Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe my computer has an infection.


  • This topic is locked This topic is locked
30 replies to this topic

#1 doom007

doom007

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 11 March 2016 - 03:04 PM

Hi, Helpers
 
System restores are gone, can’t make a new one as well. Computer can’t manually shutdown.
 
Below is FRST
 
Thanks in advance.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Evgeni (administrator) on DELL8100XPS (11-03-2016 12:44:03)
Running from C:\Users\Evgeni\Downloads
Loaded Profiles: Evgeni (Available Profiles: Evgeni & UpdatusUser & Daniel & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_73\bin\java.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-10] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2011-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Run: [Google Update] => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-14] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2012-05-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-06-17]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Evgeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-11-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk /k:C *
GroupPolicyUsers\S-1-5-21-1236294955-2546226475-2380618500-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11
Tcpip\..\Interfaces\{3A9B2DBE-121D-4481-962D-7B9690CA853D}: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11

Internet Explorer:
==================
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {345E40F9-6AE7-4561-BE88-D5D29980FA6E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {85BC5B61-5FD8-4071-9519-03C181C52D16} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000 -> {155276F4-D2A3-E016-B329-F646B1D9E78C} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGAIDF&install_date=20111008&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000 -> {85BC5B61-5FD8-4071-9519-03C181C52D16} URL =
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: HKLM-x32 {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: HKLM-x32 {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2012-05-14] (Intuit, Inc.)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Evgeni\AppData\Roaming\Mozilla\Firefox\Profiles\k7krut5s.default-1385591705691
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Evgeni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @talk.google.com/O1DPlugin -> C:\Users\Evgeni\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Evgeni\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evgeni\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Adblock Plus - C:\Users\Evgeni\AppData\Roaming\Mozilla\Firefox\Profiles\k7krut5s.default-1385591705691\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Native Client) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Profile: C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (РоÑÑÐ¸Ñ Ð¢Ð’) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\backaeplcmgnncbejeanhhohngidfapj [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Avast SafePrice) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-15]
CHR Extension: (Avast Online Security) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-15]
CHR Extension: (MoskvaTV.com - Russian Online TV) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgkbfeikclgnpnbddaeeecjagmfjghch [2013-12-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Default Extension) - C:\Users\Evgeni\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\bimkpcamfcdmpbhobfaafndfdlapfecj [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-14]
StartMenuInternet: Google Chrome.WJDS3ONN4LMCF3VP2U4Z6CLKTI - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570120 2016-02-14] (Avast Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Peachtree SmartPosting 2011; C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2011.exe [43848 2011-10-25] (Sage Software, Inc.)
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2010-04-10] (Pervasive Software Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-14] (AVAST Software)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-02-14] (AVAST Software)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2010-11-28] ()
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-02-14] (Avast Software)
S0 09938754; system32\drivers\39744873.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S1 SASDIFSV; \??\C:\Users\Evgeni\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Evgeni\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 X6va005; \??\C:\Users\Evgeni\AppData\Local\Temp\005376A.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 12:44 - 2016-03-11 12:44 - 00030958 _____ C:\Users\Evgeni\Downloads\FRST.txt
2016-03-11 12:43 - 2016-03-11 12:44 - 00000000 ____D C:\FRST
2016-03-11 12:43 - 2016-03-11 12:43 - 02374144 _____ (Farbar) C:\Users\Evgeni\Downloads\FRST64.exe
2016-03-10 23:21 - 2016-03-10 23:21 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{94C1BCA7-74BD-4EC5-BE3D-0BF8C7DEE9BF}
2016-03-10 23:06 - 2016-03-10 23:16 - 00000000 ___SD C:\ComboFix
2016-03-10 23:06 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-10 23:06 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-10 23:06 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-10 23:05 - 2016-03-10 23:06 - 00000000 ___SD C:\32788R22FWJFW
2016-03-10 23:03 - 2016-03-10 23:03 - 05658088 ____R (Swearware) C:\Users\Evgeni\Desktop\ComboFix.exe
2016-03-10 22:33 - 2016-03-10 22:36 - 00000000 ____D C:\Qoobox
2016-03-10 22:33 - 2016-03-10 22:33 - 05658088 ____R (Swearware) C:\Users\Evgeni\Downloads\ComboFix.exe
2016-03-10 22:33 - 2016-03-10 22:33 - 00000000 ____D C:\Windows\erdnt
2016-03-10 22:29 - 2016-03-10 22:31 - 00004150 _____ C:\TDSSKiller.3.1.0.9_10.03.2016_22.29.49_log.txt
2016-03-10 22:25 - 2016-03-10 22:27 - 00427000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 22:17 - 2016-03-10 22:19 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-10 22:17 - 2016-03-10 22:17 - 01524224 _____ C:\Users\Evgeni\Downloads\AdwCleaner (1).exe
