Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware blocks my anti-virus system


  • This topic is locked This topic is locked
10 replies to this topic

#1 power_kem

power_kem

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 20 June 2015 - 03:07 PM

My anti-virus system detected malware in my computer. But malware blocks it. Anti-virus shortcut just disappeared and when i try to run it i get 0x80073b01 error. I tried some malware deleting programms but i still get this error. Please help me! Here's my FRST scan results:  can't load it for some reason :/

Edit: Merged FRST log post with original post for help.~ Animal

BC AdBot (Login to Remove)

 


#2 power_kem

power_kem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 22 June 2015 - 02:13 AM

My anti-virus system detected malware in my computer. But malware blocks it. Anti-virus shortcut just disappeared and when i try to run it i get 0x80073b01 error. I tried some malware deleting programms but i still get this error. Please help me! Here's my FRST scan results:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by ignas (administrator) on GVAZDIKAI on 21-06-2015 22:09:12
Running from C:\Users\ignas\Desktop\da
Loaded Profiles: ignas (Available Profiles: rasa & ignas & simas)
Platform: Windows 8.1 (X64) OS Language: Lietuvių (Lietuva)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SecureSoft) C:\Windows\mlwps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Alfasistem Memory\privoxy.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Users\ignas\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
() C:\Windows\System32\cpuminer-gw64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Valve Corporation) C:\Users\ignas\Desktop\steam\Steam.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\ignas\AppData\Roaming\InetStat\inetstat.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Curse) C:\Users\ignas\AppData\Roaming\Curse Client\Bin\CurseClientUpdater.exe
(Valve Corporation) C:\Users\ignas\Desktop\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-04] (NVIDIA Corporation)
HKLM\...\Run: [cpuminer] => C:\WINDOWS\system32\cpuminer-gw64.exe [1346048 2015-05-22] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-07-03] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-29] (Electronic Arts)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [LightShot] => C:\Users\ignas\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [Steam] => C:\Users\ignas\Desktop\steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1531904 2015-02-25] (Informer Technologies, Inc.)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [InetStat] => C:\Users\ignas\AppData\Roaming\InetStat\inetstat.exe [840206 2015-06-13] ()
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\MountPoints2: {63fba6c2-f8cb-11e4-bf61-dc85de404758} - "G:\LG_PC_Programs.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\MountPoints2: {b3fbaa54-0dfe-11e5-bf67-dc85de404758} - "G:\AutoRun.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\MountPoints2: {c8f4b3e1-e2a8-11e3-bf09-dc85de404758} - "F:\vs_ultimate.exe" 
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-03-20]
ShortcutTarget: Curse.lnk -> C:\Users\ignas\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://gosearch.me/?u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=hp&inst=1434089835
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=srch&inst=1434089835
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=srch&inst=1434089835
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=srch&inst=1434089835
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> 0D1C02392284B6DC37ADC1E91AE543E7 URL = http://searchou.com/?q={searchTerms}&id=5ca89ca1000000000000dc85de404758&r=921
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=srch&inst=1434089835
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {8B65053B-FEFF-4330-B1A7-EFFD9F2C6808} URL = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {DFF921EF-1A8E-4868-9400-223416576B58} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: PriceMiNaUs -> {54106B4F-0B5C-4EDB-9849-4D92676802CF} -> C:\Program Files (x86)\PriceMiNaUs\anz2O5P5BO8fRQ.x64.dll [2015-06-21] ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: PriceMiNaUs -> {54106B4F-0B5C-4EDB-9849-4D92676802CF} -> C:\Program Files (x86)\PriceMiNaUs\anz2O5P5BO8fRQ.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Alfasistem Memory\ssie.dll [2015-06-12] (SecureSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-646931945-2771639376-1147865730-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ignas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\user.js [2015-06-14]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\bingp.xml [2015-03-17]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\BrowserDefender.xml [2013-05-30]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\dsrlte.xml [2014-09-17]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\privitize.xml [2013-04-13]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\WebSearch.xml [2015-04-14]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yandex.ru-154900.xml [2014-05-28]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yqs-barff-yandex.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-06-12]
FF Extension: SaveNewaAppZ - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\0@qYrGWj.net [2015-04-14]
FF Extension: DownSaVe - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\0hg@QGVP.com [2015-06-12]
FF Extension: SavePass 1.1 - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [2015-06-16]
FF Extension: uniisaleus - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\adOjs@LXnT5v.net [2015-04-14]
FF Extension: DiggICoupuon - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\bRP@YNOJkd.org [2015-04-14]
FF Extension: checkcompatibilitydactylgooglecodecom - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\check-compatibility@dactyl.googlecode.com [2014-09-08]
FF Extension: GrreatSavee4U - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\e@91Z1E8.net [2015-04-14]
FF Extension: PurriceMinnus - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\EC@s.edu [2015-06-12]
FF Extension: SaveurExtenesiion - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\gBQ@P.edu [2015-04-14]
FF Extension: FuinDDealiso - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\i@AVv.org [2015-06-12]
FF Extension: MInimumPirice - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\OJ0@r3JbgAs.net [2015-04-14]
FF Extension: SearchNewTab - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\ouoaaea@lqgro-.co.uk [2013-10-05]
FF Extension: DownSoaave - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\Ro@7IJi.net [2015-06-12]
FF Extension: PPrIcEMinusu - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\Vwi@c.net [2015-06-12]
FF Extension: savEnsshareu  - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\y2kil24@axygn-qer.org [2013-10-05]
FF Extension: DeownSoavE - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\Y@ogJ.net [2015-04-14]
FF Extension: youtubeadblocker - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\ZZiimY@9.org [2015-04-14]
FF Extension: 89506680e3f4484ca2c0ed711d481eda - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2014-09-08]
FF Extension: Torntv 2 - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\torntv2@torntv.com.xpi [2013-04-13]
FF Extension: . - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi [2014-01-09]
FF Extension: eye perform 1.0.1 - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi [2015-06-14]
FF Extension: Shopping Suggestion - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi [2013-12-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\1abc5dfe9f40e1defcc32404fdfd024b [2015-06-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-13]
CHR Extension: (Google Search) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-13]
CHR Extension: (Gmail) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-13]
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-04-17] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-04] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-16] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Live Malware Protection; C:\WINDOWS\mlwps.exe [242688 2015-06-12] (SecureSoft) [File not signed] <==== ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-05-09] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-05-09] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [226680 2015-06-21] ()
R2 PrivoxyService; C:\Program Files (x86)\Alfasistem Memory\privoxy.exe [371200 2015-06-12] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-24] (Disc Soft Ltd)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-06-21] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-05-28] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-21 22:11 - 2015-06-21 22:11 - 00000000 _____ C:\Users\ignas\Desktop\linkai.txt
2015-06-21 22:06 - 2015-06-21 22:06 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-06-21 21:35 - 2015-06-21 21:37 - 00085417 _____ C:\Users\ignas\Desktop\Addition 2.txt
2015-06-21 21:24 - 2015-06-21 22:03 - 00000000 ____D C:\Program Files (x86)\PriceMiNaUs
2015-06-21 21:23 - 2015-06-21 21:23 - 00000000 ____D C:\ProgramData\kicgomiipjkokogngplfpjnmokoeeknk
2015-06-21 21:23 - 2015-06-21 21:23 - 00000000 ____D C:\ProgramData\{3cb34948-9351-5aac-3cb3-349489352522}
2015-06-20 23:13 - 2015-06-20 23:13 - 00000275 _____ C:\Users\ignas\Desktop\Naujas tekstinis dokumentas.txt
2015-06-20 22:50 - 2015-06-20 22:51 - 00086676 _____ C:\Users\ignas\Desktop\Addition.txt
2015-06-20 22:21 - 2015-06-21 22:09 - 00000000 ____D C:\Users\ignas\Desktop\da
2015-06-20 22:18 - 2015-06-21 21:37 - 00075417 _____ C:\Users\ignas\Desktop\FRST 2.txt
2015-06-20 22:18 - 2015-06-20 22:51 - 00077965 _____ C:\Users\ignas\Desktop\FRST.txt
2015-06-20 22:14 - 2015-06-21 22:10 - 00000000 ____D C:\FRST
2015-06-17 17:03 - 2015-06-17 17:03 - 00001124 _____ C:\Users\Public\Desktop\Registry Recycler.lnk
2015-06-17 17:01 - 2015-06-17 17:01 - 01285128 _____ (Developer Tribe (Pvt) Ltd. ) C:\Users\ignas\Downloads\setup_rr.exe
2015-06-16 14:05 - 2015-06-21 22:04 - 00003376 _____ C:\WINDOWS\system32\.crusader
2015-06-16 13:36 - 2015-06-21 22:06 - 00003140 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-1-7.job
2015-06-16 13:36 - 2015-06-21 22:06 - 00003140 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-1-6.job
2015-06-16 13:36 - 2015-06-21 22:06 - 00002448 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-5_user.job
2015-06-16 13:36 - 2015-06-21 22:06 - 00002448 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-5.job
2015-06-16 13:36 - 2015-06-16 13:36 - 00006144 _____ C:\WINDOWS\System32\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-1-7
2015-06-16 13:36 - 2015-06-16 13:36 - 00006144 _____ C:\WINDOWS\System32\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-1-6
2015-06-16 13:36 - 2015-06-16 13:36 - 00005452 _____ C:\WINDOWS\System32\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-5
2015-06-16 13:35 - 2015-06-21 22:06 - 00005520 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-6.job
2015-06-16 13:35 - 2015-06-21 22:06 - 00005184 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-7.job
2015-06-16 13:35 - 2015-06-21 22:06 - 00004842 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-11.job
2015-06-16 13:35 - 2015-06-21 22:06 - 00004160 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-4.job
2015-06-16 13:35 - 2015-06-21 22:06 - 00004160 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-3.job
2015-06-16 13:35 - 2015-06-16 14:05 - 00000000 ____D C:\Program Files (x86)\47bbcf62-fc4b-4866-8b74-3617394904bb
2015-06-16 13:35 - 2015-06-16 13:35 - 00008524 _____ C:\WINDOWS\System32\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-6
2015-06-16 13:35 - 2015-06-16 13:35 - 00008188 _____ C:\WINDOWS\System32\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-7
2015-06-16 13:35 - 2015-06-16 13:35 - 00007846 _____ C:\WINDOWS\System32\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-11
2015-06-16 13:35 - 2015-06-16 13:35 - 00007164 _____ C:\WINDOWS\System32\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-3
2015-06-16 13:34 - 2015-06-21 22:06 - 00002114 _____ C:\WINDOWS\Tasks\d980ca88-d29a-4f69-991c-e1e2ac7932f7-10_user.job
2015-06-16 13:31 - 2015-06-16 14:04 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-16 13:31 - 2015-06-16 13:31 - 00001907 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-16 13:31 - 2015-06-16 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-16 13:31 - 2015-06-16 13:31 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-16 13:30 - 2015-06-16 13:30 - 11024496 _____ (SurfRight B.V.) C:\Users\ignas\Downloads\HitmanPro_x64.exe
2015-06-16 13:22 - 2015-06-16 13:22 - 05155328 _____ C:\Users\ignas\Downloads\WindowsDefender (1).msi
2015-06-16 13:21 - 2015-06-16 13:21 - 05154304 _____ C:\Users\ignas\Downloads\windowsdefender.msi
2015-06-16 13:00 - 2015-06-16 13:00 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-06-16 13:00 - 2015-06-16 13:00 - 00000000 ____D C:\WINDOWS\system32\NV
2015-06-16 12:54 - 2015-05-28 10:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-16 12:54 - 2015-05-28 10:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-06-16 12:54 - 2015-05-28 10:04 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 00031560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-06-16 12:50 - 2015-06-16 12:56 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-16 12:50 - 2015-06-16 12:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-16 12:50 - 2015-05-19 06:29 - 00046768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-16 12:50 - 2015-05-19 06:14 - 00057520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-16 12:11 - 2015-06-16 12:11 - 01640768 _____ C:\Users\ignas\Downloads\battlelog-web-plugins_2.7.1_162.exe
2015-06-16 09:20 - 2015-06-16 09:20 - 00003628 _____ C:\WINDOWS\System32\Tasks\Safesoft Defender Job
2015-06-16 09:20 - 2015-06-16 09:20 - 00000000 ____D C:\Program Files (x86)\Safesoft Defender
2015-06-15 17:37 - 2015-06-21 15:39 - 00000024 _____ C:\Users\ignas\AppData\Roaming\appdataFr25.bin
2015-06-14 20:58 - 2015-06-14 20:58 - 00003116 _____ C:\WINDOWS\System32\Tasks\{1B20F60F-98B5-4F28-BD51-826E99575A1D}
2015-06-13 11:40 - 2015-06-13 11:40 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2015-06-13 11:40 - 2015-06-13 11:40 - 00000000 ____D C:\Users\ignas\AppData\Roaming\InetStat
2015-06-13 11:37 - 2015-06-16 09:17 - 00070144 _____ C:\WINDOWS\SysWOW64\tasks.dll
2015-06-12 21:45 - 2015-06-12 22:17 - 00000000 ____D C:\Users\ignas\Desktop\dainos
2015-06-12 09:18 - 2015-06-16 11:38 - 00003276 _____ C:\WINDOWS\System32\Tasks\Alfasistem Memory Job
2015-06-12 09:09 - 2015-06-16 20:36 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Updater
2015-06-12 09:09 - 2015-06-16 14:05 - 00000000 ____D C:\Program Files (x86)\Alfasistem Memory
2015-06-12 09:09 - 2015-06-12 09:09 - 00242688 _____ (SecureSoft) C:\WINDOWS\mlwps.exe
2015-06-12 09:05 - 2015-06-12 09:05 - 00000000 ____D C:\ProgramData\kiadigonfhgkcdnnlikjljndohefnnof
2015-06-11 22:15 - 2015-06-11 22:15 - 00000000 ____D C:\Users\ignas\AppData\Roaming\AVG
2015-06-11 22:15 - 2015-06-11 22:15 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-11 22:14 - 2015-06-11 22:14 - 00000000 ____D C:\Users\ignas\AppData\Local\Avg
2015-06-11 22:13 - 2015-06-11 22:16 - 00000000 ____D C:\ProgramData\AVG
2015-06-11 22:13 - 2015-06-11 22:13 - 00001099 _____ C:\Users\ignas\Desktop\Cheat Engine.lnk
2015-06-11 22:13 - 2015-06-11 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-06-11 22:13 - 2015-06-11 22:13 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-06-11 22:11 - 2015-06-11 22:11 - 09056456 _____ (Cheat Engine ) C:\Users\ignas\Downloads\CheatEngine64.exe
2015-06-11 19:35 - 2015-06-11 19:35 - 00000000 ____D C:\Users\ignas\Desktop\HuniePop_64bit_Windows
2015-06-11 17:16 - 2015-06-11 17:17 - 33261990 _____ C:\Users\ignas\Desktop\MeatyLockAgrarianSkies2Episode10.zip
2015-06-10 09:31 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 09:31 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 09:31 - 2015-05-25 16:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 09:31 - 2015-05-25 16:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 09:31 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 09:31 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 09:31 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 09:31 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 09:31 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 09:31 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 09:31 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 09:31 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 09:31 - 2015-05-23 05:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 09:31 - 2015-05-23 05:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 09:31 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 09:31 - 2015-05-23 05:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 09:31 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 09:31 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 09:31 - 2015-05-23 05:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 09:31 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 09:31 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 09:31 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 09:31 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 09:31 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 09:31 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 09:31 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 09:31 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 09:31 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 09:31 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 09:31 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 09:31 - 2015-05-22 21:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 09:31 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 09:31 - 2015-05-22 21:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 09:31 - 2015-05-22 21:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 09:31 - 2015-05-22 21:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 09:31 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 09:31 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 09:31 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 09:31 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 09:31 - 2015-05-22 20:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 09:31 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 09:31 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 09:31 - 2015-05-21 19:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 09:31 - 2015-04-25 05:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 09:31 - 2015-04-25 05:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 09:31 - 2015-04-16 09:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 09:31 - 2015-04-14 01:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 09:31 - 2015-04-14 01:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 09:31 - 2015-04-10 03:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 09:31 - 2015-04-10 03:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 09:31 - 2015-04-09 01:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 09:31 - 2015-04-02 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 09:31 - 2015-04-02 01:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 09:31 - 2015-04-01 07:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 09:31 - 2015-04-01 07:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 09:31 - 2015-04-01 07:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 09:31 - 2015-04-01 07:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 09:31 - 2015-04-01 06:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 09:31 - 2015-04-01 06:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 09:31 - 2015-04-01 06:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 09:31 - 2015-04-01 05:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 09:31 - 2015-04-01 05:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 09:31 - 2015-04-01 05:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 09:31 - 2015-04-01 05:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 09:31 - 2015-04-01 05:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 09:31 - 2015-04-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 09:31 - 2015-03-20 06:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 09:31 - 2015-03-20 06:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 09:31 - 2015-03-20 05:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 09:31 - 2015-03-20 05:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 09:31 - 2015-03-02 04:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 09:31 - 2015-03-02 04:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 09:30 - 2015-04-09 01:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-08 20:38 - 2015-06-08 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-08 20:24 - 2015-06-21 22:06 - 00000372 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job
2015-06-08 20:24 - 2015-06-21 21:23 - 00003258 _____ C:\WINDOWS\System32\Tasks\Bidaily Synchronize Task[973b]
2015-06-08 20:24 - 2015-06-16 14:05 - 00000000 ____D C:\ProgramData\{7e963b41-7b94-2c61-7e96-63b417b9ed05}
2015-06-08 20:24 - 2015-06-08 20:24 - 00000000 ____D C:\ProgramData\gmgjkpidemkfdhnimhmdbmnghimohmjc
2015-06-08 16:22 - 2015-06-08 16:22 - 00000000 ____D C:\Users\ignas\AppData\Local\ESN
2015-06-08 12:29 - 2015-06-08 12:29 - 00931408 _____ (Google Inc.) C:\Users\ignas\Downloads\ChromeSetup.exe
2015-06-07 11:37 - 2015-05-22 16:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-07 11:37 - 2015-04-17 01:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-06 18:21 - 2015-06-06 18:21 - 00000000 ____D C:\Program Files (x86)\WatchClient for Twitter Real Time Twitter Update
2015-06-02 16:50 - 2015-06-02 16:50 - 00000000 ____D C:\Users\ignas\AppData\Local\GWX
2015-05-23 18:08 - 2015-06-16 13:34 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-23 17:09 - 2015-06-21 22:06 - 00001354 _____ C:\WINDOWS\Tasks\GNOK.job
2015-05-23 17:08 - 2015-06-21 22:06 - 00001706 _____ C:\WINDOWS\Tasks\BYAIAMUF.job
2015-05-23 17:07 - 2015-05-23 17:07 - 00000000 ____D C:\Users\ignas\AppData\Roaming\cpuminer
2015-05-22 16:15 - 2015-05-22 16:15 - 01346048 _____ C:\WINDOWS\system32\cpuminer-gw64.exe
2015-05-22 16:15 - 2015-05-22 16:15 - 00000423 _____ C:\WINDOWS\system32\cpuminer-conf.json
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-21 22:13 - 2014-07-17 15:36 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Software Informer
2015-06-21 22:11 - 2013-04-03 17:14 - 00000000 ____D C:\ProgramData\Origin
2015-06-21 22:11 - 2013-04-03 14:54 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-646931945-2771639376-1147865730-1004
2015-06-21 22:09 - 2015-03-20 14:34 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Curse Client
2015-06-21 22:09 - 2013-04-03 14:56 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Skype
2015-06-21 22:08 - 2014-05-01 18:44 - 01341692 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-21 22:07 - 2013-08-07 08:57 - 00000000 ____D C:\Users\ignas\Desktop\steam
2015-06-21 22:07 - 2013-04-03 14:49 - 00000401 _____ C:\Users\ignas\AppData\Roaming\sp_data.sys
2015-06-21 22:06 - 2014-03-18 03:57 - 00061402 _____ C:\WINDOWS\PFRO.log
2015-06-21 22:06 - 2013-08-22 17:46 - 00408808 _____ C:\WINDOWS\setupact.log
2015-06-21 22:06 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-21 22:05 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-21 21:47 - 2014-06-10 10:41 - 00000000 ____D C:\Users\ignas\Desktop\programos
2015-06-21 21:34 - 2013-04-03 00:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-21 21:24 - 2015-01-30 18:22 - 00000000 ____D C:\ProgramData\5940330218561140486
2015-06-21 21:08 - 2013-04-07 01:37 - 00000408 _____ C:\WINDOWS\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1004.job
2015-06-21 20:55 - 2013-04-03 23:59 - 00000406 _____ C:\WINDOWS\Tasks\update-sys.job
2015-06-21 20:50 - 2014-05-29 17:02 - 00226680 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-06-21 20:50 - 2013-05-04 17:13 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-06-21 19:44 - 2013-04-03 23:59 - 00000406 _____ C:\WINDOWS\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1002.job
2015-06-21 19:31 - 2014-06-17 14:05 - 00000000 ____D C:\Users\ignas\AppData\Roaming\.minecraft
2015-06-21 16:35 - 2014-05-25 11:12 - 00000000 ____D C:\Users\ignas\Desktop\zaidimai
2015-06-21 15:45 - 2014-05-04 08:49 - 00003972 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90CDFA7A-EDA7-41A8-BE22-BAD5A13215DC}
2015-06-21 13:25 - 2013-04-22 19:08 - 00000000 ____D C:\Users\ignas\AppData\Roaming\TS3Client
2015-06-21 13:19 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 13:17 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-21 13:16 - 2014-08-23 20:31 - 00000000 ____D C:\Users\ignas\AppData\Local\Adobe
2015-06-21 13:10 - 2013-09-27 18:40 - 00000000 ____D C:\Users\ignas\AppData\Local\Ubisoft Game Launcher
2015-06-21 13:10 - 2013-09-27 18:23 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-06-21 13:05 - 2015-02-04 16:48 - 00000000 ____D C:\Program Files\Classic Shell
2015-06-21 13:04 - 2013-04-03 17:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-21 13:03 - 2015-02-04 20:35 - 00000000 ____D C:\Users\ignas\AppData\Roaming\ClassicShell
2015-06-21 12:51 - 2013-04-03 15:00 - 00000000 ____D C:\Users\ignas\AppData\Local\CrashDumps
2015-06-21 12:48 - 2014-06-14 11:26 - 01560064 ___SH C:\Users\ignas\Desktop\Thumbs.db
2015-06-20 23:00 - 2015-05-09 18:53 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-06-20 21:50 - 2013-04-03 00:44 - 00000000 ____D C:\Users\rasa\AppData\Roaming\Skype
2015-06-20 20:35 - 2013-04-02 19:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-646931945-2771639376-1147865730-1002
2015-06-20 20:09 - 2013-04-02 20:55 - 00000401 _____ C:\Users\rasa\AppData\Roaming\sp_data.sys
2015-06-20 18:10 - 2015-04-15 16:54 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-20 18:10 - 2015-04-15 16:54 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-20 18:09 - 2015-04-15 16:56 - 00000080 _____ C:\Users\ignas\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-17 17:58 - 2013-04-03 00:44 - 00000000 ____D C:\ProgramData\Skype
2015-06-17 17:35 - 2014-12-27 22:22 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 17:35 - 2014-07-30 17:23 - 00000000 ____D C:\Users\ignas\Documents\Euro Truck Simulator 2
2015-06-17 17:35 - 2014-07-30 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-06-17 17:35 - 2014-06-13 18:07 - 00000000 ____D C:\Users\simas\Desktop\tetis
2015-06-17 17:35 - 2014-06-10 10:39 - 00000000 ____D C:\Users\ignas\Desktop\ASUS
2015-06-17 17:35 - 2013-09-26 14:23 - 00000000 ____D C:\Users\simas\Documents\Euro Truck Simulator 2
2015-06-17 17:35 - 2013-04-14 11:23 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-06-16 14:05 - 2013-12-24 12:32 - 00000000 ____D C:\Users\ignas\AppData\Roaming\newnext.me
2015-06-16 13:00 - 2014-09-17 17:59 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-16 12:58 - 2014-05-01 18:45 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-16 12:55 - 2014-05-01 18:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-16 12:51 - 2014-06-13 21:10 - 00001395 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-16 12:50 - 2014-07-11 20:01 - 00002041 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-06-16 12:50 - 2012-08-04 23:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-06-16 12:12 - 2014-06-13 17:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-16 09:12 - 2014-05-01 19:27 - 00001170 _____ C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-16 09:12 - 2013-04-04 18:20 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-14 17:59 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-14 17:59 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-14 16:26 - 2012-07-26 08:26 - 00000301 _____ C:\WINDOWS\win.ini
2015-06-13 11:41 - 2013-04-10 14:02 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-12 10:05 - 2014-11-21 19:17 - 00000000 __SHD C:\Users\ignas\AppData\Local\EmieBrowserModeList
2015-06-12 10:05 - 2014-05-04 08:49 - 00000000 __SHD C:\Users\ignas\AppData\Local\EmieUserList
2015-06-12 10:05 - 2014-05-04 08:49 - 00000000 __SHD C:\Users\ignas\AppData\Local\EmieSiteList
2015-06-12 10:03 - 2013-04-13 07:20 - 00000000 ____D C:\Users\ignas\AppData\Roaming\uTorrent
2015-06-11 17:38 - 2015-04-15 16:36 - 00003826 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1429104988
2015-06-11 17:38 - 2015-04-15 16:36 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-11 17:38 - 2015-04-15 16:35 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-10 21:44 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 15:30 - 2013-08-22 17:44 - 05313856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 15:26 - 2014-12-14 16:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 15:26 - 2014-07-14 10:31 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 12:27 - 2015-05-21 17:21 - 00000834 _____ C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6.lnk
2015-06-10 12:14 - 2014-04-28 21:12 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 12:13 - 2013-08-09 07:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 12:02 - 2013-04-03 20:30 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 21:34 - 2015-05-09 18:53 - 00003858 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-06-09 21:34 - 2013-04-03 00:56 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-09 14:47 - 2015-05-21 17:21 - 00001300 _____ C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Counter-Strike 1.6.lnk
2015-06-09 14:47 - 2015-05-21 17:21 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Counter-Strike 1.6.lnk
2015-06-08 18:10 - 2014-12-21 17:14 - 00000000 ____D C:\Users\ignas\Desktop\Mano modpackas
2015-06-06 15:30 - 2014-05-03 08:19 - 00003968 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8D64FFCB-0049-464F-85EB-F9D128F961F6}
2015-06-06 09:29 - 2013-04-02 19:49 - 00000000 ____D C:\Users\rasa\AppData\Local\Adobe
2015-06-04 19:34 - 2015-02-27 21:21 - 00000000 ____D C:\Users\rasa\AppData\Roaming\ClassicShell
2015-06-04 19:29 - 2015-04-17 21:49 - 00048298 _____ C:\WINDOWS\system32\perfh027.dat
2015-06-04 19:29 - 2015-04-17 21:49 - 00017950 _____ C:\WINDOWS\system32\perfc027.dat
2015-06-04 19:29 - 2014-03-18 13:08 - 00963180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 00:04 - 2014-06-03 14:01 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-04 00:04 - 2014-06-03 14:01 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-04 00:04 - 2013-11-05 22:27 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-04 00:04 - 2013-11-05 22:27 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-03 19:18 - 2015-05-18 16:54 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 19:18 - 2015-05-18 16:54 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-29 16:47 - 2014-09-23 20:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-28 10:04 - 2015-01-03 12:28 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-05-28 10:04 - 2013-09-26 14:39 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-05-28 10:04 - 2013-09-26 14:39 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-05-28 10:04 - 2013-09-26 14:39 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-05-28 10:04 - 2013-09-26 14:39 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-05-28 10:04 - 2013-09-26 14:39 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-05-28 10:04 - 2013-09-26 14:39 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-05-28 10:04 - 2013-09-26 14:39 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-05-28 07:15 - 2014-05-01 18:45 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-05-28 07:15 - 2014-05-01 18:45 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-05-28 07:15 - 2014-05-01 18:45 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-05-28 07:15 - 2014-05-01 18:45 - 01059472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-05-28 07:15 - 2014-05-01 18:45 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-05-28 07:15 - 2014-05-01 18:45 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-05-28 07:15 - 2014-05-01 18:45 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-05-28 07:15 - 2014-05-01 18:45 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-05-27 13:48 - 2014-05-01 18:45 - 04408727 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-05-23 17:16 - 2013-08-07 09:47 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-23 17:13 - 2014-12-24 13:46 - 00000000 ____D C:\Program Files (x86)\Farming Simulator 15
 
