 00008004 _____ () C:\Users\Alex\Downloads\ClearLNK-12.11.2014_22-53.log
2014-11-12 21:57 - 2014-11-12 21:57 - 00020564 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (54).log
2014-11-12 21:54 - 2014-11-12 21:54 - 00020564 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (53).log
2014-11-12 21:53 - 2014-11-12 21:53 - 00004482 _____ () C:\Users\Alex\Downloads\ClearLNK-13.11.2014_03-00.log
2014-11-12 00:22 - 2014-11-12 00:22 - 00000008 _____ () C:\Users\Alex\123.txt
2014-11-12 00:17 - 2014-11-12 00:17 - 08461968 _____ (McAfee, Inc.) C:\Users\Alex\Downloads\SecurityScan_Release.exe
2014-11-12 00:16 - 2014-11-12 00:16 - 05295544 _____ (McAfee, Inc.) C:\Users\Alex\Downloads\Setup_serial_fEO4W6IZyMqEWMPqHUdwLg2_key.exe
2014-11-12 00:09 - 2014-11-12 00:09 - 04583464 _____ (Avira Operations GmbH & Co. KG) C:\Users\Alex\Downloads\avira_ru_av___ws.exe
2014-11-11 23:00 - 2014-11-11 23:00 - 00056032 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-18.22 (1).zip
2014-11-11 22:07 - 2014-11-11 22:07 - 00114350 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.03-17.21 (2).zip
2014-11-11 22:00 - 2014-11-11 22:00 - 00013150 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (52).log
2014-11-11 22:00 - 2014-11-11 22:00 - 00003272 _____ () C:\Users\Alex\Downloads\ClearLNK-11.11.2014_00-36.log
2014-11-11 20:22 - 2014-12-05 19:30 - 00000000 ___RD () C:\Users\Alex\Dropbox
2014-11-11 20:21 - 2014-11-14 18:18 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-11 20:19 - 2014-12-05 19:30 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox
2014-11-11 20:18 - 2014-11-11 20:18 - 00323616 _____ (Dropbox, Inc.) C:\Users\Alex\Downloads\DropboxInstaller.exe
2014-11-11 00:36 - 2014-11-11 00:36 - 00118375 _____ () C:\Users\Alex\Downloads\CheckBrowsersLNK (10).zip
2014-11-10 00:22 - 2014-11-10 00:22 - 16509344 _____ (Baidu, Inc.) C:\Users\Alex\Downloads\Baidu Antivirus 2013 3.4.2.37315 Final.exe
2014-11-09 23:51 - 2014-11-09 23:51 - 00063792 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-19.22 (1).zip
2014-11-09 23:49 - 2014-11-09 23:49 - 00085926 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.06-22.03.zip
2014-11-09 23:49 - 2014-11-09 23:49 - 00062883 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.09.27-20.17.zip
2014-11-09 23:49 - 2014-11-09 23:49 - 00056715 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-18.12.zip
2014-11-09 23:48 - 2014-11-09 23:48 - 00011628 _____ () C:\Users\Alex\Downloads\FixerBro_20141105 (2).txt
2014-11-09 23:42 - 2014-11-09 23:42 - 00063792 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-19.22.zip
2014-11-09 23:41 - 2014-11-09 23:41 - 00064065 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.02-22.42.zip
2014-11-09 23:40 - 2014-11-09 23:40 - 00074261 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-11.24.zip
2014-11-09 23:36 - 2014-11-09 23:36 - 00101893 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.04-21.14 (1).zip
2014-11-09 23:36 - 2014-11-09 23:36 - 00069313 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.06-19.58.zip
2014-11-09 23:36 - 2014-11-09 23:36 - 00007514 _____ () C:\Users\Alex\Downloads\ClearLNK-05.11.2014_19-22.log
2014-11-09 23:32 - 2014-11-09 23:32 - 00101893 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.04-21.14.zip
2014-11-09 23:31 - 2014-11-09 23:31 - 00058572 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-10.51.zip
2014-11-09 23:26 - 2014-11-09 23:26 - 00014850 _____ () C:\Users\Alex\Downloads\[fost.ws]_Baidu Antivirus 2013 3.0.1.22221 Beta.torrent
2014-11-09 23:25 - 2014-11-09 23:25 - 00087639 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-07.35 (1).zip
2014-11-09 23:12 - 2014-11-09 23:12 - 00087639 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-07.35.zip
2014-11-09 23:11 - 2014-11-09 23:11 - 00088794 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.05-00.37 (1).zip
2014-11-09 23:00 - 2014-11-09 23:00 - 00088794 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.05-00.37.zip
2014-11-09 23:00 - 2014-11-09 23:00 - 00040505 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.05-15.55.zip