2016-03-10 22:16 - 2016-03-10 22:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-03-10 22:12 - 2016-03-10 22:16 - 00231150 _____ C:\TDSSKiller.3.1.0.9_10.03.2016_22.12.48_log.txt
2016-03-10 22:11 - 2016-03-10 22:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Evgeni\Downloads\tdsskiller (1).exe
2016-03-10 22:06 - 2016-03-10 22:09 - 00002278 _____ C:\Users\Evgeni\Desktop\Rkill.txt
2016-03-10 22:05 - 2016-03-10 22:05 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Evgeni\Downloads\rkill (1).exe
2016-03-10 01:02 - 2016-03-10 01:02 - 00115184 _____ C:\Users\Evgeni\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-09 21:57 - 2016-03-09 22:05 - 734703065 _____ ( ) C:\Users\Evgeni\Downloads\Stalker_Complete_2009_v1.4.4_Setup.exe
2016-03-09 20:53 - 2016-03-09 20:53 - 00302011 _____ C:\Users\Evgeni\Downloads\WindowsUpdateDiagnostic (1).diagcab
2016-03-09 19:02 - 2016-03-09 19:02 - 00302011 _____ C:\Users\Evgeni\Downloads\WindowsUpdateDiagnostic.diagcab
2016-03-08 23:45 - 2016-03-08 23:45 - 00985600 _____ C:\Users\Evgeni\Downloads\MicrosoftFixit50123.msi
2016-03-08 23:37 - 2016-03-08 23:37 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{B46D9AD4-26C7-44E9-8749-4E8B8A34C29E}
2016-03-07 23:33 - 2016-03-07 23:33 - 00000000 __SHD C:\found.001
2016-03-07 18:38 - 2016-03-07 18:39 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{3969B6C9-FEC1-40E6-A8A4-5EBD84898F57}
2016-03-06 00:28 - 2016-03-06 00:28 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{8E65AA57-685B-46F4-A5FA-B28405E75A1D}
2016-03-03 23:50 - 2016-03-03 23:50 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{0323779B-36E4-4B1B-A60F-96734D545C60}
2016-03-03 06:58 - 2016-03-03 06:58 - 00029715 _____ C:\Users\Evgeni\Downloads\physicsprojectq3handout.pdf
2016-03-02 15:50 - 2016-03-02 20:23 - 00000000 ____D C:\Users\Evgeni\Desktop\clinical trials
2016-03-01 23:20 - 2016-03-01 23:20 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{8F4ED689-E984-4076-922B-043D2EF3B78A}
2016-03-01 13:56 - 2016-03-01 13:56 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-03-01 13:55 - 2016-03-01 13:55 - 02218504 _____ C:\Users\Evgeni\Downloads\instspeedfan451.exe
2016-03-01 13:48 - 2016-03-11 00:19 - 00000000 ____D C:\Program Files\Defraggler
2016-03-01 13:48 - 2016-03-01 13:48 - 00001726 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-03-01 13:48 - 2016-03-01 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-03-01 13:47 - 2016-03-01 13:47 - 04527736 _____ (Piriform Ltd) C:\Users\Evgeni\Downloads\dfsetup220.exe
2016-03-01 13:10 - 2016-03-01 13:30 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-01 13:10 - 2016-03-01 13:30 - 00000000 ____D C:\Program Files\CCleaner
2016-03-01 13:10 - 2016-03-01 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-01 13:09 - 2016-03-01 13:09 - 06837784 _____ (Piriform Ltd) C:\Users\Evgeni\Downloads\ccsetup515.exe
2016-02-29 18:32 - 2016-02-29 18:32 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{5AFDCC22-EA65-4F21-8C98-A9062A01AA34}
2016-02-29 08:12 - 2016-02-29 08:12 - 00039541 _____ C:\Users\Evgeni\Downloads\Untitleddocument(1).pdf
2016-02-28 00:40 - 2016-02-28 00:40 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{A6FCAF15-87EC-4AB1-A185-37629870ECA2}
2016-02-25 23:53 - 2016-02-25 23:53 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{91174D9E-50D7-4625-89B0-5554E13E4B1C}
2016-02-22 18:32 - 2016-02-22 18:32 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{DEFF8AF6-0C74-4A6C-9117-4C25ABF22C0E}
2016-02-21 12:50 - 2016-02-21 12:50 - 00000000 ____D C:\Users\TEMP
2016-02-20 12:36 - 2016-02-20 12:36 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{8AFBAE43-3BBA-4E66-9865-36F4CB9D2FD5}
2016-02-17 13:37 - 2016-02-17 13:37 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{AB477C67-B872-44AC-B7A2-A09491E5BDF1}
2016-02-16 21:41 - 2016-02-16 21:41 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{CA3BED26-AA6C-4BFE-9BE7-C2E5FD3C2546}
2016-02-15 23:34 - 2016-02-15 23:34 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{64D5F2C6-0769-4F79-A5C9-C9AA4D4C34E0}
2016-02-14 22:02 - 2016-03-11 00:19 - 00000000 ____D C:\Users\Public\Documents\stalker-shoc
2016-02-14 14:59 - 2016-02-14 14:59 - 00003054 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455487156
2016-02-14 14:59 - 2016-02-14 14:59 - 00001039 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-14 14:59 - 2016-02-14 14:59 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-14 14:52 - 2016-02-14 14:52 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-14 14:52 - 2016-02-14 14:52 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-14 14:52 - 2016-02-14 14:51 - 00154024 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-02-14 14:52 - 2016-02-14 14:51 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-14 12:45 - 2016-02-14 12:45 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{995DD678-F852-4653-B5F2-5B5155E693D9}
2016-02-13 18:48 - 2016-03-09 15:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 18:48 - 2016-02-13 18:48 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-13 18:29 - 2016-02-13 18:29 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{F97A1EDF-ECDD-4FD0-8755-9DF7DBF507C1}
2016-02-13 00:37 - 2016-02-13 00:37 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{05F8B94F-F114-485F-8D48-9F6AA9AF1894}