==================== Files in the root of some directories =======
 
2015-06-15 17:37 - 2015-06-21 15:39 - 0000024 _____ () C:\Users\ignas\AppData\Roaming\appdataFr25.bin
2015-01-25 19:12 - 2015-01-25 19:12 - 0002086 _____ () C:\Users\ignas\AppData\Roaming\GNOK
2014-03-01 00:16 - 2014-03-01 00:16 - 0000021 _____ () C:\Users\ignas\AppData\Roaming\my_intel.sys
2013-04-03 14:49 - 2015-06-21 22:07 - 0000401 _____ () C:\Users\ignas\AppData\Roaming\sp_data.sys
2013-09-29 18:44 - 2015-02-04 21:42 - 0001456 _____ () C:\Users\ignas\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-27 11:14 - 2013-12-27 11:14 - 0007611 _____ () C:\Users\ignas\AppData\Local\Resmon.ResmonCfg
2015-05-23 17:13 - 2015-05-23 17:13 - 0000800 _____ () C:\Users\ignas\AppData\Local\Temp-log.txt
2013-04-07 01:37 - 2013-04-07 01:37 - 0000003 _____ () C:\Users\ignas\AppData\Local\updater.log
2013-04-07 01:37 - 2014-06-03 13:48 - 0000436 _____ () C:\Users\ignas\AppData\Local\UserProducts.xml
2012-08-04 23:21 - 2012-07-30 09:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 23:21 - 2009-07-22 13:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-09-21 23:50 - 2012-09-21 23:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-04-02 19:53 - 2013-04-02 19:55 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-04-02 19:52 - 2013-04-02 19:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-09-21 23:46 - 2012-09-21 23:48 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2012-09-21 23:48 - 2012-09-21 23:50 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2012-09-21 23:44 - 2012-09-21 23:46 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
 
 
Some files in TEMP:
====================
C:\Users\ignas\AppData\Local\Temp\4024.tmp.exe
C:\Users\ignas\AppData\Local\Temp\4026.tmp.exe
C:\Users\ignas\AppData\Local\Temp\6EAB.tmp.exe
C:\Users\ignas\AppData\Local\Temp\6_Offer_3.exe
C:\Users\ignas\AppData\Local\Temp\BackupSetup.exe
C:\Users\ignas\AppData\Local\Temp\CC1C.tmp.exe
C:\Users\ignas\AppData\Local\Temp\CC1D.tmp.exe
C:\Users\ignas\AppData\Local\Temp\DownloadManager.exe
C:\Users\ignas\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\ignas\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\ignas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpstkjug.dll
C:\Users\ignas\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\ignas\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\ignas\AppData\Local\Temp\dsrsetup.exe
C:\Users\ignas\AppData\Local\Temp\DTLite4491-0356.exe
C:\Users\ignas\AppData\Local\Temp\f.exe
C:\Users\ignas\AppData\Local\Temp\F7B0.tmp.exe
C:\Users\ignas\AppData\Local\Temp\htmlayout.dll
C:\Users\ignas\AppData\Local\Temp\i4jdel0.exe
C:\Users\ignas\AppData\Local\Temp\ICReinstall_xray_installer.exe
C:\Users\ignas\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-3-g530fcb7-b2982jnks.dll
C:\Users\ignas\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ignas\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\ignas\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\ignas\AppData\Local\Temp\nvStInst.exe
C:\Users\ignas\AppData\Local\Temp\OpenComputersMod-1.2native.64.dll
C:\Users\ignas\AppData\Local\Temp\OpenComputersMod-1.3.3.54-native.64.dll
C:\Users\ignas\AppData\Local\Temp\OpenComputersMod-1.3.3.547-native.64.dll
C:\Users\ignas\AppData\Local\Temp\OpenComputersMod-native.64.dll
C:\Users\ignas\AppData\Local\Temp\res.dll
C:\Users\ignas\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\ignas\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\ignas\AppData\Local\Temp\setacl.exe
C:\Users\ignas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ignas\AppData\Local\Temp\sonarinst.exe
C:\Users\ignas\AppData\Local\Temp\tasks.dll
C:\Users\ignas\AppData\Local\Temp\tmp18BE.tmp.exe
C:\Users\ignas\AppData\Local\Temp\tmpBD15.tmp.exe
C:\Users\ignas\AppData\Local\Temp\toolbar244521273.exe
C:\Users\ignas\AppData\Local\Temp\toolbar244570326.exe
C:\Users\ignas\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\ignas\AppData\Local\Temp\Uninstall.exe
C:\Users\ignas\AppData\Local\Temp\uninstall881257.exe
C:\Users\ignas\AppData\Local\Temp\utt76C0.tmp.exe
C:\Users\rasa\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\simas\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-17 18:19
 
==================== End of log ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 24 June 2015 - 08:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please run the Farbar tool one more time and post a fresh FRST log.

