Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "a variant of MSIL/Injector.YT trojan" ?!?


  • This topic is locked This topic is locked
21 replies to this topic

#1 sinip

sinip

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 19 June 2015 - 08:27 AM

Hello, this is first time I've seen anything like this, and I'm pretty "old" PC user.
Last night, I've put my Win 7 x64 to sleep and when I woke up wanted to wake it up, as usually, only to be greeted with BSOD, complaining about hardware error. After several unsuccessfull boot attempts (it would boot to the desktop, load ESET, Skype and the crashed) I've rebooted in the safe mode. Booted normally. Then I've disabled the most of start-up entries and rebooted.
Booted normally, no crash, everything looks normal, except this from ESET:
 
19.6.2015 14:49:56    Advanced memory scanner    file    Operating memory » mem_3F00000_1696.dll    a variant of MSIL/Injector.YT trojan    unable to clean        
19.6.2015 14:49:56    Advanced memory scanner    file    Operating memory » mem_10B0000_1696.dll    a variant of MSIL/Injector.YT trojan    unable to clean        
19.6.2015 14:49:56    Advanced memory scanner    file    Operating memory » mem_F90000_1696.dll    a variant of MSIL/Injector.YT trojan    unable to clean        
19.6.2015 14:49:20    Startup scanner    file    Operating memory » mem_3F00000_1696.dll    a variant of MSIL/Injector.YT trojan    unable to clean    sinip-PC\sinip    
19.6.2015 14:49:20    Startup scanner    file    Operating memory » mem_10B0000_1696.dll    a variant of MSIL/Injector.YT trojan    unable to clean    sinip-PC\sinip    
19.6.2015 14:49:19    Startup scanner    file    Operating memory » mem_F90000_1696.dll    a variant of MSIL/Injector.YT trojan    unable to clean    sinip-PC\sinip  
 
Neither MBAM nor MBAR found anything so I'm at loss. FRST.txt content follows.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by sinip (administrator) on SINIP-PC on 19-06-2015 15:06:35
Running from H:\
Loaded Profiles: sinip & MSSQL$SQLEXPRESS (Available Profiles: sinip & MSSQL$SQLEXPRESS)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Nitro PDF Software) D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() D:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() D:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Sysinternals - www.sysinternals.com) C:\Users\sinip\AppData\Local\Temp\Rar$EXa0.585\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\sinip\AppData\Local\Temp\procexp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\sinip\AppData\Roaming\Copy\CopyAgent.exe [15410832 2015-04-18] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-05-06] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-05-06] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-05-06] (Yandex)
ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll [2015-05-06] (Yandex)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [1MediaIconsOverlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\sinip\AppData\Roaming\Copy\overlay\CopyShExt.dll [2015-03-25] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2012-01-18] (SmartSoft Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1435235619-3529585821-2833454665-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-04-05] (Siber Systems Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-04-05] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-20] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-30] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-20] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-04-05] (Siber Systems Inc.)
Toolbar: HKLM - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-04-05] (Siber Systems Inc.)
Toolbar: HKLM-x32 - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{209D81F2-84C4-4D5C-937A-5F6641E3F7C3}: [NameServer] 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{4F2A9BDA-A8B9-4A9D-9E35-6DA7B00B7190}: [NameServer] 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{975FE365-53F8-44E1-9FA4-381DD75DB1BE}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\sinip\AppData\Roaming\Mozilla\Firefox\Profiles\mj64m0k6.default-1395172106601
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-03-02] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-03-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-22] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1435235619-3529585821-2833454665-1000: @acestream.net/acestreamplugin,version=2.2.0-next -> C:\Users\sinip\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1435235619-3529585821-2833454665-1000: @citrixonline.com/appdetectorplugin -> C:\Users\sinip\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-03] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-20] (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Downloader [4K] - C:\Users\sinip\AppData\Roaming\Mozilla\Firefox\Profiles\mj64m0k6.default-1395172106601\Extensions\artur.dubovoy@gmail.com [2015-05-31]
FF Extension: MEGA - C:\Users\sinip\AppData\Roaming\Mozilla\Firefox\Profiles\mj64m0k6.default-1395172106601\Extensions\firefox@mega.co.nz.xpi [2014-12-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-07]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-04-01]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-10]
CHR Extension: (Google Docs) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-10]
CHR Extension: (Google Drive) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-10]
CHR Extension: (YouTube) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-10]
CHR Extension: (Google Search) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-10]
CHR Extension: (Google Sheets) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-10]
CHR Extension: (Bookmark Manager) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-10]
CHR Extension: (No Name) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjacbidbigepkemmhlegcmgimnlgdcop [2015-05-12]
CHR Extension: (Magic Player) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpckgflgdapkpabemgkielbefdildaio [2015-05-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-10]
CHR Extension: (Video Downloader [FVD]) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-05-10]
CHR Extension: (No Name) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2015-05-10]
CHR Extension: (Google Wallet) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-10]
CHR Extension: (Gmail) - C:\Users\sinip\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-10]
CHR HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\sinip\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2014-01-28]