2014-11-09 22:56 - 2014-11-09 22:56 - 00262398 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.10.31-13.54 (2).zip
2014-11-09 22:55 - 2014-11-09 22:56 - 01290732 _____ () C:\Users\Alex\Downloads\alcal254 (1).zip
2014-11-09 22:55 - 2014-11-09 22:55 - 01293926 _____ () C:\Users\Alex\Downloads\kalendar.rar
2014-11-09 22:52 - 2014-11-09 22:52 - 01290732 _____ () C:\Users\Alex\Downloads\alcal254.zip
2014-11-09 22:52 - 2014-11-09 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Вечный Календарь
2014-11-09 22:50 - 2014-11-09 22:50 - 00262398 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.10.31-13.54 (1).zip
2014-11-09 22:48 - 2014-11-09 22:48 - 00052188 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.05-22.11.zip
2014-11-09 22:45 - 2014-11-09 22:45 - 00090383 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-00.00.zip
2014-11-09 22:39 - 2014-11-09 22:39 - 00067015 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.05-11.52 (1).zip
2014-11-09 22:36 - 2014-11-09 22:36 - 00067015 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.05-11.52.zip
2014-11-09 22:32 - 2014-11-09 22:32 - 00013053 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4499271.torrent
2014-11-09 22:26 - 2014-11-09 22:26 - 00077945 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.04-22.02.zip
2014-11-09 22:25 - 2014-11-09 22:25 - 00062960 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.10.28-11.00.zip
2014-11-09 22:21 - 2014-11-09 22:21 - 00075918 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-12.25 (3).zip
2014-11-09 22:21 - 2014-11-09 22:21 - 00055746 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-18.18.zip
2014-11-09 22:19 - 2014-11-09 22:20 - 00075918 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-12.25 (2).zip
2014-11-09 22:12 - 2014-11-09 22:12 - 00075918 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-12.25 (1).zip
2014-11-09 22:08 - 2014-11-09 22:08 - 00075918 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-12.25.zip
2014-11-09 22:08 - 2014-11-09 22:08 - 00000000 ____D () C:\Users\Alex\AppData\Local\IsolatedStorage
2014-11-09 22:08 - 2014-11-09 22:08 - 00000000 ____D () C:\Users\Alex\AppData\Local\HockeyCrashes
2014-11-09 22:03 - 2014-11-09 22:03 - 00126837 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-13.11.zip
2014-11-09 22:03 - 2014-11-09 22:03 - 00076344 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-12.49.zip
2014-11-09 22:02 - 2014-11-09 22:02 - 00055653 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-16.12.zip
2014-11-09 22:00 - 2014-11-09 22:01 - 14795264 _____ (TunnelBear) C:\Users\Alex\Downloads\TunnelBear-Intellibear.exe
2014-11-09 21:58 - 2014-11-09 21:58 - 00071441 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-16.07.zip
2014-11-09 21:49 - 2014-11-09 21:49 - 00070031 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-15.11.zip
2014-11-09 21:46 - 2014-11-09 21:46 - 00066605 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-23.06.zip
2014-11-09 21:45 - 2014-11-09 21:45 - 00065062 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-17.59.zip
2014-11-09 21:45 - 2014-11-09 21:45 - 00060790 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-19.18.zip
2014-11-09 21:43 - 2014-11-09 21:43 - 00097402 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-21.34.zip
2014-11-09 21:42 - 2014-11-09 21:42 - 00219107 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.04-21.53 (1).zip
2014-11-09 21:34 - 2014-11-09 21:34 - 00219107 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.04-21.53.zip
2014-11-09 21:34 - 2014-11-09 21:34 - 00069609 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-13.42 (1).zip
2014-11-09 20:27 - 2014-11-09 20:27 - 00069609 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-13.42.zip
2014-11-09 20:26 - 2014-11-09 20:26 - 00059205 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-19.58.zip
2014-11-09 20:11 - 2014-11-09 20:11 - 00053643 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-18.00.zip
2014-11-09 20:09 - 2014-11-09 20:09 - 00066403 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-00.19.zip
2014-11-09 20:08 - 2014-11-09 20:08 - 00064013 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.09-20.34.zip