2016-02-12 21:39 - 2016-02-13 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-10 03:50 - 2016-02-06 03:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 03:50 - 2016-02-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 03:50 - 2016-02-06 03:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 03:50 - 2016-02-06 03:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 03:50 - 2016-02-06 03:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 03:50 - 2016-02-06 03:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 03:50 - 2016-02-06 02:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 03:50 - 2016-02-06 02:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 03:50 - 2016-02-06 02:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 03:50 - 2016-02-06 02:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 03:50 - 2016-02-06 02:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 03:50 - 2016-02-06 02:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 03:50 - 2016-02-06 02:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 03:50 - 2016-02-06 01:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 03:50 - 2016-01-22 13:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 03:50 - 2016-01-22 13:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 03:50 - 2016-01-21 23:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 03:50 - 2016-01-21 23:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 03:50 - 2016-01-21 23:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 03:50 - 2016-01-21 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 03:50 - 2016-01-21 23:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 03:50 - 2016-01-21 23:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 03:50 - 2016-01-21 23:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 03:50 - 2016-01-21 23:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 03:50 - 2016-01-21 23:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 03:50 - 2016-01-21 23:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 03:50 - 2016-01-21 23:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 03:50 - 2016-01-21 23:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 03:50 - 2016-01-21 23:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 03:50 - 2016-01-21 23:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 03:50 - 2016-01-21 23:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 03:50 - 2016-01-21 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 03:50 - 2016-01-21 23:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 03:50 - 2016-01-21 23:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 03:50 - 2016-01-21 23:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 03:50 - 2016-01-21 23:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 03:50 - 2016-01-21 23:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 03:50 - 2016-01-21 23:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 03:50 - 2016-01-21 23:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 03:50 - 2016-01-21 23:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 03:50 - 2016-01-21 23:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 03:50 - 2016-01-21 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 03:50 - 2016-01-21 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 03:50 - 2016-01-21 22:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 03:50 - 2016-01-21 22:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 03:50 - 2016-01-21 22:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 03:50 - 2016-01-21 22:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 03:50 - 2016-01-21 22:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 03:50 - 2016-01-21 22:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 03:50 - 2016-01-21 22:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 03:50 - 2016-01-21 22:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 03:50 - 2016-01-21 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 03:50 - 2016-01-21 22:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 03:50 - 2016-01-21 22:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 03:50 - 2016-01-21 22:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 03:50 - 2016-01-21 22:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 03:50 - 2016-01-21 22:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 03:50 - 2016-01-21 22:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 03:50 - 2016-01-21 22:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 03:50 - 2016-01-21 22:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 03:50 - 2016-01-21 22:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 03:50 - 2016-01-21 22:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 03:50 - 2016-01-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 03:50 - 2016-01-21 22:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 03:50 - 2016-01-21 22:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 03:50 - 2016-01-21 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 03:50 - 2016-01-16 12:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 03:50 - 2016-01-16 11:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 03:50 - 2016-01-11 07:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 03:50 - 2016-01-11 07:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 03:50 - 2016-01-11 07:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 03:50 - 2016-01-11 07:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 03:50 - 2016-01-11 07:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 03:50 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 03:50 - 2016-01-06 12:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 03:50 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 03:49 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 03:49 - 2016-01-11 12:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 03:49 - 2016-01-11 12:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 03:49 - 2016-01-11 12:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 03:49 - 2016-01-11 11:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 03:49 - 2016-01-11 11:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 03:49 - 2016-01-11 11:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 03:49 - 2016-01-11 11:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 03:49 - 2016-01-11 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 03:49 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 03:49 - 2016-01-11 11:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 03:49 - 2016-01-11 11:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 03:49 - 2016-01-11 11:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 03:49 - 2016-01-11 11:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 03:49 - 2016-01-11 11:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 03:49 - 2016-01-11 11:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 03:49 - 2016-01-11 11:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 03:49 - 2016-01-07 10:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 03:49 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 03:49 - 2015-12-20 11:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 03:49 - 2015-12-20 11:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 03:49 - 2015-12-20 07:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 03:48 - 2016-01-21 23:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 03:48 - 2016-01-21 23:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 03:48 - 2016-01-21 23:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 03:48 - 2016-01-21 23:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 03:48 - 2016-01-21 23:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 03:48 - 2016-01-21 23:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 03:48 - 2016-01-21 23:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 03:48 - 2016-01-21 23:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 03:48 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 03:48 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 03:48 - 2016-01-21 23:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 03:48 - 2016-01-21 23:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 03:48 - 2016-01-21 23:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 03:48 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 03:48 - 2016-01-21 23:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 03:48 - 2016-01-21 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 03:48 - 2016-01-21 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 03:48 - 2016-01-21 23:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 03:48 - 2016-01-21 23:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 03:48 - 2016-01-21 23:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 03:48 - 2016-01-21 23:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 03:48 - 2016-01-21 23:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 03:48 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 03:48 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 03:48 - 2016-01-21 23:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 23:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 03:48 - 2016-01-21 23:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 03:48 - 2016-01-21 23:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 03:48 - 2016-01-21 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 03:48 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 03:48 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 03:48 - 2016-01-21 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 03:48 - 2016-01-21 23:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 03:48 - 2016-01-21 23:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 03:48 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 03:48 - 2016-01-21 23:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 03:48 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 03:48 - 2016-01-21 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 03:48 - 2016-01-21 22:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 03:48 - 2016-01-21 22:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 03:48 - 2016-01-21 22:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 03:48 - 2016-01-21 21:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 03:48 - 2016-01-21 21:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 03:48 - 2016-01-21 21:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 03:48 - 2016-01-21 21:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 03:48 - 2016-01-21 21:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 03:48 - 2016-01-21 21:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 03:48 - 2016-01-21 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 03:48 - 2016-01-21 21:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 03:48 - 2016-01-21 21:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 03:48 - 2016-01-21 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 03:48 - 2016-01-21 21:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 21:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 21:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 03:48 - 2016-01-21 21:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 03:48 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 03:47 - 2016-01-21 23:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 03:47 - 2016-01-21 23:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 03:47 - 2016-01-21 23:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 03:47 - 2016-01-21 23:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 03:47 - 2016-01-21 23:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 03:47 - 2016-01-21 22:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 03:47 - 2016-01-21 22:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 03:47 - 2016-01-21 22:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 12:42 - 2012-08-21 23:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-11 11:59 - 2010-11-28 20:38 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000UA.job
2016-03-11 10:40 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 10:40 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-11 10:30 - 2010-11-17 18:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-11 10:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-11 00:18 - 2015-11-05 20:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-10 22:59 - 2010-11-28 20:38 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000Core.job
2016-03-10 22:32 - 2015-07-03 14:23 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-10 22:32 - 2015-07-03 14:23 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-10 22:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-10 21:02 - 2014-03-03 20:37 - 00000000 ____D C:\Users\Evgeni\AppData\Local\Battle.net
2016-03-10 21:01 - 2014-03-03 20:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-03-10 17:42 - 2012-07-25 00:24 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 17:42 - 2011-05-30 08:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 01:00 - 2013-08-19 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