Opera:
=======
StartMenuInternet: (HKLM) Opera - d:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 MbaeSvc; d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MSSQL$SQLEXPRESS; D:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [370368 2013-10-04] (Microsoft Corporation)
R2 NitroDriverReadSpool9; D:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-22] (Nitro PDF Software)
R2 NitroUpdateService; D:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; D:\Program Files\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612544 2013-10-04] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WO_LiveService2; D:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2015-01-12] ()
S3 ChipsBankSpeedUp; cmd /c start  "" "C:\Windows\system32\drivers\USBSpeedUp.exe"  install ChipsBank [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-01-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2015-01-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-01-30] (ESET)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
R1 ESProtectionDriver; d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-02-17] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R2 LiveTuner2PM; D:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S0 PzWDM; C:\Windows\SysWOW64\Drivers\PzWDM.sys [15172 2005-06-29] (Prassi Technology) [File not signed]
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2013-10-04] (Microsoft Corporation)
R3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 VSPerfDrv110; D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 DfSdkS; No ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 SliceDisk5; \??\C:\Users\sinip\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 15:06 - 2015-06-19 15:06 - 00000000 ____D C:\FRST
2015-06-19 14:52 - 2015-06-19 14:52 - 00030087 _____ C:\ComboFix.txt
2015-06-19 14:21 - 2015-06-19 14:21 - 00001812 _____ C:\Users\sinip\Desktop\JRT.txt
2015-06-19 14:18 - 2015-06-19 14:18 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SINIP-PC-Windows-7-Ultimate-(64-bit).dat
2015-06-19 14:18 - 2015-06-19 14:18 - 00000000 ____D C:\RegBackup
2015-06-19 14:17 - 2015-06-19 14:33 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-19 12:37 - 2015-06-19 12:37 - 00000640 _____ C:\Users\Public\Desktop\AIMP3.lnk
2015-06-19 12:37 - 2015-06-19 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2015-06-19 11:41 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-19 11:41 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-19 11:41 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-19 11:41 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-19 11:41 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-19 11:41 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-19 11:41 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-19 11:41 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-19 11:41 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-19 11:41 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-19 11:41 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-19 11:41 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-19 11:41 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-19 11:40 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-19 11:40 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-19 11:40 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-19 11:40 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-19 11:40 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-19 11:40 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-19 11:40 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-19 11:40 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-19 11:40 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-19 11:40 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-19 11:40 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-19 11:40 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-19 11:40 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-19 11:40 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-19 11:40 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-19 11:40 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-19 11:40 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-19 11:40 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-19 11:40 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-19 11:40 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-19 11:40 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-19 11:40 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-19 11:40 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-19 11:40 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-19 11:40 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-19 11:40 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-19 11:40 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-19 11:40 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-19 11:40 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-19 11:40 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-19 11:40 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-19 11:40 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-19 11:40 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-19 11:40 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-19 11:40 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-19 11:40 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-19 11:40 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-19 11:40 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-19 11:40 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-19 11:40 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-19 11:40 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-19 11:40 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-19 11:40 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-19 11:40 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-19 11:40 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-19 11:40 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-19 11:40 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-19 11:25 - 2015-06-19 11:25 - 00280944 _____ C:\Windows\Minidump\061915-24117-01.dmp
2015-06-19 11:21 - 2015-06-19 11:21 - 00280944 _____ C:\Windows\Minidump\061915-25225-01.dmp
2015-06-19 11:03 - 2015-06-19 11:03 - 00280944 _____ C:\Windows\Minidump\061915-28314-01.dmp
2015-06-19 10:59 - 2015-06-19 10:59 - 00280944 _____ C:\Windows\Minidump\061915-25022-01.dmp
2015-06-19 10:47 - 2015-06-19 10:47 - 00280944 _____ C:\Windows\Minidump\061915-27097-01.dmp
2015-06-19 10:42 - 2015-06-19 11:25 - 564134137 _____ C:\Windows\MEMORY.DMP
2015-06-19 10:42 - 2015-06-19 10:42 - 00280944 _____ C:\Windows\Minidump\061915-28906-01.dmp
2015-06-17 12:18 - 2015-06-19 11:02 - 00000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2015-06-17 11:58 - 2015-06-17 12:29 - 00000000 ____D C:\@RestoreQuarantine
2015-06-17 11:55 - 2015-06-17 11:55 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2015-06-17 11:41 - 2015-06-17 12:30 - 00000000 ____D C:\ProgramData\RegRun
2015-06-17 11:40 - 2015-06-17 11:40 - 00003324 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2015-06-17 11:40 - 2015-06-17 11:40 - 00000002 RSHOT C:\Windows\winstart.bat
2015-06-16 14:52 - 2015-06-16 14:52 - 00000000 ____D C:\Users\sinip\AppData\Roaming\ActiveState
2015-06-16 01:17 - 2015-06-19 13:09 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1435235619-3529585821-2833454665-1000.job
2015-06-16 01:17 - 2015-06-16 01:17 - 00003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1435235619-3529585821-2833454665-1000
2015-06-13 19:28 - 2015-06-13 19:28 - 00000000 __SHD C:\Users\sinip\Phone Browser
2015-06-08 19:53 - 2015-06-08 19:53 - 00000507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarUML.lnk
2015-06-07 11:14 - 2015-06-08 12:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-04 09:35 - 2015-06-04 09:35 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-03 19:53 - 2015-06-19 14:54 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1435235619-3529585821-2833454665-1000.job
2015-06-03 19:53 - 2015-06-16 01:17 - 00003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1435235619-3529585821-2833454665-1000
2015-06-03 19:52 - 2015-06-03 19:53 - 00000000 ____D C:\Users\sinip\AppData\Local\Citrix
2015-06-03 18:43 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 18:43 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 18:43 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 18:43 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 18:43 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 18:43 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-03 18:43 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 18:43 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 18:43 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 18:43 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 18:43 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-03 18:43 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 18:43 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 18:43 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 18:43 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 18:43 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-01 21:11 - 2015-06-01 21:11 - 00000000 ____D C:\Users\sinip\AppData\Local\GWX
2015-06-01 21:01 - 2015-06-01 21:01 - 12814752 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-06-01 21:01 - 2015-06-01 21:01 - 01067696 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-06-01 21:01 - 2015-06-01 21:01 - 00957472 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-06-01 21:01 - 2015-06-01 21:01 - 00544552 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-06-01 21:01 - 2015-06-01 21:01 - 00539312 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-06-01 21:01 - 2015-06-01 21:01 - 00231312 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-06-01 21:01 - 2015-06-01 21:01 - 00194880 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-06-01 21:01 - 2015-06-01 21:01 - 00041288 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 13037568 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 10820096 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 05916080 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 05384176 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-06-01 21:00 - 2015-06-01 21:00 - 03520000 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 03129856 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00584192 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00551424 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00523184 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00453552 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00451584 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00449024 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00448512 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00448512 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00448000 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00448000 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00445952 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00445952 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00444416 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00444416 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00440832 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00418816 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00411056 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00393216 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00339456 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00294912 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-06-01 21:00 - 2015-06-01 21:00 - 00290224 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00266152 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00197040 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00183808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00183216 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00151040 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00135680 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-06-01 21:00 - 2015-06-01 21:00 - 00124928 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4229.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00110080 _____ C:\Windows\system32\igdde64.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00090112 _____ C:\Windows\SysWOW64\igdde32.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00033792 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00018432 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-06-01 19:46 - 2015-06-01 19:46 - 00017082 _____ C:\Windows\system32\iglhxs64.vp