How is the computer running?
Wait for further instructions.

#4 power_kem

power_kem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 25 June 2015 - 09:32 AM

My FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by ignas (administrator) on GVAZDIKAI on 25-06-2015 15:27:56
Running from C:\Users\ignas\Desktop\da
Loaded Profiles: rasa & ignas & simas (Available Profiles: rasa & ignas & simas)
Platform: Windows 8.1 (X64) OS Language: Lietuvių (Lietuva)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Valve Corporation) C:\Users\ignas\Desktop\steam\Steam.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Users\ignas\Desktop\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-04] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2012-07-03] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2646504 2012-05-14] (CyberLink Corp.)
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\...\Run: [LightShot] => C:\Users\rasa\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\...\MountPoints2: {63fba6c2-f8cb-11e4-bf61-dc85de404758} - "G:\LG_PC_Programs.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\...\MountPoints2: {75c885ce-d14a-11e3-8250-dc85de404758} - "F:\setup.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\...\MountPoints2: {b3fbaa54-0dfe-11e5-bf67-dc85de404758} - "G:\AutoRun.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-29] (Electronic Arts)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [LightShot] => C:\Users\ignas\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [Steam] => C:\Users\ignas\Desktop\steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [Software Informer] => C:\Program Files\Software Informer\softinfo.exe [1531904 2015-02-25] (Informer Technologies, Inc.)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\MountPoints2: {63fba6c2-f8cb-11e4-bf61-dc85de404758} - "G:\LG_PC_Programs.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\MountPoints2: {b3fbaa54-0dfe-11e5-bf67-dc85de404758} - "G:\AutoRun.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\MountPoints2: {c8f4b3e1-e2a8-11e3-bf09-dc85de404758} - "F:\vs_ultimate.exe" 
HKU\S-1-5-21-646931945-2771639376-1147865730-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-646931945-2771639376-1147865730-1005\...\MountPoints2: {c8f4b3e1-e2a8-11e3-bf09-dc85de404758} - "F:\setup.exe" 
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-06-17] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-03-20]
ShortcutTarget: Curse.lnk -> C:\Users\ignas\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://gosearch.me/?u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=hp&inst=1434089835
HKU\S-1-5-21-646931945-2771639376-1147865730-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-646931945-2771639376-1147865730-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-646931945-2771639376-1147865730-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=lt-LT&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fgoogle.lt%2F&OSP=
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1002 -> {B36264C2-3DD1-4D57-A7B3-8279B1456463} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123841&q={searchTerms}
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> 0D1C02392284B6DC37ADC1E91AE543E7 URL = http://searchou.com/?q={searchTerms}&id=5ca89ca1000000000000dc85de404758&r=921
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> {DFF921EF-1A8E-4868-9400-223416576B58} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-05] (Oracle Corporation)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-646931945-2771639376-1147865730-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ignas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\user.js [2015-06-14]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\bingp.xml [2015-03-17]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\BrowserDefender.xml [2013-05-30]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yandex.ru-154900.xml [2014-05-28]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yqs-barff-yandex.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-06-12]
FF Extension: checkcompatibilitydactylgooglecodecom - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\check-compatibility@dactyl.googlecode.com [2014-09-08]
FF Extension: SearchNewTab - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\ouoaaea@lqgro-.co.uk [2013-10-05]
FF Extension: 89506680e3f4484ca2c0ed711d481eda - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2014-09-08]
FF Extension: . - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi [2014-01-09]
FF Extension: eye perform 1.0.1 - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi [2015-06-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-646931945-2771639376-1147865730-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF HKU\S-1-5-21-646931945-2771639376-1147865730-1005\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-21]
CHR Extension: (Google Docs) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-21]
CHR Extension: (YouTube) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-21]
CHR Extension: (Adblock Plus) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-21]
CHR Extension: (Google Search) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-21]
CHR Extension: (Google Sheets) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-21]
CHR Extension: (AdBlock) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-21]
CHR Extension: (Google Wallet) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-21]
CHR Extension: (Gmail) - C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-04-17] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-04] (NVIDIA Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-06-21] („Google Inc.“)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-06-21] („Google Inc.“)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-16] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-05-09] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-05-09] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-24] (Disc Soft Ltd)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-06-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-25 14:14 - 2015-06-25 14:16 - 00000000 ____D C:\AdwCleaner
2015-06-25 14:11 - 2015-06-25 14:11 - 00001046 _____ C:\Users\ignas\Desktop\mbam.txt
2015-06-25 11:18 - 2015-06-25 13:03 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-25 11:18 - 2015-06-25 13:01 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-25 11:18 - 2015-06-25 13:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-25 11:18 - 2015-06-25 11:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-25 11:18 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-25 11:18 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-25 11:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-25 11:16 - 2015-06-25 11:16 - 00000000 ____D C:\Users\ignas\Downloads\installers
2015-06-25 11:06 - 2015-06-25 11:06 - 02244096 _____ C:\Users\ignas\Desktop\adwcleaner_4.207.exe
2015-06-25 11:05 - 2015-06-25 11:06 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ignas\Desktop\mbam-setup-2-1-6-1022.exe
2015-06-25 11:05 - 2015-06-25 11:05 - 00448512 _____ (OldTimer Tools) C:\Users\ignas\Desktop\TFC.exe
2015-06-24 11:19 - 2015-06-24 11:19 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-06-24 11:19 - 2015-06-24 11:19 - 00000000 ____D C:\WINDOWS\system32\NV
2015-06-24 11:19 - 2015-06-17 09:03 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-24 11:16 - 2015-06-17 12:10 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 17724600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 15224784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-24 11:16 - 2015-06-17 12:10 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00408392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-06-24 11:16 - 2015-06-17 12:10 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-24 11:16 - 2015-06-17 12:10 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-06-21 22:25 - 2015-06-25 15:02 - 00000000 ____D C:\Users\ignas\AppData\Local\ClassicShell
2015-06-21 22:25 - 2015-06-21 22:25 - 06596368 _____ (IvoSoft) C:\Users\ignas\Downloads\ClassicShellSetup_4_2_1.exe
2015-06-21 22:25 - 2015-06-21 22:25 - 00002172 _____ C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-06-21 22:25 - 2015-06-21 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-06-21 22:25 - 2015-06-21 22:25 - 00000000 ____D C:\ProgramData\ClassicShell
2015-06-21 22:21 - 2015-06-25 15:26 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-21 22:21 - 2015-06-25 12:54 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-21 22:21 - 2015-06-23 10:31 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 22:21 - 2015-06-21 22:21 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-21 22:21 - 2015-06-21 22:21 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-21 22:15 - 2015-06-21 22:17 - 00088234 _____ C:\Users\ignas\Desktop\Addition.txt
2015-06-21 22:11 - 2015-06-21 22:17 - 00000133 _____ C:\Users\ignas\Desktop\linkai.txt
2015-06-21 22:09 - 2015-06-21 22:17 - 00072002 _____ C:\Users\ignas\Desktop\FRST.txt
2015-06-21 21:23 - 2015-06-25 12:50 - 00000000 ____D C:\ProgramData\{3cb34948-9351-5aac-3cb3-349489352522}
2015-06-20 23:13 - 2015-06-20 23:13 - 00000275 _____ C:\Users\ignas\Desktop\Naujas tekstinis dokumentas.txt
2015-06-20 22:21 - 2015-06-25 15:27 - 00000000 ____D C:\Users\ignas\Desktop\da
2015-06-20 22:14 - 2015-06-25 15:28 - 00000000 ____D C:\FRST
2015-06-17 17:03 - 2015-06-17 17:03 - 00001124 _____ C:\Users\Public\Desktop\Registry Recycler.lnk
2015-06-17 17:01 - 2015-06-17 17:01 - 01285128 _____ (Developer Tribe (Pvt) Ltd. ) C:\Users\ignas\Downloads\setup_rr.exe
2015-06-16 14:05 - 2015-06-21 22:04 - 00003376 _____ C:\WINDOWS\system32\.crusader
2015-06-16 13:35 - 2015-06-25 12:50 - 00000000 ____D C:\Program Files (x86)\47bbcf62-fc4b-4866-8b74-3617394904bb
2015-06-16 13:31 - 2015-06-16 14:04 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-16 13:31 - 2015-06-16 13:31 - 00001907 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-16 13:31 - 2015-06-16 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-16 13:31 - 2015-06-16 13:31 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-16 13:30 - 2015-06-16 13:30 - 11024496 _____ (SurfRight B.V.) C:\Users\ignas\Downloads\HitmanPro_x64.exe
2015-06-16 13:22 - 2015-06-16 13:22 - 05155328 _____ C:\Users\ignas\Downloads\WindowsDefender (1).msi
2015-06-16 13:21 - 2015-06-16 13:21 - 05154304 _____ C:\Users\ignas\Downloads\windowsdefender.msi
2015-06-16 12:54 - 2015-05-28 10:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-16 12:54 - 2015-05-28 10:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-16 12:50 - 2015-06-24 11:17 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-16 12:50 - 2015-05-19 06:29 - 00046768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-16 12:50 - 2015-05-19 06:14 - 00057520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-16 12:11 - 2015-06-16 12:11 - 01640768 _____ C:\Users\ignas\Downloads\battlelog-web-plugins_2.7.1_162.exe
2015-06-16 09:20 - 2015-06-16 09:20 - 00003628 _____ C:\WINDOWS\System32\Tasks\Safesoft Defender Job
2015-06-16 09:20 - 2015-06-16 09:20 - 00000000 ____D C:\Program Files (x86)\Safesoft Defender
2015-06-14 20:58 - 2015-06-14 20:58 - 00003116 _____ C:\WINDOWS\System32\Tasks\{1B20F60F-98B5-4F28-BD51-826E99575A1D}
2015-06-13 11:40 - 2015-06-25 12:53 - 00000000 ____D C:\Users\ignas\AppData\Roaming\InetStat
2015-06-13 11:37 - 2015-06-16 09:17 - 00070144 _____ C:\WINDOWS\SysWOW64\tasks.dll
2015-06-12 21:45 - 2015-06-12 22:17 - 00000000 ____D C:\Users\ignas\Desktop\dainos
2015-06-12 09:18 - 2015-06-16 11:38 - 00003276 _____ C:\WINDOWS\System32\Tasks\Alfasistem Memory Job
2015-06-12 09:09 - 2015-06-16 20:36 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Updater
2015-06-11 22:15 - 2015-06-11 22:15 - 00000000 ____D C:\Users\ignas\AppData\Roaming\AVG
2015-06-11 22:15 - 2015-06-11 22:15 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-11 22:14 - 2015-06-11 22:14 - 00000000 ____D C:\Users\ignas\AppData\Local\Avg
2015-06-11 22:13 - 2015-06-11 22:16 - 00000000 ____D C:\ProgramData\AVG
2015-06-11 22:13 - 2015-06-11 22:13 - 00001099 _____ C:\Users\ignas\Desktop\Cheat Engine.lnk
2015-06-11 22:13 - 2015-06-11 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-06-11 22:13 - 2015-06-11 22:13 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-06-11 17:16 - 2015-06-11 17:17 - 33261990 _____ C:\Users\ignas\Desktop\MeatyLockAgrarianSkies2Episode10.zip
2015-06-10 09:31 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 09:31 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 09:31 - 2015-05-25 16:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 09:31 - 2015-05-25 16:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 09:31 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 09:31 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 09:31 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 09:31 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 09:31 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 09:31 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 09:31 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 09:31 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 09:31 - 2015-05-23 05:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 09:31 - 2015-05-23 05:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 09:31 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 09:31 - 2015-05-23 05:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 09:31 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 09:31 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 09:31 - 2015-05-23 05:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 09:31 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 09:31 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 09:31 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 09:31 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 09:31 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 09:31 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 09:31 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 09:31 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 09:31 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 09:31 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 09:31 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 09:31 - 2015-05-22 21:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 09:31 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 09:31 - 2015-05-22 21:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 09:31 - 2015-05-22 21:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 09:31 - 2015-05-22 21:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 09:31 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 09:31 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 09:31 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 09:31 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 09:31 - 2015-05-22 20:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 09:31 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 09:31 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 09:31 - 2015-05-21 19:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 09:31 - 2015-04-25 05:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 09:31 - 2015-04-25 05:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 09:31 - 2015-04-16 09:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 09:31 - 2015-04-14 01:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 09:31 - 2015-04-14 01:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 09:31 - 2015-04-10 03:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 09:31 - 2015-04-10 03:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 09:31 - 2015-04-09 01:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 09:31 - 2015-04-02 01:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 09:31 - 2015-04-02 01:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 09:31 - 2015-04-01 07:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 09:31 - 2015-04-01 07:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 09:31 - 2015-04-01 07:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 09:31 - 2015-04-01 07:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 09:31 - 2015-04-01 06:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 09:31 - 2015-04-01 06:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 09:31 - 2015-04-01 06:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 09:31 - 2015-04-01 05:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 09:31 - 2015-04-01 05:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 09:31 - 2015-04-01 05:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 09:31 - 2015-04-01 05:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 09:31 - 2015-04-01 05:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 09:31 - 2015-04-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 09:31 - 2015-03-20 06:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 09:31 - 2015-03-20 06:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 09:31 - 2015-03-20 05:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 09:31 - 2015-03-20 05:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 09:31 - 2015-03-02 04:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 09:31 - 2015-03-02 04:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 09:30 - 2015-04-09 01:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-08 20:38 - 2015-06-08 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-08 20:24 - 2015-06-16 14:05 - 00000000 ____D C:\ProgramData\{7e963b41-7b94-2c61-7e96-63b417b9ed05}
2015-06-08 16:22 - 2015-06-08 16:22 - 00000000 ____D C:\Users\ignas\AppData\Local\ESN
2015-06-08 12:29 - 2015-06-08 12:29 - 00931408 _____ (Google Inc.) C:\Users\ignas\Downloads\ChromeSetup.exe
2015-06-07 11:37 - 2015-05-22 16:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-07 11:37 - 2015-05-21 16:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-07 11:37 - 2015-04-17 01:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-06 18:21 - 2015-06-25 12:50 - 00000000 ____D C:\Program Files (x86)\WatchClient for Twitter Real Time Twitter Update
2015-06-02 16:50 - 2015-06-02 16:50 - 00000000 ____D C:\Users\ignas\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-25 15:28 - 2014-07-17 15:36 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Software Informer
2015-06-25 15:13 - 2013-04-03 14:56 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Skype
2015-06-25 15:05 - 2015-05-23 17:09 - 00001354 _____ C:\WINDOWS\Tasks\GNOK.job
2015-06-25 15:02 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-25 14:50 - 2014-05-01 18:44 - 02034014 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-25 14:34 - 2013-04-03 00:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-25 14:26 - 2015-05-23 17:08 - 00001706 _____ C:\WINDOWS\Tasks\BYAIAMUF.job
2015-06-25 13:09 - 2013-04-03 14:54 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-646931945-2771639376-1147865730-1004
2015-06-25 13:08 - 2013-04-07 01:37 - 00000408 _____ C:\WINDOWS\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1004.job
2015-06-25 13:01 - 2015-03-20 14:34 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Curse Client
2015-06-25 13:00 - 2013-04-03 17:14 - 00000000 ____D C:\ProgramData\Origin
2015-06-25 13:00 - 2012-09-21 23:27 - 00000000 ____D C:\temp
2015-06-25 12:55 - 2013-04-03 23:59 - 00000406 _____ C:\WINDOWS\Tasks\update-sys.job
2015-06-25 12:54 - 2013-08-07 08:57 - 00000000 ____D C:\Users\ignas\Desktop\steam
2015-06-25 12:54 - 2013-04-03 14:49 - 00000401 _____ C:\Users\ignas\AppData\Roaming\sp_data.sys
2015-06-25 12:53 - 2014-05-01 18:45 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-25 12:53 - 2014-04-28 21:12 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-25 12:53 - 2014-03-18 03:57 - 00830458 _____ C:\WINDOWS\PFRO.log
2015-06-25 12:53 - 2013-08-22 17:46 - 00410425 _____ C:\WINDOWS\setupact.log
2015-06-25 12:53 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-25 12:50 - 2014-01-09 18:01 - 00000000 ____D C:\Users\ignas\AppData\Roaming\D394D188-BAC7-4e03-8FAF-389A4D7EC6F4
2015-06-25 12:50 - 2013-08-25 17:03 - 00000000 ____D C:\ProgramData\savEnsshareu
2015-06-25 12:18 - 2014-06-17 14:05 - 00000000 ____D C:\Users\ignas\AppData\Roaming\.minecraft
2015-06-25 11:44 - 2013-04-03 23:59 - 00000406 _____ C:\WINDOWS\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1002.job
2015-06-25 11:26 - 2015-04-15 16:36 - 00003826 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1429104988
2015-06-25 11:26 - 2015-04-15 16:36 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-25 11:26 - 2015-04-15 16:35 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-25 09:33 - 2014-08-23 20:31 - 00000000 ____D C:\Users\ignas\AppData\Local\Adobe
2015-06-25 09:33 - 2014-05-04 08:49 - 00003972 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90CDFA7A-EDA7-41A8-BE22-BAD5A13215DC}
2015-06-24 18:36 - 2014-05-29 17:02 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-06-24 15:43 - 2013-05-04 17:13 - 00214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-06-24 12:32 - 2013-04-03 15:00 - 00000000 ____D C:\Users\ignas\AppData\Local\CrashDumps
2015-06-24 11:20 - 2014-05-01 18:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-24 11:10 - 2015-05-09 18:53 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-06-24 11:09 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-23 20:34 - 2015-05-09 18:53 - 00003858 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-06-23 20:34 - 2013-04-03 00:56 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-23 18:33 - 2015-04-15 16:56 - 00000080 _____ C:\Users\ignas\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-21 22:25 - 2015-02-04 16:48 - 00000000 ____D C:\Program Files\Classic Shell
2015-06-21 22:21 - 2013-04-10 14:02 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-21 21:47 - 2014-06-10 10:41 - 00000000 ____D C:\Users\ignas\Desktop\programos
2015-06-21 21:24 - 2015-01-30 18:22 - 00000000 ____D C:\ProgramData\5940330218561140486
2015-06-21 16:35 - 2014-05-25 11:12 - 00000000 ____D C:\Users\ignas\Desktop\zaidimai
2015-06-21 13:25 - 2013-04-22 19:08 - 00000000 ____D C:\Users\ignas\AppData\Roaming\TS3Client
2015-06-21 13:19 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-21 13:10 - 2013-09-27 18:40 - 00000000 ____D C:\Users\ignas\AppData\Local\Ubisoft Game Launcher
2015-06-21 13:10 - 2013-09-27 18:23 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-06-21 13:04 - 2013-04-03 17:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-21 13:03 - 2015-02-04 20:35 - 00000000 ____D C:\Users\ignas\AppData\Roaming\ClassicShell
2015-06-21 12:48 - 2014-06-14 11:26 - 01560064 ___SH C:\Users\ignas\Desktop\Thumbs.db
2015-06-20 21:50 - 2013-04-03 00:44 - 00000000 ____D C:\Users\rasa\AppData\Roaming\Skype
2015-06-20 20:35 - 2013-04-02 19:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-646931945-2771639376-1147865730-1002
2015-06-20 20:09 - 2013-04-02 20:55 - 00000401 _____ C:\Users\rasa\AppData\Roaming\sp_data.sys
2015-06-20 18:10 - 2015-04-15 16:54 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-20 18:10 - 2015-04-15 16:54 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-20 06:02 - 2015-05-18 16:54 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 06:02 - 2015-05-18 16:54 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-17 17:58 - 2013-04-03 00:44 - 00000000 ____D C:\ProgramData\Skype
2015-06-17 17:35 - 2014-12-27 22:22 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 17:35 - 2014-07-30 17:23 - 00000000 ____D C:\Users\ignas\Documents\Euro Truck Simulator 2
2015-06-17 17:35 - 2014-07-30 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
2015-06-17 17:35 - 2014-06-13 18:07 - 00000000 ____D C:\Users\simas\Desktop\tetis
2015-06-17 17:35 - 2014-06-10 10:39 - 00000000 ____D C:\Users\ignas\Desktop\ASUS
2015-06-17 17:35 - 2013-09-26 14:23 - 00000000 ____D C:\Users\simas\Documents\Euro Truck Simulator 2
2015-06-17 17:35 - 2013-04-14 11:23 - 00000000 ____D C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-06-17 12:10 - 2013-09-26 14:39 - 12855416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-17 12:10 - 2013-09-26 14:39 - 03395648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-17 12:10 - 2013-09-26 14:39 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-17 12:10 - 2013-09-26 14:39 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-17 12:10 - 2013-09-26 14:39 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-17 12:10 - 2013-09-26 14:39 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-17 12:10 - 2013-09-26 14:39 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-17 09:48 - 2014-05-01 18:45 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-17 09:48 - 2014-05-01 18:45 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-17 09:48 - 2014-05-01 18:45 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-17 09:48 - 2014-05-01 18:45 - 01059472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-06-17 09:48 - 2014-05-01 18:45 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-17 09:48 - 2014-05-01 18:45 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-17 09:48 - 2014-05-01 18:45 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-06-17 09:48 - 2014-05-01 18:45 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-16 13:34 - 2015-05-23 18:08 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-16 13:00 - 2014-09-17 17:59 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-16 12:51 - 2014-06-13 21:10 - 00001395 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-16 12:50 - 2014-07-11 20:01 - 00002041 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-06-16 12:50 - 2012-08-04 23:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-06-16 12:12 - 2014-06-13 17:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-16 09:12 - 2014-05-01 19:27 - 00001170 _____ C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-16 09:12 - 2013-04-04 18:20 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-14 17:59 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-14 17:59 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-14 16:26 - 2012-07-26 08:26 - 00000301 _____ C:\WINDOWS\win.ini
2015-06-12 10:05 - 2014-11-21 19:17 - 00000000 __SHD C:\Users\ignas\AppData\Local\EmieBrowserModeList
2015-06-12 10:05 - 2014-05-04 08:49 - 00000000 __SHD C:\Users\ignas\AppData\Local\EmieUserList
2015-06-12 10:05 - 2014-05-04 08:49 - 00000000 __SHD C:\Users\ignas\AppData\Local\EmieSiteList
2015-06-12 10:03 - 2013-04-13 07:20 - 00000000 ____D C:\Users\ignas\AppData\Roaming\uTorrent
2015-06-10 21:44 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 15:30 - 2013-08-22 17:44 - 05313856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 15:26 - 2014-12-14 16:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 15:26 - 2014-07-14 10:31 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-06-10 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 12:27 - 2015-05-21 17:21 - 00000834 _____ C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6.lnk
2015-06-10 12:13 - 2013-08-09 07:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 12:02 - 2013-04-03 20:30 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 14:47 - 2015-05-21 17:21 - 00001300 _____ C:\Users\ignas\AppData\Roaming\Microsoft\Windows\Start Menu\Counter-Strike 1.6.lnk
2015-06-09 14:47 - 2015-05-21 17:21 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Counter-Strike 1.6.lnk
2015-06-08 18:10 - 2014-12-21 17:14 - 00000000 ____D C:\Users\ignas\Desktop\Mano modpackas
2015-06-06 15:30 - 2014-05-03 08:19 - 00003968 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8D64FFCB-0049-464F-85EB-F9D128F961F6}
2015-06-06 09:29 - 2013-04-02 19:49 - 00000000 ____D C:\Users\rasa\AppData\Local\Adobe
2015-06-04 19:34 - 2015-02-27 21:21 - 00000000 ____D C:\Users\rasa\AppData\Roaming\ClassicShell
2015-06-04 19:29 - 2015-04-17 21:49 - 00048298 _____ C:\WINDOWS\system32\perfh027.dat
2015-06-04 19:29 - 2015-04-17 21:49 - 00017950 _____ C:\WINDOWS\system32\perfc027.dat
2015-06-04 19:29 - 2014-03-18 13:08 - 00963180 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 00:04 - 2014-06-03 14:01 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-04 00:04 - 2014-06-03 14:01 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-04 00:04 - 2013-11-05 22:27 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-04 00:04 - 2013-11-05 22:27 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-02 17:11 - 2014-05-01 18:45 - 04421614 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-05-29 16:47 - 2014-09-23 20:14 - 00000000 ___RD C:\Program Files (x86)\Skype
 