2016-03-10 01:00 - 2010-12-28 21:58 - 00000000 ____D C:\Users\Evgeni\Desktop\Misha's classes
2016-03-10 01:00 - 2010-12-02 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scratch
2016-03-10 01:00 - 2010-12-01 21:18 - 00000000 ____D C:\Users\Evgeni\Desktop\latestCannon
2016-03-10 00:59 - 2011-02-17 00:01 - 00000000 ____D C:\Windows\Minidump
2016-03-10 00:59 - 2010-11-17 20:00 - 00000000 ____D C:\Windows\Panther
2016-03-10 00:38 - 2015-06-23 00:25 - 00000000 ____D C:\Windows\pss
2016-03-09 18:19 - 2011-02-17 20:55 - 00000000 ____D C:\Users\Evgeni\AppData\Roaming\SoftGrid Client
2016-03-09 18:19 - 2010-12-01 21:07 - 00000000 ____D C:\Users\Evgeni\Documents\shev
2016-03-09 16:35 - 2015-07-03 14:25 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-03-09 16:34 - 2015-07-03 14:25 - 00000000 ____D C:\Windows\system32\vbox
2016-03-09 13:15 - 2009-07-13 22:08 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-07 14:45 - 2011-12-29 11:24 - 00000000 ____D C:\Users\UpdatusUser
2016-03-07 14:45 - 2011-02-27 10:52 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-02 19:27 - 2009-07-13 22:13 - 00821428 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-01 23:56 - 2014-04-14 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-25 11:37 - 2015-02-06 14:00 - 00000000 ____D C:\Users\Evgeni\AppData\Local\Steam
2016-02-24 11:15 - 2014-09-16 10:18 - 00309248 ___SH C:\Users\Evgeni\Desktop\Thumbs.db
2016-02-24 11:14 - 2013-07-14 16:29 - 00000000 ____D C:\Users\Evgeni\Desktop\passport
2016-02-19 14:00 - 2010-11-28 20:40 - 00002405 _____ C:\Users\Evgeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 14:00 - 2010-11-28 20:40 - 00002380 _____ C:\Users\Evgeni\Desktop\google chrome.lnk
2016-02-18 12:23 - 2015-07-03 14:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-14 14:53 - 2015-07-03 14:23 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1456287994106
2016-02-14 14:52 - 2015-07-03 14:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-14 14:52 - 2015-07-03 14:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-14 14:51 - 2015-07-03 14:21 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-13 19:01 - 2010-11-28 22:54 - 00000000 ____D C:\Users\Evgeni\AppData\Local\Adobe
2016-02-13 18:58 - 2014-12-25 09:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-13 18:48 - 2010-11-28 22:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-13 18:47 - 2010-11-28 22:54 - 00000000 ____D C:\ProgramData\Adobe
2016-02-13 18:38 - 2012-04-27 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 00:34 - 2010-12-01 22:34 - 00813550 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-11 05:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-02-11 03:40 - 2014-12-11 18:43 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 03:40 - 2014-05-03 16:15 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-11 03:40 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 03:24 - 2013-07-12 00:24 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 03:16 - 2010-11-28 22:40 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2010-12-01 21:43 - 2015-05-16 12:05 - 0001344 _____ () C:\Users\Evgeni\AppData\Roaming\wklnhst.dat
2011-12-30 16:01 - 2011-12-30 16:09 - 0010998 ___SH () C:\Users\Evgeni\AppData\Local\ksx066ue6fle00hn2b761c5urqtuy5rf3gaqh
2012-10-31 13:07 - 2012-10-31 13:07 - 0000651 _____ () C:\Users\Evgeni\AppData\Local\PMB Fik聥s
2011-12-20 11:25 - 2011-10-21 11:25 - 0000032 ____R () C:\ProgramData\hash.dat
2011-12-30 16:01 - 2011-12-30 16:09 - 0010998 ___SH () C:\ProgramData\ksx066ue6fle00hn2b761c5urqtuy5rf3gaqh

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Evgeni\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Evgeni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-10 02:02

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Evgeni (2016-03-11 12:44:52)
Running from C:\Users\Evgeni\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-29 02:03:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1236294955-2546226475-2380618500-500 - Administrator - Disabled)
Daniel (S-1-5-21-1236294955-2546226475-2380618500-1003 - Limited - Enabled) => C:\Users\Daniel
Evgeni (S-1-5-21-1236294955-2546226475-2380618500-1000 - Administrator - Enabled) => C:\Users\Evgeni
Guest (S-1-5-21-1236294955-2546226475-2380618500-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1236294955-2546226475-2380618500-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleTag (HKLM-x32\...\{1C3F8999-DFAF-4F38-90B1-4D5D58CAE48F}) (Version: 1.1.0354 - Ubisoft)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BlitzIn 3.0 (HKLM-x32\...\BlitzIn 3.0) (Version: - Internet Chess Club)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CAT Prep GRE Simulators (HKLM-x32\...\CATPrep) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Chess Planet (HKLM-x32\...\ChessPlanet_is1) (Version: - )
ChessBase 10 (x32 Version: 10 - ChessBase) Hidden
ChessBase 9 (HKLM-x32\...\{3FD2223E-C8A2-48C4-AA81-0A0EC47B7860}) (Version: 2 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DjVu Solo 3.1 (HKLM-x32\...\DjVu Solo 3.1) (Version: - )
DjVu Viewer (HKLM-x32\...\{3A959BCB-643A-462F-A692-5B7FE4CE35AC}_is1) (Version: - djvuviewer.com)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fritz11 (x32 Version: 11 - ChessBase) Hidden
Google Chrome (HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImageJ 1.44p (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Invoke Solutions Participant 6.2.0.1452 (HKLM-x32\...\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1) (Version: - Invoke Solutions)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.2.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9075.88 - Linksys By Cisco Systems) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Platform Installer 4.5 (HKLM\...\{458707CD-9D7A-477F-B925-02242A29673B}) (Version: 4.0.1863 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NVIDIA 3D Vision Controller Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Peachtree Accounting 2011 (HKLM-x32\...\InstallShield_{FC87D80E-5BC6-4EE8-9B09-EBA4F9C0A1C2}) (Version: 18.00.00 - Sage Software, Inc.)