2015-05-31 16:19 - 2015-06-15 16:18 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-31 16:19 - 2015-05-31 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-31 15:35 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-31 15:35 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-31 15:35 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-31 15:35 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-31 15:35 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-31 15:35 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-31 15:35 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-31 15:15 - 2015-05-31 15:15 - 00000000 ____D C:\Windows\system32\appraiser
2015-05-31 15:07 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-31 15:07 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-31 15:07 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-31 15:07 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-31 15:07 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-31 15:07 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-31 15:07 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-31 15:07 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-31 15:07 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-30 21:38 - 2015-05-30 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2015-05-23 20:19 - 2015-06-19 11:23 - 00000000 ___RD C:\Users\sinip\YandexDisk
2015-05-23 20:19 - 2015-05-23 20:20 - 00000000 ____D C:\Users\sinip\AppData\Roaming\Yandex
2015-05-23 20:19 - 2015-05-23 20:19 - 00002004 _____ C:\Users\sinip\Desktop\Screenshots in Yandex.Disk.lnk
2015-05-23 20:19 - 2015-05-23 20:19 - 00001945 _____ C:\Users\sinip\Desktop\Yandex.Disk.lnk
2015-05-23 20:19 - 2015-05-23 20:19 - 00000000 ____D C:\Users\sinip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
2015-05-23 20:19 - 2015-05-23 20:19 - 00000000 ____D C:\Program Files\Yandex
2015-05-23 20:19 - 2015-05-23 20:19 - 00000000 ____D C:\Program Files (x86)\Yandex
2015-05-23 20:18 - 2015-05-23 20:18 - 00000000 ____D C:\Users\sinip\AppData\Local\Yandex
2015-05-23 20:18 - 2015-05-23 20:18 - 00000000 ____D C:\ProgramData\Yandex
2015-05-22 13:06 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-22 13:06 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-22 12:53 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-22 12:53 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-22 12:38 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-22 12:38 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-22 12:38 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-22 12:38 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-22 12:38 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-22 12:38 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-22 12:38 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-22 12:38 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-22 12:38 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-22 12:38 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-22 12:38 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-22 12:38 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-22 12:38 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-22 12:38 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-22 12:38 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-22 12:38 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-22 12:38 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-22 12:38 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-22 12:38 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-22 12:38 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-22 12:38 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-22 12:38 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-22 12:38 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-22 12:38 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-22 12:38 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-22 12:25 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-22 11:40 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-22 11:40 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-22 11:40 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-22 11:28 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-22 11:28 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-22 11:28 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-22 11:28 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-22 11:28 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-22 11:28 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-22 11:28 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-22 11:28 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-22 11:28 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-22 11:28 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-22 11:28 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-22 11:28 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-22 11:28 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-22 11:28 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-22 11:28 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-22 11:27 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-22 11:27 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-22 11:27 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-22 11:27 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-22 11:27 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-22 11:27 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-22 11:27 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-22 11:27 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-22 11:27 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-22 11:27 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-22 11:27 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-22 11:27 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-22 11:17 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-22 11:17 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-22 11:17 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-22 11:17 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-22 11:06 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 11:06 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 15:01 - 2015-04-24 09:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-19 15:01 - 2014-09-16 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-19 14:56 - 2015-02-27 18:30 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-19 14:56 - 2015-02-27 18:30 - 00013248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-19 14:56 - 2012-11-07 11:13 - 00000000 ____D C:\Program Files (x86)\Everything
2015-06-19 14:52 - 2015-03-25 20:16 - 00000000 ____D C:\Users\sinip\AppData\Roaming\Copy
2015-06-19 14:52 - 2013-05-12 20:20 - 00000000 ____D C:\Qoobox
2015-06-19 14:51 - 2012-11-06 22:32 - 01829744 _____ C:\Windows\WindowsUpdate.log
2015-06-19 14:49 - 2015-04-08 19:28 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-19 14:49 - 2014-08-14 15:08 - 00006463 _____ C:\Windows\SysWOW64\Gms.log
2015-06-19 14:47 - 2014-06-20 16:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c914c24d7d3.job
2015-06-19 14:47 - 2012-11-06 11:56 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-06-19 14:47 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-19 14:46 - 2015-05-13 01:24 - 00016668 _____ C:\Windows\PFRO.log
2015-06-19 14:46 - 2015-05-11 01:00 - 00002098 _____ C:\Windows\setupact.log
2015-06-19 14:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-19 14:45 - 2009-07-14 04:34 - 52690944 _____ C:\Windows\system32\config\components.bak
2015-06-19 14:45 - 2009-07-14 04:34 - 22544384 _____ C:\Windows\system32\config\SYSTEM.bak
2015-06-19 14:45 - 2009-07-14 04:34 - 148373504 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-06-19 14:45 - 2009-07-14 04:34 - 06291456 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-19 14:45 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-19 14:45 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-19 14:44 - 2013-05-12 20:20 - 00000000 ____D C:\Windows\erdnt
2015-06-19 14:32 - 2014-10-19 02:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb31d4d53c92.job
2015-06-19 14:20 - 2014-06-20 16:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8c914d247141.job
2015-06-19 14:05 - 2014-03-20 17:18 - 00000000 ____D C:\Users\sinip\AppData\Roaming\AIMP3
2015-06-19 14:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-19 14:04 - 2015-03-18 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-19 14:04 - 2015-03-18 15:12 - 00000000 ____D C:\Users\sinip\Desktop\mbar
2015-06-19 13:05 - 2014-08-04 12:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-19 12:37 - 2013-07-14 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-06-19 12:33 - 2014-08-20 18:06 - 00000000 ____D C:\Users\sinip\AppData\Local\Adobe
2015-06-19 12:05 - 2012-11-06 20:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-19 12:00 - 2014-08-04 12:32 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-19 11:25 - 2012-11-06 14:41 - 00000000 ____D C:\Windows\Minidump
2015-06-19 10:39 - 2012-11-06 14:15 - 00000000 ____D C:\Users\sinip\AppData\Roaming\Skype
2015-06-17 12:23 - 2015-04-24 09:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-17 12:23 - 2015-03-18 20:28 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-17 12:23 - 2015-03-18 20:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 12:14 - 2015-05-13 01:09 - 00000364 _____ C:\Users\sinip\Desktop\UDEMY ZA SKIDANJE.txt
2015-06-17 12:12 - 2015-05-10 15:46 - 00000000 ____D C:\Users\sinip\AppData\Roaming\newSI_651
2015-06-17 10:38 - 2013-03-05 20:04 - 00000000 ____D C:\Users\sinip\AppData\Roaming\Nitro PDF
2015-06-16 21:24 - 2012-11-06 12:26 - 00000000 ____D C:\Users\sinip\AppData\Roaming\AIMP
2015-06-16 14:56 - 2012-11-11 19:39 - 00000000 ____D C:\Users\sinip\AppData\Roaming\uTorrent
2015-06-13 19:28 - 2012-11-06 11:37 - 00000000 ____D C:\Users\sinip
2015-06-13 01:18 - 2014-02-22 01:06 - 00000000 ____D C:\Users\sinip\AppData\Roaming\MultiBit
2015-06-09 19:00 - 2015-05-10 18:00 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-08 21:10 - 2015-01-22 00:19 - 00000000 ____D C:\Users\sinip\AppData\Roaming\StarUML
2015-06-08 13:25 - 2012-12-12 09:30 - 00000000 ____D C:\Windows\rescache
2015-06-08 12:23 - 2012-12-06 08:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-08 12:09 - 2012-11-06 14:15 - 00000000 ____D C:\ProgramData\Skype
2015-06-08 11:03 - 2015-03-20 04:19 - 00000000 ____D C:\Users\sinip\AppData\Local\CrashDumps
2015-06-04 09:35 - 2013-01-21 15:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-03 00:44 - 2009-07-14 07:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 03:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-01 21:01 - 2015-03-22 03:04 - 11352688 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-06-01 21:01 - 2012-10-10 00:22 - 13059896 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-06-01 21:01 - 2012-10-10 00:22 - 11223896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-06-01 21:00 - 2012-11-06 11:46 - 09016320 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-06-01 21:00 - 2012-11-06 11:46 - 00119296 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-06-01 21:00 - 2012-11-06 11:46 - 00102912 _____ C:\Windows\system32\IccLibDll_x64.dll
2015-06-01 21:00 - 2012-11-06 11:46 - 00072704 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-05-31 17:51 - 2014-10-26 16:58 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-05-31 15:38 - 2014-11-04 23:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-31 15:33 - 2015-04-08 19:15 - 00000039 _____ C:\Windows\vbaddin.ini
2015-05-31 15:16 - 2014-10-11 13:43 - 00000000 ____D C:\Windows\Simple Port Tester
2015-05-31 15:15 - 2014-05-05 22:51 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-31 15:09 - 2015-04-05 01:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-31 15:09 - 2015-04-05 01:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-31 14:32 - 2014-08-04 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-31 14:32 - 2013-02-13 18:40 - 00000799 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-31 14:00 - 2015-02-01 00:20 - 05511736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-31 13:59 - 2013-03-15 08:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-31 13:59 - 2013-03-15 08:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-31 13:54 - 2009-07-14 09:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-31 13:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-31 13:45 - 2013-03-13 00:16 - 00000000 ____D C:\Users\sinip\AppData\Roaming\vlc
2015-05-29 23:31 - 2015-03-25 20:18 - 00000000 ___RD C:\Users\sinip\Copy
2015-05-22 11:01 - 2013-03-15 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2014-01-09 15:25 - 2014-06-01 15:56 - 0000132 _____ () C:\Users\sinip\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-12-03 17:54 - 2014-03-27 16:23 - 0001456 _____ () C:\Users\sinip\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-12-04 08:42 - 2014-06-07 11:09 - 0017920 _____ () C:\Users\sinip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-08 08:16 - 2014-08-07 18:55 - 0007599 _____ () C:\Users\sinip\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\sinip\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 01:08