==================== Files in the root of some directories =======
 
2015-01-25 19:12 - 2015-01-25 19:12 - 0002086 _____ () C:\Users\ignas\AppData\Roaming\GNOK
2014-03-01 00:16 - 2014-03-01 00:16 - 0000021 _____ () C:\Users\ignas\AppData\Roaming\my_intel.sys
2013-04-03 14:49 - 2015-06-25 12:54 - 0000401 _____ () C:\Users\ignas\AppData\Roaming\sp_data.sys
2013-09-29 18:44 - 2015-02-04 21:42 - 0001456 _____ () C:\Users\ignas\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-27 11:14 - 2013-12-27 11:14 - 0007611 _____ () C:\Users\ignas\AppData\Local\Resmon.ResmonCfg
2015-05-23 17:13 - 2015-05-23 17:13 - 0000800 _____ () C:\Users\ignas\AppData\Local\Temp-log.txt
2013-04-07 01:37 - 2013-04-07 01:37 - 0000003 _____ () C:\Users\ignas\AppData\Local\updater.log
2013-04-07 01:37 - 2014-06-03 13:48 - 0000436 _____ () C:\Users\ignas\AppData\Local\UserProducts.xml
2012-08-04 23:21 - 2012-07-30 09:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 23:21 - 2009-07-22 13:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-09-21 23:50 - 2012-09-21 23:50 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-04-02 19:53 - 2013-04-02 19:55 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-04-02 19:52 - 2013-04-02 19:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-09-21 23:46 - 2012-09-21 23:48 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2012-09-21 23:48 - 2012-09-21 23:50 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2012-09-21 23:44 - 2012-09-21 23:46 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-25 13:09
 
==================== End of log ============================
 
 
 
 
 
ADWcleaner:
 
 
 
 
# AdwCleaner v4.207 - Logfile created 25/06/2015 at 14:14:44
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : ignas - GVAZDIKAI
# Running from : C:\Users\ignas\Desktop\adwcleaner_4.207.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\GoSearch.xml
File Found : C:\Users\ignas\AppData\Roaming\GNOK
File Found : C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\bingp.xml
File Found : C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\BrowserDefender.xml
File Found : C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yqs-barff-yandex.xml
File Found : C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\user.js
File Found : C:\Users\ignas\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\ignas\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\ignas\daemonprocess.txt
File Found : C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.ividi.org_0.localstorage
File Found : C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.ividi.org_0.localstorage-journal
File Found : C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.simplesearches.info_0.localstorage
File Found : C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.simplesearches.info_0.localstorage-journal
File Found : C:\Users\rasa\daemonprocess.txt
File Found : C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oalbifknmclbnmjlljdemhjjlkmppjjl_0.localstorage
File Found : C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oalbifknmclbnmjlljdemhjjlkmppjjl_0.localstorage-journal
File Found : C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.simplesearches.info_0.localstorage
File Found : C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.simplesearches.info_0.localstorage-journal
File Found : C:\WINDOWS\System32\cpuminer-conf.json
Folder Found : C:\ProgramData\{3cb34948-9351-5aac-3cb3-349489352522}
Folder Found : C:\ProgramData\{7e963b41-7b94-2c61-7e96-63b417b9ed05}
Folder Found : C:\ProgramData\{7f4adc5d-c4c1-c62b-7f4a-adc5dc4c7177}
Folder Found : C:\ProgramData\5940330218561140486
Folder Found : C:\ProgramData\QuickSet
Folder Found : C:\ProgramData\savEnsshareu
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\Users\ignas\AppData\Local\PackageAware
Folder Found : C:\Users\ignas\AppData\LocalLow\Industriya
Folder Found : C:\Users\ignas\AppData\Roaming\cpuminer
Folder Found : C:\Users\ignas\AppData\Roaming\goforfiles
Folder Found : C:\Users\ignas\AppData\Roaming\InetStat
Folder Found : C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{4e38134d-ba98-4066-b898-e296d8acc938}.xpi
Folder Found : C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\ouoaaea@lqgro-.co.uk
Folder Found : C:\Users\ignas\AppData\Roaming\Updater
Folder Found : C:\Users\ignas\Desktop\ftb
Folder Found : C:\Users\rasa\AppData\LocalLow\Industriya
Folder Found : C:\Users\rasa\AppData\LocalLow\savEnsshareu
 
***** [ Scheduled tasks ] *****
 
Task Found : GoforFilesUpdate
Task Found : Malware Cleaner
Task Found : update-sys
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : GNOK
Task Found : update-S-1-5-21-646931945-2771639376-1147865730-1002
Task Found : update-S-1-5-21-646931945-2771639376-1147865730-1004
Task Found : update-sys
Task Found : update-S-1-5-21-646931945-2771639376-1147865730-1002
Task Found : update-S-1-5-21-646931945-2771639376-1147865730-1004
Task Found : update-sys
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\5e558fd1bd6fbd40
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getwebcake.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.thesearchpage.info
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\0D1C02392284B6DC37ADC1E91AE543E7
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7E8ED77-2FBA-4EC6-BC07-65DE4DE6709F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E8ED77-2FBA-4EC6-BC07-65DE4DE6709F}
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\UpdateStar
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\InetStat
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\0D1C02392284B6DC37ADC1E91AE543E7
Key Found : [x64] HKCU\Software\PrivitizeVPNInstallDates
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\UpdateStar
Key Found : HKLM\SOFTWARE\11273471-13ff-445b-aad4-cbed24503899
Key Found : HKLM\SOFTWARE\54a365db-ec1c-7a94-d10e-c5f30efad7a3
Key Found : HKLM\SOFTWARE\BetterSurf
Key Found : HKLM\SOFTWARE\Better-Surf
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7E8ED77-2FBA-4EC6-BC07-65DE4DE6709F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{398121FE-8082-4764-BD05-A21A334B7FDC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7A6DCEC2-55AB-418F-A903-93D0DF482809}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{995AEC82-0E5F-419A-864E-4E50012D0863}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C3510196-382C-41D1-8E63-6E84DB3709C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpuminer
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://gosearch.me/?u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=hp&inst=1434089835
 
-\\ Mozilla Firefox v29.0.1 (lt)
 
[1a9cnsy7.default] - Line Found : user_pref("extensions.0oZfpytFS1nyuvw1.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.2JoFFsC0xZJUd3i9.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.4QM9IgOKVyF0uLwQ.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.8SxNAYluDXb4O6Fi.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.IWsiMCErMsHaFycu.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.IgVx9aDW6vl7qBwG.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.InHBLUUPKpKHYfHW.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.IyNf3g1eHpuUimDm.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.MTccshNl8zbC4vMa.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.PN1H7VwwVU23rez1.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.QeA48XRoPEItcC7P.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.WafVEq2VpQo2UYdo.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.j5vQv64MiqwgCEyM.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]
[1a9cnsy7.default] - Line Found : user_pref("extensions.pQjxYQikFD7h.scode", "(function(){try{if(window.location.href.indexOf(\"rHa6rTgGrTa4rY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.com\",\"investking[...]
[l197cwex.default] - Line Found : user_pref("browser.search.order.1", "Delta Search");
[l197cwex.default] - Line Found : user_pref("browser.search.selectedEngine", "Delta Search");
[l197cwex.default] - Line Found : user_pref("extensions.0oZfpytFS1nyuvw1.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.2JoFFsC0xZJUd3i9.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.8SxNAYluDXb4O6Fi.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.IWsiMCErMsHaFycu.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.IgVx9aDW6vl7qBwG.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.InHBLUUPKpKHYfHW.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.IyNf3g1eHpuUimDm.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.PN1H7VwwVU23rez1.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.WafVEq2VpQo2UYdo.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[l197cwex.default] - Line Found : user_pref("extensions.j5vQv64MiqwgCEyM.scode", "(function(){try{if(window.location.href.indexOf(\"rjrEpjrFrHwEpjUGqjn5rdw9rjC\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
 