Peachtree Accounting 2011 (x32 Version: 18.00.00 - Sage Software, Inc.) Hidden
PeachTree Signature Ready Forms (x32 Version: 6.11.1 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10 SP2 Workgroup (32-bit)) (Version: 10.10.126 - Pervasive Software)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (x32 Version: 10.20.034 - Pervasive Software) Hidden
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
QuickBooks (x32 Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2011 (HKLM-x32\...\{11E0AC7D-6823-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Rybka 4 (HKLM-x32\...\{F9683839-1A7F-4874-91B7-64CDF4AC4679}) (Version: 12.0.0 - ChessBase)
Rybka 4 (x32 Version: 12.0.0 - ChessBase) Hidden
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Sage Integration Services (HKLM-x32\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
Samsung ML-1740 Series (HKLM-x32\...\Samsung ML-1740 Series) (Version: - )
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version: - Lag Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version: - )
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tracker (HKLM-x32\...\OSP Tracker) (Version: 4.91 - Open Source Physics)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
UVK (HKLM-x32\...\UVK) (Version: 4.0.0.0 - Carifred)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VPython 6.05 (HKLM\...\VPython for Python 2.7_is1) (Version: - )
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (x32 Version: 5.01.0 - win.rar GmbH) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wizard101 Test (HKLM-x32\...\{3BE3AEEB-268C-49F9-8B1E-B4989E90E2F9}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {153CAD8F-2E39-4B18-B40E-4CD1FF832FD0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2207F641-462D-463D-BCB7-F8085EA1D21A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10] (Adobe Systems Incorporated)
Task: {30A84E6F-49AF-4588-B337-C2BAB3C882E8} - System32\Tasks\{BCFB7910-DCDC-4565-9551-F8ABCB4F89CC} => pcalua.exe -a C:\Users\Evgeni\Downloads\InstallWizard101.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3245A67C-2B77-44B5-A506-DED53D12DCA4} - \{0E6CCEB6-B37A-4FE0-ACB8-764E30229501} -> No File <==== ATTENTION
Task: {34080A4C-09AB-4B8B-B3B3-6B6A7391C6EF} - System32\Tasks\{0C087C49-D55C-48D0-867A-8DCAC97FF9A9} => pcalua.exe -a C:\Users\Evgeni\Downloads\HijackThis.exe -d C:\Users\Evgeni\Downloads
Task: {440B57FE-897E-47E4-99D8-3D053666FA97} - \2205995384 -> No File <==== ATTENTION
Task: {475981E9-6A76-4305-BB50-D9543A483A30} - System32\Tasks\{FCF99F28-A807-4FB0-9268-13E5D73ECF2B} => pcalua.exe -a "C:\Users\Evgeni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2SVJDAC\InstallWizard101[1].exe" -d C:\Users\Evgeni\Desktop
Task: {53AF39A9-8A34-47CB-B342-4D9A1FD27456} - System32\Tasks\{74A1F22D-CC74-4B7A-9F81-43F71F366B57} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?page=tsProgressBar
Task: {57B67583-A044-406F-B8E8-FBDE9DB9D003} - \4027891176 -> No File <==== ATTENTION
Task: {5B593D30-629A-43A9-B936-DD939AD21F01} - \3323719272 -> No File <==== ATTENTION
Task: {5F5E7DF8-BD9B-4F58-9867-58DDD0DDE394} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-17] (AVAST Software)
Task: {5FF4230C-2F2A-46D5-8710-235B31122473} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000Core => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6D508D45-46FC-4EDE-B457-B87D10AD4875} - \2554344908 -> No File <==== ATTENTION
Task: {752115B2-2CDD-4151-B93C-EBD44A3F4423} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8004EC7F-0C64-4A80-B09D-B51112E2CADB} - System32\Tasks\winupd => C:\Users\Evgeni\AppData\Local\Temp\winupd.exe <==== ATTENTION
Task: {8FD3B150-A847-4B46-8C0C-04194ABDC9E7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {91BD14CB-EADB-464F-87E7-4187B937A5A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9565F3ED-93C5-44BB-894E-CCD4BEAF1179} - System32\Tasks\{4408EE31-802B-4214-B637-CA7F731E9441} => C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe [2015-11-06] ()
Task: {996A30AF-42DC-43D0-8501-86F002CC5CC6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A1571E4E-629D-4B9E-8439-07042B40B2E7} - System32\Tasks\SafeZone scheduled Autoupdate 1455487156 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {A9A49194-63C3-44DD-84CC-21182539DE88} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B0814BC5-3E10-4C98-A36B-0FDC7D29FA15} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C3D004D5-F92C-472D-8BF8-7A8109D7D8EA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C4ADDC48-0407-4041-BF7A-DAF5D0F67C5C} - \3223461992 -> No File <==== ATTENTION
Task: {D01FCAA6-A514-4B25-9FF3-42BA7D4D9CA3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {DC0DA3C8-C034-426C-AE89-C8814134AC02} - \2958177996 -> No File <==== ATTENTION