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by sinip at 2015-06-19 15:07:23
Running from H:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1435235619-3529585821-2833454665-500 - Administrator - Disabled)
Guest (S-1-5-21-1435235619-3529585821-2833454665-501 - Limited - Disabled)
sinip (S-1-5-21-1435235619-3529585821-2833454665-1000 - Administrator - Enabled) => C:\Users\sinip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.22 - GIGABYTE)
µTorrent (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\uTorrent) (Version: 3.3.0.28910 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AdriaTOPO 2.40 (HKLM-x32\...\{33D3059C-444E-4DE3-A58D-AFD10D684F54}) (Version: 2.40 - Navigo-Sistem d.o.o.)
AIMP2 (HKLM-x32\...\AIMP2) (Version: - AIMP DevTeam)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1495, 03.06.2015 - AIMP DevTeam)
Amazon Kindle (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\Amazon Kindle) (Version: - Amazon)
Apache Tomcat 8.0.15 (HKLM-x32\...\nbi-tomcat-8.0.15.0.0) (Version: - )
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0417 - Gigabyte)
APP Center (x32 Version: 1.15.0417 - Gigabyte) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 11 v.11.00.60 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.60 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Beyond Compare Version 3.3.5 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
calibre (HKLM-x32\...\{BED35097-6053-4E51-B9EC-A779CCCDEE72}) (Version: 2.15.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Convert EPUB to PDF 6.6.0 (HKLM-x32\...\{C860AFE7-2A99-4AF6-AB03-116EFC14AD30}) (Version: 6.6.0 - EPUB Converter)
Copy (HKLM\...\{01418318-8619-4119-969F-A06C63DF05A8}) (Version: 3.2.0.478 - Barracuda Networks, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.6.1 - Bloodshed Software)
Directory 4Pro v2.01 (HKLM-x32\...\Directory 4Pro_is1) (Version: - )
Dogecoin (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\Dogecoin) (Version: 1.6.0.0 - Dogecoin)
Dogecoin Core (32-bit) (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\Dogecoin Core (32-bit)) (Version: 1.8.0 - Dogecoin project)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
EaseUS Partition Master 10.2 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
eMule (HKLM-x32\...\eMule) (Version: - )
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
ePUBee DRM Removal (HKLM-x32\...\ePUBee DRM Removal) (Version: 3.0.5.1 - ePUBee Inc.)
ESET Smart Security (HKLM\...\{293ADC3B-DCF3-44C2-9CE8-19DD2B4F7646}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )
EximiousSoft Banner Maker V5.10 (HKLM-x32\...\EximiousSoft Banner Maker_is1) (Version: - EximiousSoft)
FireShot (HKLM-x32\...\FireShot) (Version: - )
Flash Drive Tester v1.14 (HKLM-x32\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Free Audio Converter version 5.0.43.605 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.43.605 - DVDVideoSoft Ltd.)
FVD Player 1.0.9 (HKLM-x32\...\FVD Player_is1) (Version: - flashvideodownloader.org)
Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2012.40 Update (HKLM-x32\...\{B28311A2-EA16-4F85-80CE-1BF2B0912C8F}) (Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GlassFish Server Open Source Edition 4.1 (HKLM-x32\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - )
GmapTool 0.7.158 (HKLM-x32\...\{1873789F-59D5-4002-8A2F-60A827B78F98}_is1) (Version: - AP)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
GrabIt 1.7.2 Beta 6 (build 1008) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iWisoft Free Video Downloader 2.1 (HKLM-x32\...\iWisoft Free Video Downloader_is1) (Version: 2.1 - www.iwisoft.com)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
K-Lite Codec Pack 9.2.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.2.0 - )
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MapUpdate Wizard (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\d897dd226090d2b5) (Version: 1.0.0.3 - GeoLand Ltd.)
Merriam-Webster 3.0 (HKLM-x32\...\{F3812D83-86D2-4445-A841-3E0BA4F9A11C}) (Version: - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 CTP2 (64-bit) (HKLM\...\Microsoft SQL Server SQL14CTP2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 CTP2 Setup (English) (HKLM\...\{9559879F-3417-42DD-B48C-305AB073E01F}) (Version: 12.0.1524.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
microsoft visual c++ 2010 redistributable sp1 (HKLM-x32\...\{0024CAA7-4422-4F5C-A488-4BEC32770887}) (Version: 10.0.4753 - microsoft visual c++ 2010 redistributable sp1)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{c268086c-18ee-4c0d-b057-1f49530d413a}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 CTP2 (HKLM\...\{549E59D0-CE66-4AE1-905D-A1E3FD915070}) (Version: 12.0.1524.0 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft WebMatrix 3 (HKLM-x32\...\{4C1CB8FA-89A5-476A-89B6-C69BDC668A9F}) (Version: 2.0.1932 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MPC-HC 1.6.5.6366 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.5.6366 - MPC-HC Team)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NewZFinders 1.1.1 Bêta Build 014 (HKLM-x32\...\NewZFinders_is1) (Version: - ZProDuCTioN)
Nitro Pro 9 (HKLM\...\{FD667D61-7A1D-49E3-B582-96C7238ECEB4}) (Version: 9.5.1.12 - Nitro)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NP Checker (HKLM-x32\...\{B9F7A849-E093-4BB5-B4F4-44D203FF40C2}) (Version: 2.0.1 - Netpeak)
ON_OFF Charge 2 B13.0910.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0910.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ONES (E) (HKLM-x32\...\ONES(E)) (Version: - )
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera Labs OOPP 12.00 alpha build 1293 (HKLM\...\Opera 12.00.1293) (Version: 12.00.1293 - Opera Software ASA)
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.5.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Stamp Remover 7.1 (HKLM-x32\...\Photo Stamp Remover_is1) (Version: 7.1 - SoftOrbits)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.1 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PRGrep (HKLM-x32\...\PRGrep) (Version: - )
Python 3.4.3 (64-bit) (HKLM\...\{9529565f-e693-3f11-b3bf-8cd545f5f9a0}) (Version: 3.4.3150 - Python Software Foundation)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAR Password Cracker (HKLM-x32\...\RAR Password Cracker) (Version: 4.12 - dnSoft Research Group)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
RoboForm 7-8-8-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-8-8-5 - Siber Systems)
RT 7 Lite (64-Bit) (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\RT 7 Lite x64) (Version: 1.7.0 - Rockers Team)
RT 7 Lite x64 (Version: 1.7.0 - Rockers Team) Hidden
S3 Ripper 2.0 (HKLM-x32\...\{AB3D78B7-8066-465A-82A8-5F3751564457}_is1) (Version: - )
SABnzbd 0.7.17 (HKLM-x32\...\SABnzbd) (Version: 0.7.17 - The SABnzbd Team)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 3.1 - Screaming Frog Ltd)
SeaMonkey 2.33.1 (x86 en-GB) (HKLM-x32\...\SeaMonkey 2.33.1 (x86 en-GB)) (Version: 2.33.1 - Mozilla)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Simple Port Tester (HKLM-x32\...\Simple Port Tester3.0.0) (Version: 3.0.0 - PcWinTech.com)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{49DA615E-97A4-4129-B2E7-4DEDAA862565}) (Version: 4.0.1231.0 - SmartSoft Ltd.)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd)
SopCast 3.9.3 (HKLM-x32\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
Source Preview Handler (HKLM\...\{55D89250-03AA-4AC0-BDB2-0E9255B3ADB3}) (Version: 1.0.4.0 - SmartSoft Ltd.)
SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 CTP2 Database Engine Services (Version: 12.0.1524.0 - Microsoft Corporation) Hidden
SQL Server 2014 CTP2 Database Engine Shared (Version: 12.0.1524.0 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 CTP2 (HKLM-x32\...\{07080044-8AF5-4F06-BFE9-6317E059B76A}) (Version: 12.0.1524.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.0.1524.0 - Microsoft Corporation) Hidden
SRS-Root (HKLM-x32\...\{24EAD272-D05D-4950-BD59-F88AB7B4C8C7}_is1) (Version: - 123Unlock GSM Service)
StarUML (HKLM-x32\...\{3DE0AD5E-FB07-43D5-AC6C-57D121F0EA86}) (Version: 2.0.0 - MKLab)
StarUML (HKLM-x32\...\{D705B3AA-9C6B-4C28-A340-C5F9DA2AA179}) (Version: 2.2.0 - MKLab)
StarUML 5.0.2.1570 (HKLM-x32\...\StarUML_is1) (Version: - Plastic Software, Inc.)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update or Uninstall SENukeX (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\a10c648895c21ba6) (Version: 3.0.0.13 - SENukeX)
Virtual Audio Streaming 4.0 (HKLM-x32\...\{B9FDEDF1-DD77-42BD-B2BD-ABCB30655C73}_is1) (Version: 4.0 - ShiningMorning LLC.)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WampServer 2.2 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WebMoney Agent (HKLM-x32\...\WebMoney Agent) (Version: 3.5 - Softomate)
WebMoney Keeper Classic 3.9.9.1 (HKLM-x32\...\{6D9A7CEE-054A-437D-99EF-DD7C77E001FD}) (Version: 3.9.9.1 - WM Transfer Ltd.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.8.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.4 - The Wireshark developer community, http://www.wireshark.org)
Word Cleaner 5.2.2 (HKLM-x32\...\Word Cleaner 5.2.2_is1) (Version: - )
Xilisoft ISO Maker (HKLM-x32\...\Xilisoft ISO Maker) (Version: 1.0.21.0226 - Xilisoft)
Yandex.Disk (HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\...\YandexDisk) (Version: 1.3.6.4744 - Yandex)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1435235619-3529585821-2833454665-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\sinip\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Yandex)
CustomCLSID: HKU\S-1-5-21-1435235619-3529585821-2833454665-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\sinip\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Yandex)
CustomCLSID: HKU\S-1-5-21-1435235619-3529585821-2833454665-1000_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\sinip\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (Yandex)
CustomCLSID: HKU\S-1-5-21-1435235619-3529585821-2833454665-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\sinip\AppData\Local\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1435235619-3529585821-2833454665-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\sinip\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Yandex)
CustomCLSID: HKU\S-1-5-21-1435235619-3529585821-2833454665-1000_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\sinip\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Yandex)