2014-11-09 20:08 - 2014-11-09 20:08 - 00019009 _____ () C:\Users\Alex\Downloads\avz_sysinfo.rar
2014-11-09 20:07 - 2014-11-09 20:07 - 00002676 _____ () C:\Users\Alex\Downloads\SecurityCheck (1).txt
2014-11-09 19:52 - 2014-11-09 19:52 - 00068109 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-16.25.zip
2014-11-09 19:50 - 2014-11-09 19:50 - 00056032 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.08-18.22.zip
2014-11-09 19:24 - 2014-11-09 19:24 - 00005042 _____ () C:\Users\Alex\Downloads\AutoLogger_2_pif_1.3.zip
2014-11-09 18:53 - 2014-11-09 18:53 - 00019419 _____ () C:\Users\Alex\Downloads\[rutracker.org].t2449133.torrent
2014-11-09 15:03 - 2014-11-09 15:03 - 00000000 ____D () C:\Users\Все пользователи\FlashFXP
2014-11-09 15:03 - 2014-11-09 15:03 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\FlashFXP
2014-11-09 15:03 - 2014-11-09 15:03 - 00000000 ____D () C:\ProgramData\FlashFXP
2014-11-09 11:14 - 2014-11-09 11:14 - 00000018 _____ () C:\Users\Alex\1.bat
2014-11-09 00:31 - 2014-11-09 00:31 - 00023348 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (51).log
2014-11-09 00:29 - 2014-11-09 00:29 - 00007488 _____ () C:\Users\Alex\Downloads\ClearLNK-08.11.2014_20-07 (1).log
2014-11-09 00:28 - 2014-11-09 00:28 - 00007488 _____ () C:\Users\Alex\Downloads\ClearLNK-08.11.2014_20-07.log
2014-11-09 00:26 - 2014-11-09 00:26 - 00026770 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (50).log
2014-11-09 00:21 - 2014-11-09 00:21 - 00129756 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-22.42 (1).zip
2014-11-09 00:04 - 2014-11-09 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-09 00:04 - 2014-11-09 00:04 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-08 23:58 - 2014-11-08 23:59 - 02868792 _____ (Blizzard Entertainment) C:\Users\Alex\Downloads\Battle.net-Setup-ruRU.exe
2014-11-08 23:35 - 2014-11-08 23:35 - 00129756 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.07-22.42.zip
2014-11-08 23:33 - 2014-11-08 23:33 - 00000000 ____D () C:\rsit
2014-11-08 18:04 - 2014-11-08 18:04 - 10324118 _____ () C:\Users\Alex\Downloads\Файлы (1).zip
2014-11-08 15:58 - 2014-11-08 15:58 - 00012563 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4461985.torrent
2014-11-08 15:46 - 2014-11-08 15:46 - 00000000 ____D () C:\Users\Все пользователи\{7208DF9D-6E39-4967-B7FA-59BE8909B69D}
2014-11-08 15:46 - 2014-11-08 15:46 - 00000000 ____D () C:\ProgramData\{7208DF9D-6E39-4967-B7FA-59BE8909B69D}
2014-11-08 15:35 - 2014-11-08 15:35 - 00005799 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4365273.torrent
2014-11-08 15:28 - 2014-11-08 15:28 - 00013337 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4602474.torrent
2014-11-08 15:28 - 2014-11-08 15:28 - 00012585 _____ () C:\Users\Alex\Downloads\[rutracker.org].t4539936.torrent
2014-11-08 15:25 - 2014-11-08 15:25 - 00012885 _____ () C:\Users\Alex\Downloads\Microsoft_Windows_XP_Professional_SP2_Corporate_VLK_Ru[game-torrent.info].torrent
2014-11-06 20:45 - 2014-11-06 20:45 - 00095454 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.06-05.18.zip
2014-11-06 20:45 - 2014-11-06 20:45 - 00095454 _____ () C:\Users\Alex\Downloads\CollectionLog-2014.11.06-05.18 (1).zip
2014-11-06 20:34 - 2014-11-06 20:34 - 00002673 _____ () C:\Users\Alex\Downloads\[rutracker.org].t3579500.torrent
2014-11-06 20:32 - 2014-11-06 20:32 - 00467300 _____ () C:\Users\Alex\Downloads\Shortcut (3).txt
2014-11-06 20:30 - 2014-11-06 20:30 - 00467300 _____ () C:\Users\Alex\Downloads\Shortcut (2).txt
2014-11-06 20:07 - 2014-11-06 20:07 - 00013359 _____ () C:\Users\Alex\Downloads\BrowserInfo.csv
2014-11-06 20:02 - 2014-11-06 20:02 - 00001472 _____ () C:\Users\Alex\Downloads\BrowserURL.csv
2014-11-05 19:42 - 2014-11-05 19:42 - 13179184 _____ (Opera Software ASA) C:\Users\Alex\Downloads\Opera_1217_int_Setup (1).exe
2014-11-05 00:46 - 2014-11-05 00:46 - 00017680 _____ () C:\Users\Alex\Downloads\Check_Browsers_LNK (49).log
2014-11-05 00:30 - 2014-11-05 00:30 - 13179184 _____ (Opera Software ASA) C:\Users\Alex\Downloads\Opera_1217_int_Setup.exe