Task: {DD79BF45-2E6E-41F6-9C4A-979F40E60D54} - \4109353336 -> No File <==== ATTENTION
Task: {DE6B866F-4C35-4E02-A5D7-59DD63E44B6E} - System32\Tasks\{8167D269-0AEA-4882-9E27-A3B33B1D8AF0} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {ED065295-E635-4E51-9D63-E4C7F6723DDE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-14] (AVAST Software)
Task: {F6CC8AE6-9183-449E-8648-80A105AADAA8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000UA => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000Core.job => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000UA.job => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Evgeni\Desktop\MishaSummer2012\ACC200 PeachTree\Peachtree Business Checks and Forms.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.peachtree.com/prd.cfm?parm=25PsdYIho%2BCtgBkALgOW96RnT7NYcq7BgRYC2cK01sqgqA9bEPiyLhqLFvYjfRowqrLPJt4LrJY0eHvB6U%2Bf1oMw2culByl9sG4k%2ByA8ktIBqa4iOEYv7dJm
ShortcutWithArgument: C:\Users\Evgeni\Desktop\MishaSummer2012\ACC200 PeachTree\Peachtree Knowledge Center.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.peachtree.com/prd.cfm?parm=25PsdYAhoeCtgBkALgOW96RnT7NYcq7BgRYC2cK01sqgqA9bEPiyLhqLFvYjfRowqrLPJt4LrJY0eHvB6U%2Bf1oMw2culByl9sG4k%2ByA8ktIBqa4iOEYv7dJm

==================== Loaded Modules (Whitelisted) ==============

2011-12-29 11:24 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-11-13 04:43 - 2008-11-13 04:43 - 00204800 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2016-02-11 04:25 - 2016-02-11 04:25 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\9500558b406be5e9ebbcf9bd5463c8e7\VistaBridgeLibrary.ni.dll
2016-02-14 14:52 - 2016-02-14 14:52 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-14 14:52 - 2016-02-14 14:52 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-14 14:52 - 2016-02-14 14:52 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-11 10:32 - 2016-03-11 10:32 - 02839552 _____ () C:\Program Files\AVAST Software\Avast\defs\16031101\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2008-11-13 04:43 - 2008-11-13 04:43 - 00081920 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\lib\wrapper.dll
2010-11-17 18:21 - 2009-10-02 12:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-02-14 14:52 - 2016-02-14 14:52 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09938754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72516738.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\09938754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72516738.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\live.com -> hxxps://login.live.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-02-08 17:03 - 2012-04-04 20:12 - 00000795 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Evgeni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 68.105.28.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: PeachtreePrefetcher.exe => C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45E83174-8EF9-419E-9306-0B142AC3B22F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{13BEAD7C-7D32-4FA8-874D-C42A567A8004}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{761DA1E9-6642-4F28-99E4-78DBC63A7D2D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9A652D32-F0A1-4DDF-A703-B755EE30EBBE}] => (Allow) svchost.exe
FirewallRules: [{FE63890C-0ABD-4CE1-8C7A-B6ADAF39E1CE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{53A5D4BE-4349-492C-A337-0EEAF5932DC9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96A8A51E-1A73-4672-AEE0-AA9456DDEA9C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{45976E80-77C5-4DF7-BDE4-31CC25477042}] => (Allow) LPort=67
FirewallRules: [{9436D80C-C588-4A73-9F4C-1608C33D4A87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{532FA0CC-8A79-405A-AAC7-62DE1D66FC5D}] => (Allow) LPort=2869
FirewallRules: [{AD11CFA9-934C-4200-B117-557017EDA72B}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{37A48BEC-5363-48A6-B320-216BBE3AF998}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [UDP Query User{CE32C5C8-3B71-4667-944C-B0C6288569C7}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [{275A7DE2-0E4B-404F-81C8-25E492215159}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D14DF1FB-A235-4589-9CA8-6E11D10782A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2B6C61B-6722-480B-A011-A5A1CCF498EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BBC464E8-882F-433D-8FAB-F20AFE373180}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEA8DD89-AE05-4A35-ABA0-CDFB60D7B21D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{178767FB-EC09-433F-A0F6-05C749489578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6AC3A60F-776E-4B54-83E9-596060D064BA}] => (Allow) LPort=1583