==================== Restore Points =========================

19-06-2015 11:39:24 Windows Update
19-06-2015 12:02:57 Windows Update
19-06-2015 14:30:54 Checkpoint by HitmanPro

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-06-19 14:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F0A524D-24BF-4422-B349-3A2759584FF3} - System32\Tasks\UnHackMe Task Scheduler => d:\Program Files (x86)\UnHackMe\hackmon.exe
Task: {1F2E060C-6221-45A7-B2A8-B660256208A7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3729EAA6-2FF7-4B6C-9394-2DFAC82230E5} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {540A7CEB-AF29-4C80-A4CC-46CF97545905} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {5BA3A1A5-8005-48AF-A035-BE3BE1DE9A33} - System32\Tasks\G2MUpdateTask-S-1-5-21-1435235619-3529585821-2833454665-1000 => C:\Users\sinip\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D6E17F-7481-4C23-83FB-2966E60E6462} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLJHMLMNMMMMJHMMMCNMJIMNJNMCNLMLJIMPMCNHMJMPMJJCNNJMMKMJMIMMMNJMMIMLMMJLMJNJICMIMCNHMCNHMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMMMJNHICMEKMICNJJCKJNBJCMMIGJBJGJPIJNKJCMJNNICMJNDJCMKJBJ"
Task: {6A6BD4C2-6B86-4F6F-BC29-42533D582CFB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {792C01EA-3AD6-4585-B9CF-063E025C4F2B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {802F4E56-3B39-4150-B394-EC008B3FBC47} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8c914c24d7d3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-21] (Google Inc.)
Task: {8CFE6A5F-7E15-40E1-A697-ED98863D9F0B} - System32\Tasks\AdobeAAMUpdater-1.0-sinip-PC-sinip => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {8D33D1AB-3239-4F60-B62D-C765B48E07F2} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8c914d247141 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-21] (Google Inc.)
Task: {9690C0B9-487C-47C0-B853-6B405729A5A1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {AFB888BE-7D79-4ACD-AF7B-52CA0959E36B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {B035FB9C-ADDD-4E26-A41B-30926965778A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-17] (Adobe Systems Incorporated)
Task: {B25C04E1-0873-42EF-B1B2-CDA64FC47797} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-04-08] ()
Task: {B4BFCAAD-6BB7-47D6-A914-751C17946FDB} - System32\Tasks\G2MUploadTask-S-1-5-21-1435235619-3529585821-2833454665-1000 => C:\Users\sinip\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-16] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DFF0A494-CE22-41FF-AB60-9C0D7E4E70A5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {F4A48BDC-436A-4332-A24C-E9430802D573} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-04-05] (Siber Systems)
Task: {F61FEB66-B1E4-4D3F-A96B-BA7B60436476} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F68E793C-4655-4CB7-9BEF-36D1AFA83AEF} - System32\Tasks\GoogleUpdateTaskMachineUA1cfeb31d4d53c92 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-21] (Google Inc.)
Task: {FD064C1F-7B0B-4CA0-9237-C7A1AAABE878} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2015-03-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1435235619-3529585821-2833454665-1000.job => C:\Users\sinip\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1435235619-3529585821-2833454665-1000.job => C:\Users\sinip\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c914c24d7d3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8c914d247141.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeb31d4d53c92.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-14 15:27 - 2015-04-14 15:27 - 00016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2012-11-06 11:49 - 2010-01-19 04:31 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2014-05-22 14:06 - 2014-05-22 14:06 - 00417800 _____ () D:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2015-04-22 14:08 - 2015-01-12 16:55 - 00223600 _____ () D:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
2015-02-11 16:13 - 2015-02-11 16:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2012-11-06 11:46 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-14 13:50 - 2015-04-14 13:50 - 01243944 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
2009-03-13 03:18 - 2009-03-13 03:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe
2014-01-22 13:53 - 2014-01-22 13:53 - 01607680 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2012-11-27 08:03 - 2012-11-27 08:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\AppCenter\ycc.dll
2014-02-26 23:58 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\STARIWINDOWS:nlsPreferences
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sinip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AceStream => C:\Users\sinip\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Ashampoo WinOptimizer Live-Tuner2 => "D:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe" -TRAY
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Copy => "C:\Users\sinip\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "d:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: EasyTune => C:\Program Files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
MSCONFIG\startupreg: PC Suite Tray => "D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: PreRun => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SyncManPath => "C:\Users\sinip\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart
MSCONFIG\startupreg: Virtual Audio Streaming(Sound Card Switch) => "d:\Program Files (x86)\ShiningMorning\VirtualAudioStreaming\VirtualAudioStreaming.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ACA6C394-DA37-4D55-86FA-27E2A8DAB864}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B1733216-E19C-45BA-9270-D7C794D54CF0}] => (Allow) C:\Program Files\Opera Labs OOPP x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{41E26A7A-58D1-44EC-802A-572A189BE442}] => (Allow) C:\Program Files\Opera Labs OOPP x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{DF8DFA0E-B208-4256-84AF-EC28F3E97AA7}] => (Allow) C:\Program Files\Opera Labs OOPP x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{9C969759-7949-43FF-B2DF-032A1C40DDA5}] => (Allow) C:\Program Files\Opera Labs OOPP x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{CF52E5B6-15B5-4D6B-9B52-658A09B8FB45}] => (Allow) C:\Program Files\Opera Labs OOPP x64\opera.exe
FirewallRules: [{588F8D80-44FE-476E-AB9C-1C435878C317}] => (Allow) C:\Program Files\Opera Labs OOPP x64\opera.exe
FirewallRules: [{97EBDA7B-4CB0-4BA9-96A9-3BDCFAF6AAC7}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{5262F9BE-BD2E-4E6E-A3F5-3C74B3C2EF3E}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{EAE3AFCC-5B04-40C8-ADB2-4E04DCD64DD3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{47709A81-57D1-4DEA-B22E-492BB305225A}] => (Allow) C:\Users\sinip\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E9AFD205-38D6-4097-B721-119F35AFB73B}] => (Allow) C:\Users\sinip\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D57F2708-AAB8-46AF-84A0-FAAAA711ABE2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0E30DC6B-7CB5-47C0-B0A6-4BD18B726E63}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F1F142CB-6289-4CA0-B0E2-3047A5A2ECD0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{437E5A7E-CC87-457C-9F28-AF8219425F57}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{38E13936-5780-4417-B04B-5284685B999F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E337CC30-1D39-4190-A66F-1C8CECB21817}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{347B542A-21ED-4CF7-A50E-35340C552823}] => (Allow) D:\Program Files (x86)\utorrent\uTorrent.exe
FirewallRules: [{C369EED3-A99F-4858-B898-DD67BF84EE8E}] => (Allow) D:\Program Files (x86)\utorrent\uTorrent.exe
FirewallRules: [{B825E54B-AA8F-4E3E-93D2-22BB4F2E7240}] => (Allow) D:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{C907BBF4-4C20-47D7-8FFB-4716B31BB6FC}] => (Allow) D:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{E0656FE1-E002-4343-95BB-C0BD60EB3B2E}] => (Allow) C:\Users\sinip\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{75F7EAED-17DE-4237-BDC9-1E48F19279E0}] => (Allow) C:\Users\sinip\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AEAC7B62-CEE3-438D-A237-CD343C23EB73}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{D011BD70-A79A-4E2D-8210-100FE321BD44}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{31A32930-7416-4307-908B-10BE1B739EA4}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{7DE9AD9B-BA0A-4C61-B401-35BC48F01C2C}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{DDBD54D6-1843-4219-89A8-E0B8177A73ED}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{EEA4B2A3-EE40-4CD0-A45A-384CD9EBA60B}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{78DA1B85-020F-4BA8-9979-FD6069EDAC4B}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{685D5A46-0FD5-4258-A8CE-A21A0E77C73E}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{DAD6843B-AF27-49D4-9CD4-00D9D0241F6E}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{1F26470E-8304-49F2-B9BD-6CFCB924BCC8}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{118A86B5-1BDF-4C0F-8AD3-663A6C05BCE5}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{A7729470-5318-496F-92C7-A492FC889565}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{2109B10B-AB18-467F-9593-5915CE9029FA}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{C623F5F5-1EC2-4CAF-87F5-70DEE4BA300D}] => (Allow) D:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{51950F48-7B22-48CD-AB2F-EDED29655AB3}] => (Allow) D:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{F8AE25DE-D7A4-4854-AE86-F032332DBE57}] => (Allow) D:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{E1FC6555-A649-423D-BC6B-D8D90B92D73F}] => (Allow) D:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{E7B15231-436F-4314-B45D-C52BDBD75DC8}] => (Allow) D:\Program Files\Opera x64\opera.exe
FirewallRules: [{95A59BFC-1A97-4D47-BFEF-9879EBA078BD}] => (Allow) D:\Program Files\Opera x64\opera.exe
FirewallRules: [{A6148D51-FF6E-4C55-B089-28C1D656765A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B1FADAF0-60A4-4D9D-9965-1E9029F4D0E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{174F6557-B9D6-464D-8ED8-A12C0DF4C769}] => (Allow) C:\Users\sinip\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [{DD4789B0-7715-4390-8F22-2EFED22C946B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2015 11:11:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "1.0" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/18/2015 11:11:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.