-\\ Google Chrome v43.0.2357.130
 
[C:\Users\ignas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : management","searchProvider","startupPages"],"explicit_host":["hxxp://*.bing.com/*","hxxp://g.ceipmsn.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"external_first_run":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["cookies","homepage","management","searchProvider","startupPages"],"explicit_host":["hxxp://*.bing.com/*","hxxp://g.ceipmsn.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_parameter":"SKY2","install_time":"13079388125284185","lastpingday":"13079343601451356","location":6,"manifest":{"background":{"persistent":false,"scripts":["background.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us","search_provider":{"encoding":"UTF-8","favicon_url":"hxxp://www.bing.com/favicon.ico","is_default":true,"keyword":"bing.com","name":"Bing","search_url":"hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}"},"startup_pages":["hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us"]},"current_locale":"lt","default_locale":"en","description":"MSN Homepage & Bing Search Engine","icons":{"128":"Logo_128.ico","16":"Logo.png","48":"Logo_48.ico"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JA3sXSSGLZfdufL1gcnN5sgZ7Upqkq0FF8aaRTf8v/banM0MIX3o6XqEV+ireOgQZIz1GcNKMEJ1BpeaheabEGRn3ZqQrO+gwpbeJDhuNcT8MD3npRoColMqG6rPG/b+GxM60gS0bBrELyNB6EeNj1j5hVvZA/VG92sW4Ld/Yqea6iKrs/Vfh99utT6V7CmTPMXLAvY40yufxWHEqpgsqU2gNn1FY94BB0UbWE40t5DHmC6y67F26uBRodQu//TZTd2BxcuGEUohU8jDTAs+dl8wCHGP19xBzWkEnI+RRTtUyZ1IeRY3x7W+Xbe60wz/UeoYQMmCdzdq1WDo8kgtwIDAQAB","manifest_version":2,"name":"MSN Homepage & Bing Search Engine","permissions":["hxxp://g.ceipmsn.com/*","hxxp://*.bing.com/*","cookies","management"],"short_name":"MSN Homepage & Bing Search Engine","update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.0.0.6"},"path":"fcfenmboojpjinhpgggodefccipikbpd\\0.0.0.6_0","preferences":{},"regular_only_preferences":{},"state":2,"was_installed_by_default":false,"was_installed_by_oem":false},"felcaaldnbdncclmgdcncolpebgiejap":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"zs","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388121997732","lastpingday":"13079689201417819","location":1,"manifest":{"api_console_project_id":"1083656409722","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"lt","default_locale":"en_US","description":"Kurkite ir redaguokite skaičiuokles","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0AHrkP4MHPDKQI/O9LqZjtM24hKApaT3uVHeOduC06ZXWuwVRvx2wy5JUmMHfefXRG26tErgZSWpbxkm+2xfplKnT+grXF771HDgsNrNXERJHq7tnoYsWRiG3Gbs5BI4Ei+naZ/nyiWblbT4GyuD9N5yXNtoM0AnK+0FYhbO7IwIDAQAB","manifest_version":2,"name":"„Google“ skaičiuoklės","offline_enabled":true,"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"1.1"},"page_ordinal":"n","path":"felcaaldnbdncclmgdcncolpebgiejap\\1.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["feedbackPrivate.onFeedbackRequested","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388103308358","location":5,"manifest":{"app":{"background":{"scripts":["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"32":"images/icon32.png","64":"images/icon64.png"},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\feedback","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"gighmmpiobklfepjocnamgkkbiglidom":{"active_permissions":{"api":["alarms","contextMenus","idle","notifications","storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.autorevue.cz/*","*://*.doupe.cz/*","*://*.e15.cz/*","*://*.getadblock.com/*","*://*.mail.live.com/*","*://*.mastertoons.com/*","*://*.mobilmania.cz/*","*://*.sportrevue.cz/*","*://*.youtube.com/*","*://*.zive.cz/*","hxxp://*/*","hxxps://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["alarms","contextMenus","idle","notifications","storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.autorevue.cz/*","*://*.doupe.cz/*","*://*.e15.cz/*","*://*.getadblock.com/*","*://*.mail.live.com/*","*://*.mastertoons.com/*","*://*.mobilmania.cz/*","*://*.sportrevue.cz/*","*://*.youtube.com/*","*://*.zive.cz/*","hxxp://*/*","hxxps://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388178192157","lastpingday":"13079689201417819","location":1,"manifest":{"background":{"scripts":["punycode.min.js","jquery/jquery.min.js","port.js","functions.js","stats.js","survey.js","filtering/domainset.js","filtering/filteroptions.js","filtering/filtertypes.js","filtering/filterset.js","filtering/myfilters.js","filtering/filternormalizer.js","idlehandler.js","search/search-plus-one.js","dropbox-datastores.js","gab_question.js","background.js"]},"browser_action":{"default_icon":{"19":"img/icon19.png","38":"img/icon38.png"},"default_popup":"button/popup.html","default_title":"AdBlock - click for details"},"content_scripts":[{"all_frames":true,"js":["bandaids.js"],"matches":["*://*.mail.live.com/*","*://*.mastertoons.com/*","*://*.getadblock.com/*","*://*.mobilmania.cz/*","*://*.zive.cz/*","*://*.doupe.cz/*","*://*.e15.cz/*","*://*.sportrevue.cz/*","*://*.autorevue.cz/*","*://*.youtube.com/*"],"run_at":"document_start"},{"all_frames":true,"js":["port.js","functions.js","filtering/filteroptions.js","adblock_start_common.js","adblock_start_chrome.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":false,"js":["uiscripts/blacklisting/rightclick_hook.js","notificationoverlay.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"content_security_policy":"default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src *; frame-src 'self' hxxps://chromeadblock.com hxxps://getadblock.com","current_locale":"lt","default_locale":"en","description":"AdBlock. The #1 ad blocker with over 200 million downloads. Blocks YouTube, Facebook and ALL ads by default (unlike Adblock Plus).","icons":{"128":"img/icon128.png","16":"img/icon16.png","48":"img/icon48.png"},"incognito":"spanning","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZWWNkerYNFB0SIg87WwcrcniMYkCqxLz4OB3CLNoogUUsHN+Rk9vRB7o3Jjc4shlz2LBvAbtPbrGkU+NK9Hc3ubVydzpnoRDEl1RKz3GhqKFkECvTyAxrsKainXH+4Ni2+K7bg1U0tLoQMPJ9f3ieYLIwXeHh9+lYXQi6soq0pwIDAQAB","manifest_version":2,"minimum_chrome_version":"23","name":"AdBlock","optional_permissions":["management"],"options_page":"options/index.html","permissions":["hxxp://*/*","hxxps://*/*","contextMenus","tabs","idle","webRequest","webRequestBlocking","webNavigation","alarms","storage","notifications"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"2.35","web_accessible_resources":["img/icon24.png","img/icon48.png","jquery/css/images/ui-bg_inset-hard_100_fcfdfd_1x100.png","jquery/css/images/ui-icons_056b93_256x240.png","jquery/css/images/ui-icons_d8e7f3_256x240.png","jquery/css/jquery-ui.custom.css","jquery/css/override-page.css","chrome_oauth_receiver.html"]},"path":"gighmmpiobklfepjocnamgkkbiglidom\\2.35_0","preferences":{},"regular_only_preferences":{},"state":1,"uninstall_url":"hxxps://getadblock.com/uninstall/?u=qrs50jb414578731&t=316138617","was_installed_by_default":false,"was_installed_by_oem":false},"kmendfapggjehodndflmmgagdbamhnfd":{"active_permissions":{"api":["cryptotokenPrivate","externally_connectable.all_urls","hid","tabs","u2fDevices","usb",{"usbDevices":[{"interfaceId":-1,"productId":529,"vendorId":4176}]},"webConnectable"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388103313407","location":5,"manifest":{"background":{"persistent":false,"scripts":["util.js","b64.js","sha256.js","countdown.js","countdowntimer.js","devicestatuscodes.js","approvedorigins.js","errorcodes.js","gnubbycodetypes.js","webrequest.js","gnubbymsgtypes.js","messagetypes.js","factoryregistry.js","closeable.js","requesthelper.js","webrequestsender.js","enroller.js","requestqueue.js","signer.js","origincheck.js","textfetcher.js","appid.js","watchdog.js","cryptotokenorigincheck.js","cryptotokenapprovedorigins.js","gnubbydevice.js","hidgnubbydevice.js","usbgnubbydevice.js","gnubbies.js","gnubby.js","gnubby-u2f.js","gnubbyfactory.js","singlesigner.js","multiplesigner.js","generichelper.js","inherits.js","individualattest.js","devicefactoryregistry.js","usbhelper.js","usbenrollhandler.js","usbsignhandler.js","usbgnubbyfactory.js","googlecorpindividualattest.js","cryptotokenbackground.js"]},"description":"CryptoToken Component Extension","externally_connectable":{"accepts_tls_channel_id":true,"ids":["fjajfjhkeibgmiggdfehjplbhmfkialk"],"matches":["\u003Call_urls>"]},"incognito":"split","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7zRobvA+AVlvNqkHSSVhh1sEWsHSqz4oR/XptkDe/Cz3+gW9ZGumZ20NCHjaac8j1iiesdigp8B1LJsd/2WWv2Dbnto4f8GrQ5MVphKyQ9WJHwejEHN2K4vzrTcwaXqv5BSTXwxlxS/mXCmXskTfryKTLuYrcHEWK8fCHb+0gvr8b/kvsi75A1aMmb6nUnFJvETmCkOCPNX5CHTdy634Ts/x0fLhRuPlahk63rdf7agxQv5viVjQFk+tbgv6aa9kdSd11Js/RZ9yZjrFgHOBWgP4jTBqud4+HUglrzu8qynFipyNRLCZsaxhm+NItTyNgesxLdxZcwOz56KD1Q4IQIDAQAB","manifest_version":2,"name":"CryptoTokenExtension","permissions":["hid","u2fDevices","usb","cryptotokenPrivate","externally_connectable.all_urls","tabs","hxxps://*/*","hxxp://*/*",{"usbDevices":[{"productId":529,"vendorId":4176}]}],"version":"0.9.22"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\cryptotoken","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"lifbcibllhkdhoafpjfnlhfpfgnpldfl":{"ack_prompt_count":1,"active_permissions":{"api":["tabs"],"explicit_host":["hxxps://c2c-directory-dev.trafficmanager.net/*","hxxps://c2c-directory-pre.trafficmanager.net/*","hxxps://c2c-directory-qa.trafficmanager.net/*","hxxps://localhost:26143/*","hxxps://pnrws.skype.com/*"],"manifest_permissions":[],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"extension_can_script_all_urls":true,"external_first_run":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["tabs"],"explicit_host":["hxxps://c2c-directory-dev.trafficmanager.net/*","hxxps://c2c-directory-pre.trafficmanager.net/*","hxxps://c2c-directory-qa.trafficmanager.net/*","hxxps://localhost:26143/*","hxxps://pnrws.skype.com/*"],"manifest_permissions":[],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388113214141","lastpingday":"13079343601451356","location":6,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":{"19":"c2c_48x48.png"},"default_popup":"c2c_options_menu.html","default_title":"Skype Click to Call"},"content_scripts":[{"all_frames":true,"css":["number_highlighting.css","number_highlighting_chrome.css"],"js":["jquery-2.1.0.min.js","mutation-summary.js","localization.js","browserSpecificScript.js","number_highlighting_builder.js","pnr.js","fpnr.js","contentscript.js"],"matches":["hxxp://*/*","hxxps://*/*","file://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","icons":{"128":"c2c_128x128.png","16":"c2c_16x16.png","48":"c2c_48x48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZJxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","manifest_version":2,"name":"Skype Click to Call","permissions":["tabs","hxxps://pnrws.skype.com/","hxxps://c2c-directory-dev.trafficmanager.net/","hxxps://c2c-directory-pre.trafficmanager.net/","hxxps://c2c-directory-qa.trafficmanager.net/","hxxps://localhost:26143/"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"7.4.0.9058","web_accessible_resources":["call_skype_logo.png","call_icon.png","menu_handler.js","telemetry.js"]},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\7.4.0.9058_0","preferences":{},"regular_only_preferences":{},"state":2,"was_installed_by_default":false,"was_installed_by_oem":false},"lmjegmlicamnimmfhcmpkclmigmmcbeh":{"ack_prompt_count":1,"active_permissions":{"api":["nativeMessaging","webConnectable"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":8192,"events":[],"external_first_run":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["nativeMessaging","webConnectable"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388124310785","lastpingday":"13079343601451356","location":6,"manifest":{"background":{"persistent":false,"scripts":["background.js"]},"description":"Open Drive files directly from your browser in compatible applications installed on your computer.","externally_connectable":{"matches":["*://*.google.com/*"]},"icons":{"16":"images/drive-sync16.png","256":"images/drive-sync256.png","64":"images/drive-sync64.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6ls4QXUUamoPAlpgJvnpfy2H/54Zsl5mMSrs1zWaIcVqyGRTvzE9d7ekAfJXoPTplwddWd5Kz0QODFPLTxgl+R9wKhrLgeJi6V4Mx8pzDXgxujlQsiHZjikvWEFhMeXssh+W+AbYt9HJnxnYTg3VD2vXc5hO4eApJ8GGIJijMqVSR4YkwttJhxMwuGWyc1WU/b2OsuCsTBOq52HsWZZoZ0iuN51Iu7kBREYMc/QD6p/YFt9WEWzJwC2/G8JoTL+KD9V++tEsMqBOivNfcLAIp04BViC9plYmcNjtYJ9aCGwIQmNKeUHKRado9nHloeKm8m7GZp+JNQNEJDcaiFzewIDAQAB","manifest_version":2,"name":"Application Launcher for Drive (by Google)","permissions":["nativeMessaging"],"short_name":"Google Drive App Launcher","update_url":"hxxps://clients2.google.com/service/update2/crx","version":"3.2"},"path":"lmjegmlicamnimmfhcmpkclmigmmcbeh\\3.2_0","preferences":{},"regular_only_preferences":{},"state":2,"was_installed_by_default":false,"was_installed_by_oem":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13079388103305935","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://www.google.com/cloudprint"},"urls":["hxxps://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"icons":{},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\cloud_print","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mfffpogegjflfpflabcdkioaeobkgjik":{"active_permissions":{"api":["webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388107947572","location":5,"manifest":{"background":{"scripts":["channel.js","background.js"]},"content_scripts":[{"all_frames":true,"js":["channel.js","saml_injected.js"],"matches":["\u003Call_urls>"],"run_at":"document_start"}],"content_security_policy":"default-src 'self'; script-src 'self'; frame-src 'self' hxxp: hxxps:; style-src 'self'","description":"GAIA Component Extension","incognito":"split","key":"MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC4L17nAfeTd6Xhtx96WhQ6DSr8KdHeQmfzgCkieKLCgUkWdwB9G1DCuh0EPMDn1MdtSwUAT7xE36APEzi0X/UpKjOVyX8tCC3aQcLoRAE0aJAvCcGwK7qIaQaczHmHKvPC2lrRdzSoMMTC5esvHX+ZqIBMi123FOL0dGW6OPKzIwIBIw==","manifest_version":2,"name":"GaiaAuthExtension","permissions":["\u003Call_urls>","webRequest","webRequestBlocking"],"version":"0.0.1","web_accessible_resources":["main.css","main.html","main.js","offline.css","offline.html","offline.js","success.html","success.js","util.js"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\gaia_auth","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"r","commands":{},"content_settings":[],"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13079388103307167","location":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Sparti, paprasta ir saugi žiniatinklio naršyklė, sukurta moderniam žiniatinkliui.","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\chrome_app","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":[],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["chrome://print/*"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388103311706","location":5,"manifest":{"content_scripts":[{"js":["content_script.js"],"matches":["chrome://print/*"]}],"content_security_policy":"script-src 'self' chrome://resources; object-src *; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name":"Chrome PDF Viewer","offline_enabled":true,"permissions":["\u003Call_urls>"],"version":"1","web_accessible_resources":["index.html","index.html"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\pdf","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"neajdppkdcdipfabeoofebfddakdcjhd":{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":["hxxps://www.google.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388103310678","location":5,"manifest":{"background":{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google network text-to-speech service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google Network Speech","permissions":["systemPrivate","ttsEngine","hxxps://www.google.com/"],"tts_engine":{"voices":[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google Espa?ol"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google Fran?ais"},{"event_types":["start","end","error"],"gender":"female","lang":"it-IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-JP","remote":true,"voice_name":"Google ???"},{"event_types":["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google ???"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google ???"}]},"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","processes","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388103307755","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["hxxps://*.google.com/hangouts*","*://localhost/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google+ Hangouts","permissions":["alarms","desktopCapture","processes","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["hxxps://wallet-web.sandbox.google.com/*","hxxps://wallet.google.com/*","hxxps://www.google.com/*","hxxps://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["hxxps://wallet-web.sandbox.google.com/*","hxxps://wallet.google.com/*","hxxps://www.google.com/*","hxxps://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388108956960","lastpingday":"13079689201417819","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"lt","default_locale":"en","description":"„Google“ piniginė, skirta skaitmeninėms prekėms","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"„Google“ piniginė","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["hxxps://www.googleapis.com/auth/sierra","hxxps://www.googleapis.com/auth/sierrasandbox","hxxps://www.googleapis.com/auth/chromewebstore","hxxps://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","hxxps://wallet.google.com/","hxxps://wallet-web.sandbox.google.com/","hxxps://www.google.com/","hxxps://www.googleapis.com/*"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","hxxps://*.googleapis.com/*","hxxps://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079388103309576","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["hxxps://www.googleapis.com/auth/gcm","hxxps://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","hxxps://*.googleapis.com/chromenow/v1/*","hxxps://*.googleapis.com/gcm/*","hxxps://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13079388122812719","lastpingday":"13079689201417819","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"lt","default_locale":"en","description":"Greitas el. paštas, kuriame galima ieškoti ir pateikiama mažiau slamšto.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"powerkem456@gmail.com","username":"powerkem456@gmail.com"}},"homepage":"hxxp://searchou.com/?id=5ca89ca1000000000000dc85de404758
[C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://searchou.com/?q={searchTerms}&id=5ca89ca1000000000000dc85de404758
[C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=5CA8DC85DE404758
[C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : cflheckfmhopnialghigdlggahiomebp
[C:\Users\rasa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://searchou.com/?id=5ca89ca1000000000000dc85de404758
[C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.maxima.lt/?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=47&cntnt01searchinput={searchTerms}&cntnt01origreturnid=16
[C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : oalbifknmclbnmjlljdemhjjlkmppjjl
[C:\Users\simas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : cflheckfmhopnialghigdlggahiomebp
 
-\\ Chromium v
 
 
-\\ Opera v30.0.1835.88
 
 
*************************
 
AdwCleaner[R0].txt - [47015 bytes] - [25/06/2015 14:14:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [47075 bytes] ##########
 


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 26 June 2015 - 06:56 AM

If not already done please run the AdwCleaner tool and clean everything that is found.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://gosearch.me/?u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=hp&inst=1434089835
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1002 -> {B36264C2-3DD1-4D57-A7B3-8279B1456463} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123841&q={searchTerms}
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> 0D1C02392284B6DC37ADC1E91AE543E7 URL = http://searchou.com/?q={searchTerms}&id=5ca89ca1000000000000dc85de404758&r=921
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll No File
FF user.js: detected! => C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\user.js [2015-06-14]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\bingp.xml [2015-03-17]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\BrowserDefender.xml [2013-05-30]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yandex.ru-154900.xml [2014-05-28]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yqs-barff-yandex.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-06-12]
FF Extension: SearchNewTab - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\ouoaaea@lqgro-.co.uk [2013-10-05]
FF Extension: eye perform 1.0.1 - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi [2015-06-14]
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

==

How is the computer running now?