2014-11-05 00:11 - 2014-11-05 00:11 - 00305137 _____ (Company © regist & Drongo) C:\Users\Alex\Downloads\AutoLogger (1).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-05 20:34 - 2014-08-24 16:20 - 00000000 ____D () C:\FRST
2014-12-05 20:34 - 2013-10-03 17:48 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\uTorrent
2014-12-05 20:30 - 2013-09-30 23:06 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-12-05 20:15 - 2014-01-03 15:47 - 01463077 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 19:54 - 2014-03-30 01:08 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 19:47 - 2013-09-30 23:57 - 00000000 ____D () C:\Users\Все пользователи\Kaspersky Lab
2014-12-05 19:47 - 2013-09-30 23:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-05 19:39 - 2014-02-08 12:13 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 19:37 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 19:37 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 19:36 - 2011-04-12 15:26 - 00739578 _____ () C:\Windows\system32\perfh019.dat
2014-12-05 19:36 - 2011-04-12 15:26 - 00156238 _____ () C:\Windows\system32\perfc019.dat
2014-12-05 19:36 - 2009-07-14 07:13 - 01682838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-05 19:30 - 2013-10-01 20:07 - 00000000 ____D () C:\Users\Все пользователи\VMware
2014-12-05 19:30 - 2013-10-01 20:07 - 00000000 ____D () C:\ProgramData\VMware
2014-12-05 19:30 - 2013-09-30 21:38 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 19:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 01:56 - 2013-10-01 20:11 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\VMware
2014-12-05 01:56 - 2013-10-01 20:11 - 00000000 ____D () C:\Users\Alex\AppData\Local\VMware
2014-12-03 19:18 - 2014-08-01 20:27 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1406917650
2014-12-03 19:18 - 2013-09-30 21:38 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-02 01:47 - 2014-07-15 00:13 - 00000000 ____D () C:\Program Files (x86)\ArtMoney
2014-12-01 22:11 - 2013-09-30 18:32 - 00000000 ____D () C:\Users\Alex
2014-12-01 21:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-11-30 23:30 - 2013-10-04 22:18 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
2014-11-30 22:22 - 2014-09-07 16:07 - 00000029 _____ () C:\Windows\VBAddin.ini
2014-11-30 21:38 - 2014-05-06 19:13 - 00000000 ___RD () C:\temp
2014-11-30 17:58 - 2013-10-02 18:32 - 00000000 ____D () C:\Users\Alex\Downloads\Архивы
2014-11-30 17:25 - 2014-10-21 19:28 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-11-30 17:12 - 2013-09-30 21:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-30 17:12 - 2013-09-30 21:25 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-30 17:12 - 2013-09-30 21:25 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-11-30 17:09 - 2013-10-02 18:23 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\AIMP3
2014-11-30 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-11-30 16:47 - 2014-03-27 20:02 - 00000000 ____D () C:\1
2014-11-30 15:52 - 2013-09-30 21:31 - 00108816 _____ () C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-30 15:08 - 2011-04-12 15:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\system32\winrm
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\system32\WCN
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\system32\slmgr
2014-11-30 15:08 - 2011-04-12 15:26 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-11-30 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-30 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-30 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-30 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-11-30 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-11-30 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-30 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-30 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-11-30 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-11-30 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-11-30 15:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-11-30 01:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-30 01:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-30 01:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-30 01:43 - 2013-10-01 20:07 - 01648586 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-30 01:41 - 2013-09-30 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-30 01:31 - 2014-08-19 19:59 - 00000000 ____D () C:\Program Files (x86)\Antirun