Error: (06/18/2015 11:10:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/18/2015 02:09:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/18/2015 02:09:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (06/17/2015 02:43:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "1.0" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/17/2015 02:43:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.

Error: (06/17/2015 02:42:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2015 04:35:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "1.0" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/16/2015 04:34:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.


System errors:
=============
Error: (06/19/2015 02:46:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PzWDM

Error: (06/19/2015 02:46:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\PzWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/19/2015 02:45:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (06/19/2015 02:45:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (06/19/2015 02:45:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (06/19/2015 02:44:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2015 02:44:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2015 02:41:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2015 02:18:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/19/2015 02:18:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (06/18/2015 11:11:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1.0D:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\CopyDatabaseWizard.exeD:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\CopyDatabaseWizard.exe8

Error: (06/18/2015 11:11:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestd:\program files\CCleaner\CCleaner.exe

Error: (06/18/2015 11:10:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe

Error: (06/18/2015 02:09:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000

Error: (06/18/2015 02:09:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000

Error: (06/17/2015 02:43:23 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1.0D:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\CopyDatabaseWizard.exeD:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\CopyDatabaseWizard.exe8

Error: (06/17/2015 02:43:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestd:\program files\CCleaner\CCleaner.exe

Error: (06/17/2015 02:42:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"D:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe

Error: (06/16/2015 04:35:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1.0D:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\CopyDatabaseWizard.exeD:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\CopyDatabaseWizard.exe8

Error: (06/16/2015 04:34:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestd:\program files\CCleaner\CCleaner.exe


CodeIntegrity Errors:
===================================
Date: 2015-03-04 15:25:34.103
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-04 15:25:34.002
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-04 15:25:33.855
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-04 15:25:33.754
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-29 21:38:55.006
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-29 21:38:54.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-29 21:38:52.701
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-29 21:38:52.634
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-29 21:38:50.394
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-29 21:38:50.326
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 49%
Total physical RAM: 3982.2 MB
Available physical RAM: 2002.74 MB
Total Pagefile: 7962.59 MB
Available Pagefile: 5937.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows 7 - DISK 1) (Fixed) (Total:190.49 GB) (Free:58.31 GB) NTFS
Drive d: (Windows 7 - DISK 2) (Fixed) (Total:275.26 GB) (Free:108.26 GB) NTFS
Drive e: (PODACI) (Fixed) (Total:2794.39 GB) (Free:232.72 GB) NTFS
Drive h: (KINGSTON) (Removable) (Total:7.46 GB) (Free:2.98 GB) NTFS
Drive v: (Windows XP) (Fixed) (Total:223.97 GB) (Free:185.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07E407E3)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1004 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=30.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 3E3D6F86)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 4BE62107)
Partition 1: (Active) - (Size=190.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=275.3 GB) - (Type=OF Extended)

========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 09879216)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 21 June 2015 - 06:11 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:20 AM

Posted 21 June 2015 - 06:41 PM

Greetings sinip and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

Are you familiar with MultiBit and did you install it on your computer?

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [1MediaIconsOverlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
Toolbar: HKLM-x32 - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
S3 ChipsBankSpeedUp; cmd /c start  "" "C:\Windows\system32\drivers\USBSpeedUp.exe"  install ChipsBank [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 DfSdkS; No ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 SliceDisk5; \??\C:\Users\sinip\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
Folder: C:\Users\sinip\AppData\Roaming\newSI_651
cmd: copy C:\Windows\Minidump\061915-24117-01.dmp C:\Users\sinip\Desktop
cmd: copy C:\Windows\Minidump\061915-25225-01.dmp C:\Users\sinip\Desktop
cmd: copy C:\Windows\Minidump\061915-28314-01.dmp C:\Users\sinip\Desktop
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • 3 .dmp files will be placed on your desktop. Please zip and attach the files to your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached zip files
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 sinip

sinip
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 21 June 2015 - 07:28 PM

Hello and thanks for responding to my thread. :)

So, lets go.

My firstname is "Siniša" or "Синиша" if you can handle Cyrillic.

 

Regarding Multibit, yes I've installed it, it is my BitCoin wallet.

 

Regarding Microtorrent, it is agreed, I won't use it during this procedure. I'd just like to mention that I'm with PC since 1986 (PC XT 8088 with two 5.25" floppies and no hard drive) so by now I was able to take pretty good care of my machine(s). But it looks like there's first time for everything. :)

Just for the record, I don't have "Windows keys" on my keyboard (ancient IBM PS/2 "click" keyboard) but I know what you meant.