#6 power_kem

power_kem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 28 June 2015 - 11:58 AM

Computer seems to be running good. Still can't access my anti-virus programm. Here's fixlog:
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by ignas at 2015-06-28 19:35:21 Run:1
Running from C:\Users\ignas\Desktop\da
Loaded Profiles: ignas (Available Profiles: rasa & ignas & simas)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://gosearch.me/?u=1abc5dfe9f40e1defcc32404fdfd024b&c=up1&src=hp&inst=1434089835
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1002 -> {B36264C2-3DD1-4D57-A7B3-8279B1456463} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123841&q={searchTerms}
SearchScopes: HKU\S-1-5-21-646931945-2771639376-1147865730-1004 -> 0D1C02392284B6DC37ADC1E91AE543E7 URL = http://searchou.com/?q={searchTerms}&id=5ca89ca1000000000000dc85de404758&r=921
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll No File
FF user.js: detected! => C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\user.js [2015-06-14]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\bingp.xml [2015-03-17]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\BrowserDefender.xml [2013-05-30]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yandex.ru-154900.xml [2014-05-28]
FF SearchPlugin: C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yqs-barff-yandex.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-06-12]
FF Extension: SearchNewTab - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\ouoaaea@lqgro-.co.uk [2013-10-05]
FF Extension: eye perform 1.0.1 - C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi [2015-06-14]
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - No Path Or update_url value
C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B36264C2-3DD1-4D57-A7B3-8279B1456463} => key not found. 
HKCR\CLSID\{B36264C2-3DD1-4D57-A7B3-8279B1456463} => key not found. 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\0D1C02392284B6DC37ADC1E91AE543E7 => key not found. 
HKCR\CLSID\0D1C02392284B6DC37ADC1E91AE543E7 => key not found. 
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => key removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\user.js not found.
"C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\bingp.xml" => not found.
"C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\BrowserDefender.xml" => not found.
C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yandex.ru-154900.xml => moved successfully.
"C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\searchplugins\yqs-barff-yandex.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml" => not found.
C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\ouoaaea@lqgro-.co.uk not found.
C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi => moved successfully.
"HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => key not found. 
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd => key not found. 
"HKU\S-1-5-21-646931945-2771639376-1147865730-1004\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => key not found. 
"C:\Users\ignas\AppData\Roaming\Mozilla\Firefox\Profiles\1a9cnsy7.default\Extensions\{7cd3bedc-d669-4e18-8d13-4e15866f5c72}.xpi" => File/Folder not found.
EmptyTemp: => 1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:38:21 ====
 
 
 