2014-11-30 01:08 - 2014-07-08 22:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-30 00:53 - 2013-12-27 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.ru
2014-11-30 00:53 - 2013-11-25 11:17 - 00000000 ____D () C:\Program Files (x86)\MyPlayCity.ru
2014-11-30 00:52 - 2014-11-02 00:45 - 00000000 __HDC () C:\Users\Все пользователи\{982ADA31-085E-44CB-A4A8-44EA6B352FBB}
2014-11-30 00:52 - 2014-11-02 00:45 - 00000000 __HDC () C:\ProgramData\{982ADA31-085E-44CB-A4A8-44EA6B352FBB}
2014-11-30 00:52 - 2014-09-14 21:16 - 00000000 ____D () C:\Program Files (x86)\Windows IEAK 11
2014-11-30 00:51 - 2013-11-26 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Бесплатные игры Atarata
2014-11-30 00:50 - 2013-10-28 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Игры от Alawar
2014-11-30 00:48 - 2013-12-22 19:10 - 00000000 ____D () C:\Users\Alex\AppData\Local\SKIDROW
2014-11-30 00:43 - 2014-03-26 00:15 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\ACEStream
2014-11-30 00:43 - 2014-03-26 00:15 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\.ACEStream
2014-11-30 00:14 - 2013-11-28 18:06 - 00000000 ____D () C:\Users\Все пользователи\Steam
2014-11-30 00:14 - 2013-11-28 18:06 - 00000000 ____D () C:\ProgramData\Steam
2014-11-28 21:14 - 2014-11-01 15:15 - 00021462 _____ () C:\Users\Alex\1.txt
2014-11-27 21:16 - 2013-10-24 00:23 - 00039936 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-26 22:39 - 2014-02-08 12:13 - 00003834 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 22:39 - 2013-11-20 01:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:39 - 2013-11-20 01:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 00:35 - 2013-11-15 22:11 - 00000000 ____D () C:\Users\Alex\Downloads\Видео
2014-11-24 20:43 - 2014-09-07 18:43 - 00034308 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2014-11-24 14:04 - 2010-11-21 05:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 04:01 - 2014-10-20 22:32 - 00267776 _____ () C:\Windows\SysWOW64\mscomctl32.oca
2014-11-21 22:20 - 2014-06-09 19:24 - 00021555 _____ () C:\Users\Alex\Downloads\C_Intercept.zip
2014-11-20 20:15 - 2013-12-29 16:17 - 00000000 ____D () C:\Program Files\trend micro
2014-11-20 20:15 - 2013-10-22 19:58 - 00000000 ____D () C:\Program Files (x86)\trend micro
2014-11-18 12:32 - 2014-10-15 17:50 - 00001005 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 26.lnk
2014-11-17 20:10 - 2014-10-19 17:46 - 00131665 _____ () C:\Users\Alex\Downloads\CheckBrowsersLNK.zip
2014-11-17 19:54 - 2014-01-14 12:32 - 00000000 ____D () C:\Users\Все пользователи\Yandex
2014-11-17 19:54 - 2014-01-14 12:32 - 00000000 ____D () C:\ProgramData\Yandex
2014-11-16 18:50 - 2013-10-04 12:47 - 00000000 ____D () C:\Users\Alex\Downloads\Программы
2014-11-16 17:29 - 2013-09-30 21:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-16 17:29 - 2013-09-30 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-16 17:29 - 2013-09-30 21:53 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-16 15:22 - 2013-10-15 19:43 - 00001273 _____ () C:\Windows\VB.INI
2014-11-16 15:22 - 2013-10-15 19:43 - 00000535 _____ () C:\Windows\ODBCINST.INI
2014-11-16 15:22 - 2013-10-15 19:43 - 00000000 ____D () C:\Program Files (x86)\Web Publish
2014-11-16 15:22 - 2013-09-30 21:52 - 00000910 _____ () C:\Windows\ODBC.INI
2014-11-15 00:23 - 2014-08-23 17:31 - 00003822 _____ () C:\Users\Alex\Downloads\Safari (2).zip
2014-11-15 00:23 - 2014-08-23 17:31 - 00003822 _____ () C:\Users\Alex\Downloads\Safari (2) (1).zip
2014-11-13 22:11 - 2014-04-05 17:45 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\QtProject
2014-11-13 20:49 - 2014-03-30 01:08 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 20:49 - 2013-09-30 21:38 - 00003714 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-11 21:15 - 2013-09-30 21:58 - 00000000 ____D () C:\Program Files (x86)\AkelPadBuilderNEW
 