 

Here's fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by sinip at 2015-06-22 02:12:51 Run:1
Running from C:\Users\sinip\Desktop
Loaded Profiles: sinip (Available Profiles: sinip & MSSQL$SQLEXPRESS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [1MediaIconsOverlay] -> {1EC23CFF-4C58-458f-924C-8519AEF61B32} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
Toolbar: HKLM-x32 - No Name - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  No File
S3 ChipsBankSpeedUp; cmd /c start  "" "C:\Windows\system32\drivers\USBSpeedUp.exe"  install ChipsBank [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 DfSdkS; No ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 SliceDisk5; \??\C:\Users\sinip\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
Folder: C:\Users\sinip\AppData\Roaming\newSI_651
cmd: copy C:\Windows\Minidump\061915-24117-01.dmp C:\Users\sinip\Desktop
cmd: copy C:\Windows\Minidump\061915-25225-01.dmp C:\Users\sinip\Desktop
cmd: copy C:\Windows\Minidump\061915-28314-01.dmp C:\Users\sinip\Desktop
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaIconsOverlay" => key removed successfully
HKCR\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1435235619-3529585821-2833454665-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => value removed successfully
HKCR\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => value removed successfully
HKCR\Wow6432Node\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => key not found.
ChipsBankSpeedUp => Service removed successfully
catchme => Service removed successfully
DfSdkS => Service removed successfully
Partizan => Service not found.
SliceDisk5 => Service removed successfully
Synth3dVsc => Service removed successfully
tsusbhub => Service removed successfully
VGPU => Service removed successfully
C:\Windows\win.ini => ":s1" ADS removed successfully.
C:\ProgramData\TEMP => ":41ADDB8A" ADS removed successfully.
C:\ProgramData\TEMP => ":5F64C164" ADS removed successfully.
C:\ProgramData\TEMP => ":A064CECC" ADS removed successfully.

========================= Folder: C:\Users\sinip\AppData\Roaming\newSI_651 ========================

2015-05-10 15:46 - 2015-05-10 15:46 - 0000104 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\cp.bat
2015-05-10 15:46 - 2015-04-18 19:31 - 0000644 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\main.ini
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero
2015-05-10 15:46 - 2015-04-21 16:36 - 0003329 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\config.json
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop
2015-05-10 15:46 - 2015-04-16 16:02 - 0000135 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\background.html
2015-05-10 15:46 - 2015-04-16 16:02 - 0022842 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\background.js
2015-05-10 15:46 - 2015-04-16 16:02 - 0000260 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\bg.js
2015-05-10 15:46 - 2015-04-16 16:02 - 0001741 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\content.js
2015-05-10 15:46 - 2015-04-16 16:02 - 0012817 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\content_script.js
2015-05-10 15:46 - 2015-04-16 16:02 - 0000778 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\download-icon.png
2015-05-10 15:46 - 2015-04-16 16:02 - 0084249 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\jquery-2.1.1.min.js
2015-05-10 15:46 - 2015-04-21 16:33 - 0001498 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\manifest.json
2015-05-10 15:46 - 2015-04-16 16:02 - 0001689 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\options.html
2015-05-10 15:46 - 2015-04-16 16:02 - 0001092 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\options.js
2015-05-10 15:46 - 2015-04-16 16:02 - 0005309 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\ping.js
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_locales
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_locales\en
2015-05-10 15:46 - 2015-04-21 16:33 - 0000103 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_locales\en\messages.json
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_locales\ru
2015-05-10 15:46 - 2015-04-21 16:33 - 0000103 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_locales\ru\messages.json
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_metadata
2015-05-10 15:46 - 2015-04-21 16:33 - 0002457 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_metadata\computed_hashes.json
2015-05-10 15:46 - 2015-04-16 16:15 - 0003401 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\_metadata\verified_contents.json
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\img
2015-05-10 15:46 - 2015-04-21 16:33 - 0000788 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\img\favicon.png
2015-05-10 15:46 - 2015-04-21 16:33 - 0013000 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\img\icon128.png
2015-05-10 15:46 - 2015-04-21 16:33 - 0001968 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\img\icon32.png
2015-05-10 15:46 - 2015-04-21 16:33 - 0003487 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\chrome\taloszero\hjacbidbigepkemmhlegcmgimnlgdcop\img\icon48.png
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net
2015-05-10 15:46 - 2015-04-21 16:37 - 0000514 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome.manifest
2015-05-10 15:46 - 2015-04-21 16:37 - 0002427 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\install.rdf
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content
2015-05-10 15:46 - 2015-04-21 16:37 - 0022886 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\background.js
2015-05-10 15:46 - 2015-04-21 16:37 - 0000260 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\bg.js
2015-05-10 15:46 - 2015-04-21 16:37 - 0001741 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\content.js
2015-05-10 15:46 - 2015-04-21 16:37 - 0012825 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\content_script.js
2015-05-10 15:46 - 2015-04-21 16:37 - 0000778 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\download-icon.png
2015-05-10 15:46 - 2015-04-21 16:37 - 0000720 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\ff-overlay.xul
2015-05-10 15:46 - 2015-04-21 16:37 - 0084249 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\jquery-2.1.1.min.js
2015-05-10 15:46 - 2015-04-21 16:37 - 0000756 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\options.xul
2015-05-10 15:46 - 2015-04-21 16:37 - 0005309 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\content\ping.js
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\locale
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\locale\en-US
2015-05-10 15:46 - 2015-04-21 16:37 - 0000552 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\locale\en-US\overlay.dtd
2015-05-10 15:46 - 2015-04-21 16:37 - 0000135 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\locale\en-US\overlay.properties
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\skin
2015-05-10 15:46 - 2015-04-21 16:37 - 0003779 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\skin\icon.png
2015-05-10 15:46 - 2015-04-21 16:37 - 0005479 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\skin\icon64.png
2015-05-10 15:46 - 2015-04-21 16:37 - 0000585 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\chrome\skin\overlay.css
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\defaults
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\defaults\preferences
2015-05-10 15:46 - 2015-04-21 16:37 - 0000223 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\moz\taloszero\avdown12_loader@av-down-12.net\defaults\preferences\prefs.js
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero
2015-05-10 15:46 - 2015-04-21 16:41 - 0068971 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\avdownsite12_opera.oex
2015-05-10 15:46 - 2014-06-06 18:28 - 0000000 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\opera.white.txt
2015-05-10 15:46 - 2015-04-21 16:42 - 0000357 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\opera_wuid.txt
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60
2015-05-10 15:46 - 2015-04-21 16:41 - 0000013 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\cookies4.dat
2015-05-10 15:46 - 2015-04-21 16:41 - 0000503 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\prefs.dat
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\cache
2015-05-10 15:46 - 2015-04-21 16:41 - 0000000 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\cache\activity.opr
2015-05-10 15:46 - 2015-04-21 16:41 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\cache\g_0000
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\pstorage
2015-05-10 15:46 - 2015-04-21 16:41 - 0000391 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\pstorage\psindex.dat
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\pstorage\00
2015-05-10 15:46 - 2015-05-10 15:46 - 0000000 ____D () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\pstorage\00\08
2015-05-10 15:46 - 2015-04-21 16:41 - 0179977 _____ () C:\Users\sinip\AppData\Roaming\newSI_651\oldopera\taloszero\wuid-8d46f68a-7889-f84a-8dd3-f37ea6d10d60\pstorage\00\08\00000000

====== End of Folder: ======


=========  copy C:\Windows\Minidump\061915-24117-01.dmp C:\Users\sinip\Desktop =========

        1 file(s) copied.

========= End of CMD: =========


=========  copy C:\Windows\Minidump\061915-25225-01.dmp C:\Users\sinip\Desktop =========

        1 file(s) copied.

========= End of CMD: =========


=========  copy C:\Windows\Minidump\061915-28314-01.dmp C:\Users\sinip\Desktop =========

        1 file(s) copied.

========= End of CMD: =========


==== End of Fixlog 02:12:56 ====

 

And the rest is attached.

Best regards!

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:20 AM

Posted 22 June 2015 - 08:17 AM

Greetings Cyrillic,

There are several things going on. There are 2 errors being reported in the Minidump files. One is associated with ESET and unfortunately the second is a fatal hardware error.

Let's try to address software related issues then we will go from there.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
ESET Smart Security 8.0
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
  • Reinstall ESET Smart Security 8.0
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Folder: C:\Users\sinip\Phone Browser
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did ESET uninstall and reinstall properly?
  • RogueKiller log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 sinip

sinip
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 June 2015 - 08:58 AM

Unfortunatelly, ESET Smart Security 8 or anything similar is NOT listed in Revo's uninstall window. Should I uninstall it the usual way?