How i understand you want Addition.txt from before i did the fix:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by ignas at 2015-06-25 15:29:35
Running from C:\Users\ignas\Desktop\da
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-646931945-2771639376-1147865730-500 - Administrator - Disabled)
Guest (S-1-5-21-646931945-2771639376-1147865730-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-646931945-2771639376-1147865730-1007 - Limited - Enabled)
ignas (S-1-5-21-646931945-2771639376-1147865730-1004 - Administrator - Enabled) => C:\Users\ignas
rasa (S-1-5-21-646931945-2771639376-1147865730-1002 - Administrator - Enabled) => C:\Users\rasa
simas (S-1-5-21-646931945-2771639376-1147865730-1005 - Administrator - Enabled) => C:\Users\simas
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
„Microsoft SkyDrive“ (HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
µTorrent (HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.1 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}) (Version: 17.0.2.38 - MAGIX AG)
ASUS Music Maker (x32 Version: 17.0.2.38 - MAGIX AG) Hidden
ASUS N Series Demo (HKLM-x32\...\{246B4AFF-6540-4B72-93E8-B9EB86D37589}) (Version: 1.0.0002 - ASUS)
ASUS Photo Designer (HKLM-x32\...\MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}) (Version: 7.0.1.2 - MAGIX AG)
ASUS Photo Designer (x32 Version: 7.0.1.2 - MAGIX AG) Hidden
ASUS Photo Manager (HKLM-x32\...\MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}) (Version: 8.0.3.217 - MAGIX AG)
ASUS Photo Manager (x32 Version: 8.0.3.217 - MAGIX AG) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4712 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4712 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4 (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3019_44673 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2914 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4905d - CyberLink Corp.)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Counter-Strike 1.6 (HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Counter-Strike 1.6) (Version:  - )
Counter-Strike_1.6_Full_48Protocol_For_Windows_8_8.1_7_XP (HKLM-x32\...\{9FD92B89-59FA-E062-3B3B-8BD8815B7F62}) (Version: 3.0 - © EWar.Lt Corporation)
CPU Miner (HKLM\...\cpuminer) (Version: 1.1 - Open Source)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - „Google Inc.“)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000F0}) (Version: 7.0.0 - Oracle)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lightshot-5.1.2.5 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.2.5 - Skillbrains)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit 2007 (HKLM-x32\...\PROOFKIT) (Version: 12.0.4518.1070 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{8c13edfc-064c-4ba0-91cd-5b04248be882}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 29.0.1 (x86 lt) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 lt)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.2.8 - Developer Tribe (Pvt) Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SeaMonkey 2.21 (x86 lt) (HKLM-x32\...\SeaMonkey 2.21 (x86 lt)) (Version: 2.21 - Mozilla)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Software Informer 1.4.1259.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Unity Web Player (HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.00 beta 7 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
WorldPainter 1.10.6 (HKLM\...\4144-4862-0472-7103) (Version: 1.10.6 - pepsoft.org)
zMule (HKLM-x32\...\{7D60CAB0-904B-4667-9ACB-314F869756D9}) (Version: 2.0.16 - emule-project.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ignas\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ignas\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ignas\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ignas\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ignas\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-646931945-2771639376-1147865730-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ignas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06B39EF1-6773-48A4-A10C-1D7BE9DEEAEA} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {08C32D5F-EC89-4BF8-9836-50FE9FEBAE5E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_pepper.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {0A8389AB-26C7-45CB-868D-8022101CAAEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {1B2344AD-D394-4749-B5C9-ECD971689E0D} - \Windows Defrag No Task File <==== ATTENTION
Task: {21F9C920-7DF5-4D29-9940-1523B9D768C9} - \GNOK No Task File <==== ATTENTION
Task: {28F2EDD2-B540-4F45-80DE-4299627C4AE8} - \BYAIAMUF No Task File <==== ATTENTION
Task: {2C5E46FB-35D3-4F2D-8B54-B2B1B12261F2} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2015-02-25] (Informer Technologies, Inc.)
Task: {36C994C6-E713-4BDD-BFE4-CA2FAF4401FC} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {3CEB3198-5F43-41CE-B0AA-B866FF132DA6} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-06-22] (ASUS)
Task: {4201FC9C-62CA-4E6A-B36C-71FDDA9A0FE5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4583F251-B620-4EC4-9EBD-ECC1F997B49D} - System32\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1004 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {46BC3E61-EA35-4218-A919-C7868A35EFD2} - System32\Tasks\{6F690394-5A9B-49C3-A1BA-106D829CFB0C} => pcalua.exe -a C:\Users\ignas\Downloads\forge-1.7.10-10.13.0.1180-installer-win.exe -d C:\Users\ignas\Downloads
Task: {58F1BA12-A353-46BE-8526-4B674D127208} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {5EB905A7-5F91-4439-8A68-6E1CEBF8F612} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {5F5EFAF9-1E94-4F3D-BC41-3E24F78977B8} - System32\Tasks\Alfasistem Memory Job => C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe
Task: {679869C0-CDFC-43A1-9901-C2B00D809061} - \Malware Cleaner No Task File <==== ATTENTION
Task: {6AB27BD5-157B-48F0-8F83-A9960594BC9B} - System32\Tasks\{1B20F60F-98B5-4F28-BD51-826E99575A1D} => pcalua.exe -a "C:\Program Files (x86)\eye perform\eyeperformuninstall.exe"
Task: {6D631048-1DFE-4422-8473-1C0C5A6D0F54} - System32\Tasks\AdobeAAMUpdater-1.0-gvazdikai-rasa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {710CCE87-C9FE-44D0-8A0D-B01F7AAEFE83} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {7BE713E0-697F-4873-9776-03250E2AF6BB} - System32\Tasks\{23970CC0-4B8D-446C-8EC6-29867E8D56FA} => pcalua.exe -a "C:\Program Files (x86)\Roller Coaster Tycoon 3\RCT3plus.exe" -d "C:\Program Files (x86)\Roller Coaster Tycoon 3"
Task: {893C3687-392F-4C72-A966-055AE4B1147C} - System32\Tasks\AdobeAAMUpdater-1.0-gvazdikai-simas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {993E5A3B-5BEC-4563-9BF5-4E18B4E5CFE9} - System32\Tasks\Safesoft Defender Job => C:\Program Files (x86)\Safesoft Defender\SafesoftDefender.exe [2015-06-16] (Secure Updater)
Task: {A55AD52D-4FB1-4346-BB7A-518AB7030189} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {A98E998B-C585-4D3A-B120-3A4AEC5FD0C6} - System32\Tasks\Opera scheduled Autoupdate 1429104988 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {B1EB8D23-A2FE-4EF3-957F-006436758051} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] („Google Inc.“)
Task: {BEBECEF9-3483-477E-B27D-B6F3D583B4CC} - System32\Tasks\AdobeAAMUpdater-1.0-gvazdikai-ignas => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {C65E9E9F-9102-463C-86E6-8ACD6656CF78} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {D0E8A458-4934-4DBC-9DF4-CF9D876A4982} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D3ADF985-AAB5-44BD-987C-BDA9F435561E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {DB149093-FD2B-4C99-BBEC-DE8C96F0C553} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {E12C38F7-9DD5-4719-9FCB-FD89D5E06401} - System32\Tasks\{DA5D6DFA-05BF-4AEA-9BFA-8E34B9E70485} => pcalua.exe -a "C:\Program Files (x86)\Euro Truck Simulator 2\unins000.exe"
Task: {EA9F1569-4C2C-41B7-AE0F-1D93AAD50748} - System32\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {ED66EF55-0A7F-4BE5-A60F-DFE29141145B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {F7D2032C-CF95-4B60-B407-04E3FB241A02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] („Google Inc.“)
Task: {FF3102A3-5783-4948-A451-C0CDFA8CFFB4} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BYAIAMUF.job => C:\Users\ignas\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GNOK.job => C:\Users\ignas\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-646931945-2771639376-1147865730-1004.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-26 14:39 - 2015-06-17 12:10 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-01 18:45 - 2015-06-17 09:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-28 11:01 - 2015-05-09 11:00 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2012-09-21 23:48 - 2009-04-17 13:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-08-04 12:34 - 2012-08-04 12:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-04-14 18:06 - 2015-06-04 00:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-06-14 10:36 - 2015-06-17 12:10 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 21:20 - 2015-02-28 15:21 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2013-08-07 09:00 - 2015-04-16 20:40 - 00776192 _____ () C:\Users\ignas\Desktop\steam\SDL2.dll
2015-01-25 13:18 - 2015-04-23 05:16 - 04962816 _____ () C:\Users\ignas\Desktop\steam\v8.dll
2014-05-22 14:30 - 2015-06-04 21:56 - 02407104 _____ () C:\Users\ignas\Desktop\steam\video.dll
2015-01-25 13:18 - 2015-04-23 05:16 - 01556992 _____ () C:\Users\ignas\Desktop\steam\icui18n.dll
2015-01-25 13:18 - 2015-04-23 05:16 - 01187840 _____ () C:\Users\ignas\Desktop\steam\icuuc.dll
2014-08-31 20:40 - 2014-12-02 00:31 - 02396672 _____ () C:\Users\ignas\Desktop\steam\libavcodec-56.dll
2014-08-31 20:40 - 2014-12-02 00:31 - 00479744 _____ () C:\Users\ignas\Desktop\steam\libavformat-56.dll
2014-08-31 20:40 - 2014-12-02 00:31 - 00332800 _____ () C:\Users\ignas\Desktop\steam\libavresample-2.dll
2014-08-31 20:40 - 2014-12-02 00:31 - 00442880 _____ () C:\Users\ignas\Desktop\steam\libavutil-54.dll
2014-08-31 20:40 - 2014-12-02 00:31 - 00485888 _____ () C:\Users\ignas\Desktop\steam\libswscale-3.dll
2013-08-07 09:00 - 2015-06-04 21:56 - 00703168 _____ () C:\Users\ignas\Desktop\steam\bin\chromehtml.DLL
2012-03-15 10:48 - 2012-03-15 10:48 - 00221184 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2012-09-21 23:23 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-08-07 09:00 - 2015-05-11 22:01 - 36302728 _____ () C:\Users\ignas\Desktop\steam\bin\libcef.dll
2015-06-23 10:31 - 2015-06-20 08:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-23 10:31 - 2015-06-20 08:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:4BE698E6
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-646931945-2771639376-1147865730-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\rasa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\ignas\Desktop\wallinho popieriinho\16254.jpg
HKU\S-1-5-21-646931945-2771639376-1147865730-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\StartupApproved\Run: => "LightShot"
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-646931945-2771639376-1147865730-1004\...\StartupApproved\Run: => "SpeedUpMyComputer"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{33CD1263-E17C-4C18-AF24-CF3CBE1B2760}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{FFC2A8D4-CFBB-4710-9FAD-706DDCE97873}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D2CD1300-6299-4C6B-96BC-9A84F079EB50}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FE7F1315-7740-4141-A762-321A616866A6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{444DC11D-FCD5-4539-868C-771EF75EB7D0}] => (Allow) C:\Users\ignas\Desktop\steam\Steam.exe
FirewallRules: [{E898F139-BF1E-4C63-A86E-8311AC5D296F}] => (Allow) C:\Users\ignas\Desktop\steam\Steam.exe
FirewallRules: [UDP Query User{435791EB-5DF3-4D0D-B823-4877683459F8}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{843C5987-3FDE-437C-A7A3-6C8040CA0561}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{374CFE02-8A35-41F2-A892-61D4B2FB0D50}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Block) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [TCP Query User{01C29F4A-3BDC-410B-8B1A-FA2F75EC0AB3}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Block) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [{F5EA8DB1-A4B8-4DC5-969F-7C1EF3D0D279}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{0455AC2D-ACF9-4C99-9585-A9D47FD9D450}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{79899DD5-39E9-4715-95B4-9C41E9F2606C}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{CD8F64CB-01AD-4950-AFBF-FB3C7905CCB6}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{6F609E2B-5F7B-4B06-AFDF-93CC804E08D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7A1E91B4-443F-49A5-A267-2EF1A33B798E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{72870D20-BA5A-4D42-B906-12ED0F56DFF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{32EE90BB-B142-420F-8738-051277DD7BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8B576F27-E64D-48B4-AC85-E0BC84323A56}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48A502B1-A697-430B-83F9-1BE218146427}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B8A2E5C9-08E4-46C0-AF54-BA1F7DE5B48E}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{D0F82FFE-176D-44D4-A5AE-6B93C8568A00}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [UDP Query User{AB375FC5-ACE0-468A-821B-1F01E75317E1}C:\users\ignas\desktop\steam\steam.exe] => (Allow) C:\users\ignas\desktop\steam\steam.exe
FirewallRules: [TCP Query User{4B745DBC-6FF0-4A11-814A-199D863E472F}C:\users\ignas\desktop\steam\steam.exe] => (Allow) C:\users\ignas\desktop\steam\steam.exe
FirewallRules: [{6BB59667-3841-44A1-B250-172D69BABD1E}] => (Block) C:\program files\java\jre1.7.0\bin\javaw.exe
FirewallRules: [{FF9D0E3C-BC11-45C9-8147-C11477DD115D}] => (Block) C:\program files\java\jre1.7.0\bin\javaw.exe
FirewallRules: [UDP Query User{A1DBE2B2-0058-42E4-88F5-D26DEA3091AA}C:\program files\java\jre1.7.0\bin\javaw.exe] => (Allow) C:\program files\java\jre1.7.0\bin\javaw.exe
FirewallRules: [TCP Query User{00BB9EA9-3888-401E-B605-9E71332220AE}C:\program files\java\jre1.7.0\bin\javaw.exe] => (Allow) C:\program files\java\jre1.7.0\bin\javaw.exe
FirewallRules: [{7DC463FF-877D-413B-ADF7-508B016279B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85931AEA-40B6-434A-977A-AF2D2E8DF54D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A646D0C2-8050-437E-A30B-FB7707257021}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{480E2016-43FB-4A33-B5BC-84B7363CE72A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6C82E326-A35C-4612-AA2C-790635D6E1F6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D99D1DFA-C5C5-4D0F-9576-7EF0BB35643C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{074809CA-2A7B-4B0E-9B4D-DA7E734E13BD}] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [{DADE88FA-5A6A-4C62-B66A-D6E58CC3C859}] => (Block) C:\games\counter-strike\hl.exe
FirewallRules: [UDP Query User{9C2B827D-F64F-4863-AFCB-798A39DB46A8}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [TCP Query User{502A36DF-EF63-4AF5-8F5A-6A57FB1F3903}C:\games\counter-strike\hl.exe] => (Allow) C:\games\counter-strike\hl.exe
FirewallRules: [{16ED01DF-3F7C-425F-8BF4-D014C924C742}] => (Block) C:\program files (x86)\counter-strike_1.6\hl.exe
FirewallRules: [{9DD07667-66B5-4654-9F8D-689E71EC0FDE}] => (Block) C:\program files (x86)\counter-strike_1.6\hl.exe
FirewallRules: [UDP Query User{DDDAF61E-245C-4EAF-B1DC-25AE03F027DD}C:\program files (x86)\counter-strike_1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike_1.6\hl.exe
FirewallRules: [TCP Query User{58B2F027-80A1-4043-9A03-C9A6360A77D4}C:\program files (x86)\counter-strike_1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike_1.6\hl.exe
FirewallRules: [{F5633696-8D95-408D-913F-019C0F696A5C}] => (Block) C:\program files (x86)\counter-strike\hl.exe
FirewallRules: [{E1ECDEC5-899E-4BC2-BC07-53226F16B0FD}] => (Block) C:\program files (x86)\counter-strike\hl.exe
FirewallRules: [UDP Query User{0651AF86-B960-4D30-8146-3590D109D462}C:\program files (x86)\counter-strike\hl.exe] => (Allow) C:\program files (x86)\counter-strike\hl.exe
FirewallRules: [TCP Query User{05B03BAB-555A-4D27-958B-8F4131E09B13}C:\program files (x86)\counter-strike\hl.exe] => (Allow) C:\program files (x86)\counter-strike\hl.exe
FirewallRules: [{D738F085-2B9A-4158-AA59-B0D99A5477B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A11FDAD2-3352-4FD8-A9E7-CFCC4697C934}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1BE6BD9D-780A-41D2-A8C6-96489DCA1EEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7D3F62B0-1F63-4826-99B2-B98F19943E86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1FF18B33-C012-466F-9DE7-94E2757CB996}] => (Block) C:\users\ignas\downloads\age of empires 1,2, and 3 with expansion packs\age of empires 2 + expansion\game files\age of empires 2\empires2.exe
FirewallRules: [{8628F919-867A-45EA-A331-65A9D3953834}] => (Block) C:\users\ignas\downloads\age of empires 1,2, and 3 with expansion packs\age of empires 2 + expansion\game files\age of empires 2\empires2.exe
FirewallRules: [UDP Query User{BCE724A8-C0B7-42D9-AC2E-14DE7562B7DE}C:\users\ignas\downloads\age of empires 1,2, and 3 with expansion packs\age of empires 2 + expansion\game files\age of empires 2\empires2.exe] => (Allow) C:\users\ignas\downloads\age of empires 1,2, and 3 with expansion packs\age of empires 2 + expansion\game files\age of empires 2\empires2.exe
FirewallRules: [TCP Query User{4474FC1E-2739-4A59-876D-6FF7CDB73576}C:\users\ignas\downloads\age of empires 1,2, and 3 with expansion packs\age of empires 2 + expansion\game files\age of empires 2\empires2.exe] => (Allow) C:\users\ignas\downloads\age of empires 1,2, and 3 with expansion packs\age of empires 2 + expansion\game files\age of empires 2\empires2.exe
FirewallRules: [{137D1B81-B915-4B64-BB1E-97C425A8CF12}] => (Block) C:\zmule\zmule.exe
FirewallRules: [{6A0D05BE-6156-4140-9928-125FF88FDE5C}] => (Block) C:\zmule\zmule.exe
FirewallRules: [UDP Query User{FAFA1192-10C2-4F51-B1A8-B392125E8AB0}C:\zmule\zmule.exe] => (Allow) C:\zmule\zmule.exe
FirewallRules: [TCP Query User{33C89A73-73D8-4C23-B135-64789B1D2902}C:\zmule\zmule.exe] => (Allow) C:\zmule\zmule.exe
FirewallRules: [{E6C50DE6-A624-4B3B-AF68-FF1122806325}] => (Allow) C:\Program Files (x86)\Trials Evolution\Trials_launcher.exe
FirewallRules: [{6B37906A-5B34-4642-9F01-B37B6A372E1B}] => (Allow) C:\Program Files (x86)\Trials Evolution\Trials_launcher.exe
FirewallRules: [{4A89D61F-96D7-44CF-8915-523FAEBDA155}] => (Allow) C:\Program Files (x86)\Trials Evolution\datapack\trialsFMX.exe
FirewallRules: [{B0BF52DE-FBD9-4504-9D95-CC89D1639C40}] => (Allow) C:\Program Files (x86)\Trials Evolution\datapack\trialsFMX.exe
FirewallRules: [{77520C94-43AC-4D9E-8A37-A6DFCF1FA020}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94F13D9C-225E-4386-AFDE-C3E7DAF855FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24E54154-F82E-40FF-A36C-E5FD8A359832}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{070717D6-64E6-42AC-BD40-C2BB7DB73756}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [UDP Query User{C372DA41-306A-4E32-BE10-D270783E870F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{61FE21ED-BCA7-43CC-9F37-E48871E24B15}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4F73B3E1-E9FF-48BE-8753-76B9B935D9B6}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Block) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [TCP Query User{0309B518-3461-4588-8B88-D0CD9DF1940C}C:\program files (x86)\saints row iv\saintsrowiv.exe] => (Block) C:\program files (x86)\saints row iv\saintsrowiv.exe
FirewallRules: [{4ECCE3E3-CE60-455D-B3D8-26E483042A88}] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{D6E748B1-D8DC-4A48-9CA1-CDFB70C8FEEF}] => (Block) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{82663AD9-017A-40BE-BB96-A114619A0748}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{AFA55C93-CC2A-444E-A0E8-4D52A9C07416}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{C869FA11-B048-4FAF-8E38-398D08BEF21F}] => (Block) C:\windows\system32\java.exe
FirewallRules: [{A406D3B9-D941-49B7-95E3-C9DA7FCB76E2}] => (Block) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{C77A3A09-7E34-40C3-BBE3-0CE4E1518AF6}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{511D1573-9CEC-46A9-9FE0-0634933DFFB9}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{C13B3CDB-2DED-49CF-B375-C706FCC8556D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{6EDE64DC-FD7A-48D6-BDC8-48713ABDF771}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{60FD6906-0060-464B-9C51-12DFF2DC0C06}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{2A799B98-BB00-4E68-AB9D-B75E70C9ADBA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{6883B269-6ED1-4E04-8E34-7E65CD72B72C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{72FFBA55-C590-41F4-B37F-6C3329B821F1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A00BBB1A-6130-4F79-8CC2-D34142516153}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F1F7AE83-BBF9-48BB-A92C-600A8CC55473}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B64E57D1-2CFD-4FD7-9BB6-0AB3A1474799}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AC509758-B8C6-4D93-984B-A2EE95D59A36}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CE744551-3CE1-49B7-8DD1-0A16EF0612AE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DACCDD11-F18C-4B9C-AE55-8F7BFDA22244}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8CA1B4E5-36B8-4192-BC47-7FA4F1503E1D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{130AD122-523C-4467-B2FF-FCE7AA592402}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0EAC49C0-925A-49AD-AE86-B06962B804C2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B711DBF1-D808-4115-A9B0-B94053BF67CB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{83B6087E-8E60-4169-B3CF-686C792D1BB0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2613D8DD-0BCD-434E-AFF2-C2C9DCC91079}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [UDP Query User{B4B15FDB-70C9-4C56-83EE-F711A0E8601B}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{E7E4D480-EF8A-4E25-93CE-A0E8B461A785}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{FADE32F2-A4D9-4B36-8992-F4D680ED4A91}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{23F237DD-0A10-4A42-9046-EA760190A406}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1AE1001D-2BD4-41EB-9D1A-BF7C4D02D738}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{69D63FC9-048A-42BB-8567-E1A09B4FDE1E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F8B11FA8-5872-416A-A84C-89CF3DD42C08}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9330A739-2402-4DA1-98D0-9A220DA381EE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1878C35E-367F-4C57-AC4C-C9F7C2D1C3F9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{10A04B3F-FC93-45E5-85FE-FC71904169E7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{70DAF3F3-EDF7-4804-82D1-E5942466458A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F9F31E70-1857-4926-9E69-A5092BC2C4B3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A11032B0-4968-448E-88CB-6B1DDD40859E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D959D75A-E08C-4BF9-811B-FBE781C8351E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1870E20E-F35A-41AA-B5F0-32769BC08D3B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0DA5DA2A-EFF6-4738-B859-3F8DEBB9B79E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E3BEB1DB-2BE4-4FB8-A703-8A4C72BAE740}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [UDP Query User{ED012EFC-9DAC-44E8-AC0D-DDD6DE9C9995}D:\program files (x86)\valve\hl.exe] => (Block) D:\program files (x86)\valve\hl.exe
FirewallRules: [TCP Query User{0E1105FC-5B1C-4D2D-ABFC-EE22406FCDC2}D:\program files (x86)\valve\hl.exe] => (Block) D:\program files (x86)\valve\hl.exe
FirewallRules: [UDP Query User{7F163B13-DAC9-4E5A-9FD7-D8C543C546C4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{2DEB31FA-CCAF-4E2C-AF54-237EA93A481F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{72BA90BF-CD4C-4061-81B7-867510143849}] => (Allow) C:\Program Files (x86)\Ski Region Simulator 2012\SkiRegionSimulator2012Game.exe
FirewallRules: [{F473D770-4212-43EF-9936-2E95BDD22CB5}] => (Allow) C:\Program Files (x86)\Ski Region Simulator 2012\SkiRegionSimulator2012Game.exe
FirewallRules: [{D80D32B0-ED0E-4638-B29A-DDAA43CE7DC2}] => (Allow) C:\Program Files (x86)\Ski Region Simulator 2012\game.exe
FirewallRules: [{A739B61E-5039-4BC1-96BA-A928D5A940AA}] => (Allow) C:\Program Files (x86)\Ski Region Simulator 2012\game.exe
FirewallRules: [{AC9AB7D4-28D2-4180-B68F-3E37EAC40BB7}] => (Allow) C:\Program Files (x86)\Ski Region Simulator 2012\SkiRegionSimulator2012.exe
FirewallRules: [{52786CDF-2D98-4307-B250-38F202DFAF35}] => (Allow) C:\Program Files (x86)\Ski Region Simulator 2012\SkiRegionSimulator2012.exe
FirewallRules: [{371FB84C-4125-46C6-B794-C33C34B1123F}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{F97CE6E2-AF6C-4144-8689-1E1A3A612B10}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{797DE8F8-C897-4BAC-851F-C3EB224E79F4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{F69E4B20-1E8C-4564-A308-3A9B30D37EFB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{CD3514C7-02BD-4E9F-9B33-5942BF9B0C4F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C5659AD8-6F40-4F05-A7BE-729C2D8EE22A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03E3FE7E-0D2F-4A55-969B-76CE7F6A0E28}] => (Allow) C:\Users\ignas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7A5A0E1E-AF10-4E9A-8365-998B83B1AE03}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8874586E-4BB4-4807-8C73-80E7A04A099F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{93A0BCC5-158D-469C-9B40-1C51CC2C71AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{290755A2-3397-4AF2-BDB2-B4D96A8DB97D}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6649A913-E932-4376-B037-5ADBE97EE75E}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F09F45A5-BE2C-429F-96DC-3A8E054C95C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{5C2D4257-E6FE-4079-8E9F-82D8BDA7E4A7}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{56F8E920-C535-45CF-96FE-1821DC0523A9}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{907DF066-6E37-4090-8EB1-E8AB9ECC7C7C}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{3A0657A4-D8BC-4891-8EEC-A49D1D7E9676}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Btvstack.exe
FirewallRules: [{9151119F-BE34-4821-A298-39C554FC0443}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{230A526D-45F7-4E19-89DB-FDB677E49B6D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1EEC5743-A83B-4AAC-9928-0E94F430EEF5}] => (Allow) C:\Users\ignas\AppData\Roaming\DownloadManager\idownloader.exe
FirewallRules: [{EB3224BD-C921-4922-99BE-989380D1F498}] => (Allow) C:\Users\ignas\AppData\Roaming\DownloadManager\idownloader.exe
FirewallRules: [{0B9E613A-4308-4038-9024-A6A4F5753E60}] => (Allow) C:\Users\ignas\AppData\Roaming\DownloadManager\idownloader.exe
FirewallRules: [{34469313-B540-4186-9A92-0FFF91A0B394}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{B1370331-6C94-4921-A49C-3A9876BDD6AF}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{2312C6B3-35B5-496A-AFBF-05FE6AAE8815}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{84BB5BA7-942B-464E-AE49-F02BF2240AD5}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{D45C1923-6AF2-4FCE-B67B-C238C7244201}] => (Allow) C:\Users\ignas\Desktop\steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{7793E696-4946-44E8-80AB-FC40079A882B}] => (Allow) C:\Users\ignas\Desktop\steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{00894605-07DF-47E6-A075-9FE3286DEACF}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{E3AC063C-7C8E-4EA6-B363-2775DEB8BA10}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{3F6933AF-8CE7-4BF7-A012-350CA2424029}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{90A7D327-C068-4839-9604-38C368D65CB4}] => (Allow) D:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{7CAA5B1A-5178-4DC5-95CA-3922AA4BD6DC}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{0B7068AB-F5D9-425B-A32B-751AD0796CEE}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{C672BBB8-101E-4E31-9302-D63AEBCAC7B4}C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe] => (Allow) C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe
FirewallRules: [UDP Query User{56DD0D03-5FE8-4CB7-903B-DDBC605C76AA}C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe] => (Allow) C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe
FirewallRules: [TCP Query User{4921CCAB-73B5-4B9A-A0A7-3BF1EAB012D3}C:\games\total war rome ii\rome2.exe] => (Allow) C:\games\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{C4804567-C189-47CE-B5B0-EAED886BFC91}C:\games\total war rome ii\rome2.exe] => (Allow) C:\games\total war rome ii\rome2.exe
FirewallRules: [{DE1C0F4C-33B2-4530-9A1C-77F6969B684B}] => (Allow) C:\Users\ignas\Desktop\steam\bin\steamwebhelper.exe
FirewallRules: [{06B906A3-ADF8-4F82-A0C9-F7A3C456E231}] => (Allow) C:\Users\ignas\Desktop\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{D2D79E2F-B4ED-4734-87D3-DA60AC88EA78}C:\users\ignas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ignas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7F46524C-DD64-44E1-BB6B-8FECC181A5FF}C:\users\ignas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ignas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{45B285BE-4C8F-4BEB-A4E1-E60B46B2C3EE}D:\program files (x86)\counter-strike 1.6\hl.exe] => (Block) D:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{67DBC191-F00D-445C-833A-4835487C5724}D:\program files (x86)\counter-strike 1.6\hl.exe] => (Block) D:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{8F3C0579-40EF-4D6A-9116-B5F58CCCCB48}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{DBB4FBD5-6B27-4602-BB85-D38F1931E0D9}D:\counter-strike 1.6\hl.exe] => (Allow) D:\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{4E5F04B3-52FE-4B51-9C83-302AB6F3FCB6}C:\users\ignas\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\ignas\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{A68F9B1F-7CBC-4568-AD1F-B48A6D48260D}C:\users\ignas\appdata\roaming\torntv.com\torntv downloader.exe] => (Allow) C:\users\ignas\appdata\roaming\torntv.com\torntv downloader.exe
FirewallRules: [{70A3BB3C-6F48-4C67-AA95-546315A82E5A}] => (Allow) C:\Users\ignas\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{60CA51DA-BF4D-42B5-9ED8-A3CB84486736}] => (Allow) C:\Users\ignas\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{20AE0164-FFE8-411B-B8DE-319E329070DA}C:\users\ignas\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ignas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A0CA7BA5-1FAE-42D1-B14B-43F22AC02FC7}C:\users\ignas\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ignas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{3329002B-8E91-4CB8-9D4B-476BD47FA757}] => (Allow) C:\Users\ignas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E25CB310-6748-4446-9ECC-7A08049ACD8D}] => (Allow) C:\Users\ignas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{02F8EFD7-D20E-4907-823A-03A7098B728E}C:\users\ignas\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\ignas\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6913560D-3CEB-44DC-A875-7601F02B98F2}C:\users\ignas\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\ignas\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{AC088143-0426-4F26-A339-337E87E6D246}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{EB52B648-81B5-4BFC-87AD-E5B2DCCDE6E6}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C00A4E7B-C129-4EE3-B750-82918CE57F8E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{F8CE67D8-4E62-458D-BD42-0A9BE2DD7A96}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{506E31F1-B16A-4862-82F0-612CC89BE49B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{F15BD32B-40E0-4951-A715-849C53799E58}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{9C00A457-475E-49CF-BE01-E03DE9F967DF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{911880F4-375A-45C8-9A6C-806B18E66C08}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{40DB9153-7531-416D-9E09-572DA8557D69}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{3953E767-493B-4AAF-BD62-996F18206CE0}] => (Allow) LPort=12292
FirewallRules: [TCP Query User{D9A57334-B3A6-4E4C-8DBE-872D157C0522}D:\gta5.exe] => (Allow) D:\gta5.exe
FirewallRules: [UDP Query User{46A54206-9D71-4BD5-89FC-D3F67E3CF323}D:\gta5.exe] => (Allow) D:\gta5.exe
FirewallRules: [{38E51CD5-E4D5-4768-973C-9294553087EE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8D83C926-DBD1-4BDC-8872-836E97381107}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1A6FEB58-4ABD-45C8-8D01-B6B024358E94}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{354306F6-3EB9-4E62-BB5F-3649F59BBC03}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{847B6F28-CD05-4F67-BB22-1522ED48E9AA}D:\counter-strike 1.6\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe] => (Allow) D:\counter-strike 1.6\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe
FirewallRules: [UDP Query User{21A9C485-E029-4406-B125-64919DD5BCCC}D:\counter-strike 1.6\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe] => (Allow) D:\counter-strike 1.6\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe
FirewallRules: [{59EC2A29-44CF-45CD-8999-C08D5CDDE9B7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{38422E99-525F-4A20-8E37-3B3A812A5454}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{7B19F541-0A8F-40E6-A139-132341672B9E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{51133520-3E50-4410-AAA7-D2864BFE3058}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{C575F5C2-F843-4FDF-A1D8-012595E872BC}D:\program files (x86)\hl.exe] => (Allow) D:\program files (x86)\hl.exe
FirewallRules: [UDP Query User{BF3125BA-AB03-4E1D-8D15-19D99CDB731B}D:\program files (x86)\hl.exe] => (Allow) D:\program files (x86)\hl.exe
FirewallRules: [TCP Query User{92A4023F-E3F3-4873-85DB-EB1AD736BB0A}D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe] => (Allow) D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe
FirewallRules: [UDP Query User{8858566E-F1C2-4B3E-AF03-5D42CEDBA162}D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe] => (Allow) D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe
FirewallRules: [TCP Query User{7727B7FE-D0A9-4AEA-B524-B5633356101C}D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe] => (Allow) D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe
FirewallRules: [UDP Query User{5F5C397B-73E9-4156-96D8-473C4C3E2232}D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe] => (Allow) D:\program files (x86)\counter-strike_1.6_full_48protocol_for_windows_8_8.1_7_xp\hl.exe
FirewallRules: [TCP Query User{E79D9F41-FB75-40DC-9FD4-6192BEA816CB}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{96BD0E21-70F2-4778-85D6-8EA1768DD5C3}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{C399424D-35E5-4855-A729-D4443B693B6F}D:\program files (x86)\cs ecs\hl.exe] => (Allow) D:\program files (x86)\cs ecs\hl.exe
FirewallRules: [UDP Query User{B9725762-A3D3-4D4A-A7D8-E74E972D966E}D:\program files (x86)\cs ecs\hl.exe] => (Allow) D:\program files (x86)\cs ecs\hl.exe
FirewallRules: [TCP Query User{3C19938E-9F43-4AF6-A8A5-45136190CCF4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{BEF94695-4D66-4409-8733-29500CE4F1EF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{75C6508D-B992-4CE1-8717-55BAF64ADBAB}D:\program files (x86)\cs ecs\hl.exe] => (Allow) D:\program files (x86)\cs ecs\hl.exe
FirewallRules: [UDP Query User{A3F82E3F-E0EF-46AD-B105-E300BCEF535D}D:\program files (x86)\cs ecs\hl.exe] => (Allow) D:\program files (x86)\cs ecs\hl.exe
FirewallRules: [{0CE8AD90-AC7C-45C0-87E3-F4DDF894BBFF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/24/2015 01:00:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveUpdate.exe version 3.1.7.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fe4
 