Files to move or delete:
====================
C:\Users\Alex\1.bat
C:\Users\Alex\1.vbs
 
 
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfhuwcw.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 19:11
 
==================== End Of Log ============================

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 05 December 2014 - 02:27 PM


Your Winlogon key is compromised.
You should find an improvement when this fix is completed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
AppInit_DLLs: 123 => 123 File Not Found
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
Toolbar: HKU\S-1-5-21-2757108031-2077976367-87274058-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2757108031-2077976367-87274058-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
FF Homepage: hxxp://www.yandex.ru/?clid=1993841
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3182\npQQPhoneManagerExt.dll No File
CHR HomePage: Default -> hxxp://www.yandex.ru/?win=107&clid=1993841
CHR StartupUrls: Default -> "hxxp://www.yandex.ru/?win=107&clid=1993841"
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google ???????) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Alex\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Enterprise\mpoe.crx [Not Found]
S2 AmmyyAdmin_1410; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S2 AmmyyAdmin_280; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S2 AmmyyAdmin_BF8; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S3 SbieSvc; C:\\Users\\Alex\\Desktop\\Sandboxie-portable\\Sandboxie\\SbieSvc.exe [X]
S4 LMIRfsClientNP; No ImagePath
S2 am7pro; \??\C:\Program Files (x86)\ArtMoney Pro\am74064.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MMPSY; \??\C:\Users\Alex\AppData\Local\Temp\mmpsy64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Users\Alex\123:4

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 Dragokas

Dragokas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:07:35 PM

Posted 05 December 2014 - 02:50 PM

System load is fine.