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:20 AM

Posted 22 June 2015 - 10:09 AM

Yes that would be fine. Revo tends to be more thorough but the normal way should work too.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 sinip

sinip
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 June 2015 - 11:13 AM

Ok, so I've uninstalled ESET using its own uninstall program, then restarted, then run CCleaner's Registry Cleaner that has removed several ESET related entries (if you want I can paste those in the next post since I've saved them), then restarted again, then installed ESET again, no problems whatsoever. And no complaints about that infection either. :)
 

Here's RogueKiller log:

 

RogueKiller V10.8.6.0 [Jun 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sinip [Administrator]
Started from : C:\Users\sinip\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/22/2015  18:07:41

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_V_3514\ControlSet001\Services\catchme (\??\C:\DOCUME~1\Korisnik\LOCALS~1\Temp\catchme.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_V_3514\ControlSet002\Services\catchme (\??\C:\DOCUME~1\Korisnik\LOCALS~1\Temp\catchme.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\RK_Korisnik_ON_V_DA18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\RK_Korisnik_ON_V_DA18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 [-][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 [-][X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 [-][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F2A9BDA-A8B9-4A9D-9E35-6DA7B00B7190} | DhcpNameServer : 192.168.1.1 0.0.0.0 [-][X]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4F2A9BDA-A8B9-4A9D-9E35-6DA7B00B7190} | DhcpNameServer : 192.168.1.1 0.0.0.0 [-][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4F2A9BDA-A8B9-4A9D-9E35-6DA7B00B7190} | DhcpNameServer : 192.168.1.1 0.0.0.0 [-][(Private Address) (XX)]  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 84c836dfb09ed247a38849c018428f14
[BSP] 70b7817a3bdacdfca01082187f142a50 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229349 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 469708470 | Size: 1004 MB [Unknown Bootstrap | Unknown Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471764790 | Size: 60000 MB [Unknown Bootstrap | Unknown Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 594645975 | Size: 31604 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3000DM001-1E6166 ATA Device +++++
--- User ---
[MBR] d1f1c90acb28681e8e9f1cc8d3f10c1a
[BSP] 7151edfc1f1b6685c25fc4594c3d4cd1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST3500418AS ATA Device +++++
--- User ---
[MBR] 0d743305d9151f1d8a189f99ea04936f
[BSP] 49b2d63fa1a5c92beadfdf9f48e8638d : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 195062 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 399504413 | Size: 281867 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06192015_183751.log - RKreport_DEL_06192015_184002.log

 

Here's Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by sinip at 2015-06-22 18:10:43 Run:2
Running from C:\Users\sinip\Desktop
Loaded Profiles: sinip (Available Profiles: sinip & MSSQL$SQLEXPRESS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Folder: C:\Users\sinip\Phone Browser
*****************


========================= Folder: C:\Users\sinip\Phone Browser ========================


====== End of Folder: ======


==== End of Fixlog 18:10:43 ====

 

 

Best regards!


Edited by sinip, 22 June 2015 - 11:16 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:20 AM

Posted 22 June 2015 - 11:48 AM

Great, please do this.

===================================================

Event Viewer Hardware Events

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Left click on Applications and Services Logs to expand the category
  • Left click on Hardware Events
  • On the right side under Actions click Save All Events As...
  • Save the file to your Desktop as Hardware
  • Attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached Event Viewer log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 sinip

sinip
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 June 2015 - 11:57 AM

Tried to attach it but got this message:

 

 

Hardware.evtx

You aren't permitted to upload this kind of file

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:20 AM

Posted 22 June 2015 - 12:05 PM

Please upload it here. I will be notified when it arrives.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 sinip

sinip
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 June 2015 - 12:07 PM

Done.



#12 sinip

sinip
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 June 2015 - 01:06 PM

BTW, it just occured to me that you might be seeing this as hardware problem:

 

 

[BSP] 70b7817a3bdacdfca01082187f142a50 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229349 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 469708470 | Size: 1004 MB [Unknown Bootstrap | Unknown Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471764790 | Size: 60000 MB [Unknown Bootstrap | Unknown Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 594645975 | Size: 31604 MB [Unknown Bootstrap | Unknown Bootloader]

 

If it is so, just ignore it. Those are OS/2 HPFS (not NTFS) partitions.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:20 AM

Posted 22 June 2015 - 01:18 PM

Thanks but that is not it.

Did you get and read my Personal Message to you?

Here is the report that indicates both ESET and a hardware error:
 

Microsoft ® Windows Debugger Version 6.3.9600.17298 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Deb\Desktop\dump\061915-24117-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18798.amd64fre.win7sp1_gdr.150316-1654
Machine Name:
Kernel base = 0xfffff800`03204000 PsLoadedModuleList = 0xfffff800`03449890
Debug session time: Fri Jun 19 01:23:57.695 2015 (UTC - 8:00)
System Uptime: 0 days 0:02:48.710
Loading Kernel Symbols
...............................................................
................................................................
..............................................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 124, {0, fffffa8004db2028, bf800000, 200001}

Probably caused by : GenuineIntel

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred.
Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa8004db2028, Address of the WHEA_ERROR_RECORD structure.
Arg3: 00000000bf800000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000000200001, Low order 32-bits of the MCi_STATUS value.

Debugging Details:
------------------


BUGCHECK_STR: 0x124_GenuineIntel

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT

PROCESS_NAME: ekrn.exe

CURRENT_IRQL: f

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

STACK_TEXT:
fffff800`00ba6a98 fffff800`037fea3b : 00000000`00000124 00000000`00000000 fffffa80`04db2028 00000000`bf800000 : nt!KeBugCheckEx
fffff800`00ba6aa0 fffff800`033909a3 : 00000000`00000001 fffffa80`04cb7010 00000000`00000000 fffffa80`04cb7060 : hal!HalBugCheckSystem+0x1e3
fffff800`00ba6ae0 fffff800`037fe700 : 00000000`00000728 fffffa80`04cb7010 fffff800`00ba6e70 fffff800`00ba6e00 : nt!WheaReportHwError+0x263
fffff800`00ba6b40 fffff800`037fe052 : fffffa80`04cb7010 fffff800`00ba6e70 fffffa80`04cb7010 00000000`00000000 : hal!HalpMcaReportError+0x4c
fffff800`00ba6c90 fffff800`037fdf0d : 00000000`00000004 00000000`00000001 fffff800`00ba6ef0 00000000`00000000 : hal!HalpMceHandler+0x9e
fffff800`00ba6cd0 fffff800`037f1e88 : 00000000`00000002 00000000`00001000 00000000`00000000 00000000`00000000 : hal!HalpMceHandlerWithRendezvous+0x55
fffff800`00ba6d00 fffff800`0327532c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hal!HalHandleMcheck+0x40
fffff800`00ba6d30 fffff800`03275193 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxMcheckAbort+0x6c
fffff800`00ba6e70 fffff800`0326d4f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiMcheckAbort+0x153
fffff880`05f00638 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!memcpy+0xb4


STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: GenuineIntel

IMAGE_NAME: GenuineIntel

DEBUG_FLR_IMAGE_TIMESTAMP: 0

IMAGE_VERSION:

FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE

BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:x64_0x124_genuineintel_processor_mae

FAILURE_ID_HASH: {addebe90-d04a-b9c9-a39c-2531fe75dd4e}

Followup: MachineOwner
---------


Edited by Oh My!, 22 June 2015 - 01:19 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 sinip

sinip
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 22 June 2015 - 01:40 PM

Well I've seen it now, I got so used of getting a pop-up when I have PM so I didn't even look. :notanangel:

 

Regarding that hardware error, just done quick Google query, and it might be a hard nut to crack. This is now almost 3 years old PC so I might as well check PSU first.


Edited by sinip, 22 June 2015 - 01:40 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:20 AM

Posted 22 June 2015 - 02:58 PM

What I am really interested is if your experience any more Blue Screens.

I would like to run an additional 2 programs. Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users