Start Time: 01d0ae63d6face00
 
Termination Time: 2
 
Application Path: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
 
Report Id: c423c957-1a57-11e5-bf75-dc85de404758
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/24/2015 00:32:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveUpdate.exe version 3.1.7.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1274
 
Start Time: 01d0ae5d3f7ec560
 
Termination Time: 90
 
Application Path: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
 
Report Id: d23f7a6a-1a53-11e5-bf74-dc85de404758
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/24/2015 00:31:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Sugadintos taikomosios programos pavadinimas: Explorer.EXE, versija: 6.3.9600.17667, laiko žyma: 0x54c6f7c2
Sugadinto modulio pavadinimas: AltTab.dll, versija: 6.3.9600.17415, laiko žyma: 0x54503a70
Išimties kodas: 0xc0000094
Sugadintas poslinkis: 0x000000000000aa74
Sugadinto proceso ID: 0xd40
Sugadintos taikomosios programos paleidimo laikas: 0xExplorer.EXE0
Sugadintos taikomosios programos kelias: Explorer.EXE1
Sugadinto modulio kelias: Explorer.EXE2
Ataskaitos ID: Explorer.EXE3
Sugadinto paketo visas pavadinimas: Explorer.EXE4
Su sugadintu paketu susijusios taikomosios programos ID: Explorer.EXE5
 
Error: (06/22/2015 07:24:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Sugadintos taikomosios programos pavadinimas: hl.exe, versija: 1.1.1.1, laiko žyma: 0x43712ff5
Sugadinto modulio pavadinimas: unknown, versija: 0.0.0.0, laiko žyma: 0x00000000
Išimties kodas: 0xc0000005
Sugadintas poslinkis: 0xfc393070
Sugadinto proceso ID: 0x18a4
Sugadintos taikomosios programos paleidimo laikas: 0xhl.exe0
Sugadintos taikomosios programos kelias: hl.exe1
Sugadinto modulio kelias: hl.exe2
Ataskaitos ID: hl.exe3
Sugadinto paketo visas pavadinimas: hl.exe4
Su sugadintu paketu susijusios taikomosios programos ID: hl.exe5
 
Error: (06/22/2015 02:56:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Sugadintos taikomosios programos pavadinimas: hp_238583.exe, versija: 1.1.1.6, laiko žyma: 0x557ec097
Sugadinto modulio pavadinimas: hp_238583.exe, versija: 1.1.1.6, laiko žyma: 0x557ec097
Išimties kodas: 0xc0000005
Sugadintas poslinkis: 0x0000fe9c
Sugadinto proceso ID: 0x1bfc
Sugadintos taikomosios programos paleidimo laikas: 0xhp_238583.exe0
Sugadintos taikomosios programos kelias: hp_238583.exe1
Sugadinto modulio kelias: hp_238583.exe2
Ataskaitos ID: hp_238583.exe3
Sugadinto paketo visas pavadinimas: hp_238583.exe4
Su sugadintu paketu susijusios taikomosios programos ID: hp_238583.exe5
 
Error: (06/21/2015 10:04:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000003FD4E8F180.72).  hr = 0x80070005, Prieiga uždrausta.
.
 
Error: (06/21/2015 10:04:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003a8,(null),0,REG_BINARY,000000F844C8DDC0.72).  hr = 0x80070005, Prieiga uždrausta.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {63156abe-5e9b-465a-aeb2-f41779a194f8}
 
Error: (06/21/2015 10:04:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009d0,(null),0,REG_BINARY,00000024F613DD70.72).  hr = 0x80070005, Prieiga uždrausta.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {3282e89c-2409-4ede-ab3b-d0accec21946}
 
Error: (06/21/2015 10:04:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000194,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,0000003FD6DAE6F0.72).  hr = 0x80070005, Prieiga uždrausta.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {c45c05b6-7a14-462c-a063-0c6b2bb2efdf}
 
Error: (06/21/2015 10:04:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000da8,(null),0,REG_BINARY,000000791679DD40.72).  hr = 0x80070005, Prieiga uždrausta.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {9dd7a153-acc0-48db-af1e-4ebb983e004f}
 
 
System errors:
=============
Error: (06/25/2015 01:10:16 PM) (Source: DCOM) (EventID: 10010) (User: gvazdikai)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (06/25/2015 01:09:46 PM) (Source: DCOM) (EventID: 10010) (User: gvazdikai)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (06/25/2015 00:52:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/25/2015 11:14:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/25/2015 11:08:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NVIDIA Stereoscopic 3D Driver Service tarnybos skirtas laikas netikėtai baigėsi. Tai buvo atlikta 1 kartą (-us).
 
Error: (06/24/2015 11:39:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/24/2015 04:45:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/24/2015 01:57:38 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/24/2015 00:57:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Live Malware Protection tarnybos skirtas laikas netikėtai baigėsi. Tai buvo atlikta 1 kartą (-us).
 
Error: (06/24/2015 00:52:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-24 13:46:55.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-24 11:30:29.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 17:31:28.754
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-17 18:52:13.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-17 16:13:21.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-16 15:57:37.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-14 12:33:48.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-13 20:38:02.541
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-10 15:43:16.176
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-06 19:07:16.670
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 37%
Total physical RAM: 8077.61 MB
Available physical RAM: 5030.16 MB
Total Pagefile: 9357.61 MB
Available Pagefile: 5836.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:158.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.9 GB) (Free:475.39 GB) NTFS
Drive f: (VS2013_RTM_ULT_VL_ENU) (CDROM) (Total:2.82 GB) (Free:0 GB) CDFS
Drive g: (MobileWiFi) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F05DB9F1)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 28 June 2015 - 12:32 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

EmptyTemp:
CloseProcesses:

AlternateDataStreams: C:\ProgramData\Temp:4BE698E6
Task: C:\WINDOWS\Tasks\BYAIAMUF.job => C:\Users\ignas\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GNOK.job => C:\Users\ignas\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: {DB149093-FD2B-4C99-BBEC-DE8C96F0C553} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {679869C0-CDFC-43A1-9901-C2B00D809061} - \Malware Cleaner No Task File <==== ATTENTION
Task: {58F1BA12-A353-46BE-8526-4B674D127208} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {5EB905A7-5F91-4439-8A68-6E1CEBF8F612} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {1B2344AD-D394-4749-B5C9-ECD971689E0D} - \Windows Defrag No Task File <==== ATTENTION
Task: {21F9C920-7DF5-4D29-9940-1523B9D768C9} - \GNOK No Task File <==== ATTENTION
Task: {28F2EDD2-B540-4F45-80DE-4299627C4AE8} - \BYAIAMUF No Task File <==== ATTENTION
C:\Users\ignas\AppData\Roaming\BYAIAMUF.exe
C:\Users\ignas\AppData\Roaming\GNOK.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is it now?

#8 power_kem

power_kem
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 29 June 2015 - 09:43 AM

I feel that computer runs better. But i can't access my anti-virus programm still.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by ignas at 2015-06-29 17:35:04 Run:2
Running from C:\Users\ignas\Desktop\da
Loaded Profiles: ignas (Available Profiles: rasa & ignas & simas)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
EmptyTemp:
CloseProcesses:
 
AlternateDataStreams: C:\ProgramData\Temp:4BE698E6
Task: C:\WINDOWS\Tasks\BYAIAMUF.job => C:\Users\ignas\AppData\Roaming\BYAIAMUF.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GNOK.job => C:\Users\ignas\AppData\Roaming\GNOK.exe <==== ATTENTION
Task: {DB149093-FD2B-4C99-BBEC-DE8C96F0C553} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {679869C0-CDFC-43A1-9901-C2B00D809061} - \Malware Cleaner No Task File <==== ATTENTION
Task: {58F1BA12-A353-46BE-8526-4B674D127208} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {5EB905A7-5F91-4439-8A68-6E1CEBF8F612} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {1B2344AD-D394-4749-B5C9-ECD971689E0D} - \Windows Defrag No Task File <==== ATTENTION
Task: {21F9C920-7DF5-4D29-9940-1523B9D768C9} - \GNOK No Task File <==== ATTENTION
Task: {28F2EDD2-B540-4F45-80DE-4299627C4AE8} - \BYAIAMUF No Task File <==== ATTENTION
C:\Users\ignas\AppData\Roaming\BYAIAMUF.exe
C:\Users\ignas\AppData\Roaming\GNOK.exe
 
End
*****************
 
Processes closed successfully.
C:\ProgramData\Temp => ":4BE698E6" ADS removed successfully.
C:\WINDOWS\Tasks\BYAIAMUF.job => moved successfully.
C:\WINDOWS\Tasks\GNOK.job not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB149093-FD2B-4C99-BBEC-DE8C96F0C553} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{679869C0-CDFC-43A1-9901-C2B00D809061} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58F1BA12-A353-46BE-8526-4B674D127208}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58F1BA12-A353-46BE-8526-4B674D127208}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EB905A7-5F91-4439-8A68-6E1CEBF8F612}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EB905A7-5F91-4439-8A68-6E1CEBF8F612}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B2344AD-D394-4749-B5C9-ECD971689E0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2344AD-D394-4749-B5C9-ECD971689E0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Defrag" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21F9C920-7DF5-4D29-9940-1523B9D768C9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GNOK => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28F2EDD2-B540-4F45-80DE-4299627C4AE8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28F2EDD2-B540-4F45-80DE-4299627C4AE8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BYAIAMUF" => key removed successfully
"C:\Users\ignas\AppData\Roaming\BYAIAMUF.exe" => File/Folder not found.
"C:\Users\ignas\AppData\Roaming\GNOK.exe" => File/Folder not found.
EmptyTemp: => 433.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 17:35:23 ====


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 29 June 2015 - 09:45 AM

But i can't access my anti-virus programm still.


Re-install the program.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 05 July 2015 - 07:19 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 11 July 2015 - 08:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users