Driver's error is still the same.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Alex at 2014-12-05 21:42:06 Run:1
Running from C:\Users\Alex\Desktop
Loaded Profile: Alex (Available profiles: Alex & Гость)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
AppInit_DLLs: 123 => 123 File Not Found
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\.DEFAULT -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
Toolbar: HKU\S-1-5-21-2757108031-2077976367-87274058-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2757108031-2077976367-87274058-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
FF Homepage: hxxp://www.yandex.ru/?clid=1993841
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3182\npQQPhoneManagerExt.dll No File
CHR HomePage: Default -> hxxp://www.yandex.ru/?win=107&clid=1993841
CHR StartupUrls: Default -> "hxxp://www.yandex.ru/?win=107&clid=1993841"
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Google ???????) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Alex\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Enterprise\mpoe.crx [Not Found]
S2 AmmyyAdmin_1410; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S2 AmmyyAdmin_280; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S2 AmmyyAdmin_BF8; "C:\Users\Alex\Desktop\AA_v3.exe" -service -lunch [X]
S3 SbieSvc; C:\\Users\\Alex\\Desktop\\Sandboxie-portable\\Sandboxie\\SbieSvc.exe [X]
S4 LMIRfsClientNP; No ImagePath
S2 am7pro; \??\C:\Program Files (x86)\ArtMoney Pro\am74064.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MMPSY; \??\C:\Users\Alex\AppData\Local\Temp\mmpsy64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Users\Alex\123:4
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
"123" => Value Data removed successfully.
"HKU\S-1-5-21-2757108031-2077976367-87274058-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} => value deleted successfully.
"HKCR\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}" => Key not found.
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKU\S-1-5-21-2757108031-2077976367-87274058-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} => value deleted successfully.
"HKCR\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}" => Key not found.
Firefox homepage deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nkcpopggjcjkiicpenikeogioednjeac" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk" => Key deleted successfully.
AmmyyAdmin_1410 => Service deleted successfully.
AmmyyAdmin_280 => Service deleted successfully.
AmmyyAdmin_BF8 => Service deleted successfully.
SbieSvc => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
am7pro => Service deleted successfully.
GPUZ => Service deleted successfully.
LMIInfo => Service deleted successfully.
MMPSY => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Alex\123 => ":4" ADS removed successfully.
 
==== End of Fixlog ====
 
 
 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Adobe Flash Player 15.0.0.239  
 Adobe Reader XI  
 Mozilla Firefox 32.0 Firefox out of Date!  
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 06 December 2014 - 08:43 AM

Please Download Tweaking.com - Windows Repair from Here
 

  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • On Start Repairs Click Start
  • Click the Unselect All button then select just the items below
    01 - Repair Registry Permissions
    02 - Reset File Permissions (2)
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    14 - Removed Temp Files
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • How is it now?


#8 Dragokas

Dragokas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:07:35 PM

Posted 07 December 2014 - 04:43 AM

Hi, nasdaq !
 
It solved my problem. Driver installation is fine. System shutdown looks little bit faster. Thank you.
However, the old version of Windows Repair All-in-one I ran before was not be able to restore permissions.
It seems they updated a tool significantly.
 
By the way, my Winlogon key was not compromised. It's just manually created empty x32-bit value. 64-bit OS does not use it.
 
There was errors during SFC scan. I attached a log.
 
 
 

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 07 December 2014 - 10:08 AM

There was errors during SFC scan. I attached a log.


Unless you have issues with your computer I would ignore the errors with the SFC scan.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 Dragokas

Dragokas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:07:35 PM

Posted 07 December 2014 - 10:20 AM

Okay, I have read it. Thanks again.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:35 PM

Posted 07 December 2014 - 11:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users