FirewallRules: [{2ECA5322-1322-48F1-AB98-6C07A36E2188}] => (Allow) LPort=3351
FirewallRules: [{01156DE4-1203-44B9-9F5A-E649A7A47914}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{76B83E20-6A2A-4ACC-B9BA-4E3CE91C403B}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{64F5CB9C-048F-4374-A47B-97806F2E03EA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A5F9BA6F-CBAC-45F1-9E85-E3E20ED6E627}C:\program files (x86)\ubisoft\battletag\bin\battletag.exe] => (Allow) C:\program files (x86)\ubisoft\battletag\bin\battletag.exe
FirewallRules: [UDP Query User{F5BF0040-D823-45C9-9DEF-BA46DC6A724A}C:\program files (x86)\ubisoft\battletag\bin\battletag.exe] => (Allow) C:\program files (x86)\ubisoft\battletag\bin\battletag.exe
FirewallRules: [TCP Query User{27D0403D-6DCB-42F8-9513-1DD06BC7A323}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe] => (Allow) C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe
FirewallRules: [UDP Query User{4CE67D01-D33B-4CB1-A804-DFDAA3BCB1E8}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe] => (Allow) C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe
FirewallRules: [TCP Query User{ECBC1738-C8C9-4409-BFD7-8CB0FC928183}C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{280B29D4-9F4E-44F8-9178-5B70A5E0E548}C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe
FirewallRules: [{1FDBA0B9-EE89-4CA3-8CF4-62377100644E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1274A9C0-BF4B-4D66-8289-C1DEB80EA0AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{608BCE08-7510-4C6E-95CD-47AF9ED42B9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{FD8BE631-F576-4150-AA49-F97FAB29FA05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{E482BC58-775B-45B2-AF12-4CF5378E5B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{76F3B3B7-5AF8-45A7-A1E4-831ABE694F94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{360BFCAB-4BE7-424D-B8A7-78690E9AADC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{7B01FE0B-747F-4C46-9EEA-CEFC90FC7794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{5E802B0C-7EF7-46C4-A908-7CC6ECA9E6B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B6D5573A-40A4-4483-95DD-F0A0495E7196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2A699C9C-7AA0-4195-B741-8F006E9F86D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{3CBD204B-7CD9-44E5-924E-1C48929FE1F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{21821730-3997-452A-8CE9-1976A5C03D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{32646DBF-066B-472F-862F-6B2E256B835F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{9013D8A3-34CF-4325-AF49-043B8AF6E234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{50FDE729-F9EE-4112-B797-92CEFB40C7E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7FE35444-1070-447D-A7B5-4347981484A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{5F4E0CDD-5772-41A6-94D5-C03503D51BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{F275BBDD-05FD-4371-8AD2-4805E07D1FEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{1C0BB40F-9495-4E6D-9C5D-04621EB1878B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{E9EA9FE6-E587-47A7-8AD6-18EBB0DAB2C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{35E5752D-A4E2-42B1-9FF7-5F4341302660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{6405321A-B02C-4694-BE9D-5F36F97D210E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{F9241025-65C2-43CF-9F7E-E0728393091D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{080CB6F8-A060-4372-B395-ED81C13D61EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{6FA96C90-D39F-4DCA-AD7A-B591A3629FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{9D514D98-73F6-4093-916D-6C068995F835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{49E9B42E-D7E7-4769-BEBE-D818326B6A97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{07A98AA7-81FA-4A34-ACE6-8AA07E25D908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{27A9E558-969A-4568-A68B-2CDC24D4717C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DD7B6A08-2F05-44A3-8820-F19744DD1EB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CF938955-F80C-4526-B71A-4405B4592139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3ED3AD75-D477-44F5-8F51-27630DE18209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6D9C6AA4-763D-4422-880B-36876B8A7111}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E4A17D44-62CB-4963-90B2-A89C8F438133}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5248BBC2-5CD8-454D-927C-64262EB04B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D084699-EBC2-447C-9B92-B4F8DA35C4B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6E067EFF-242C-4975-85D8-54A2CE75B14C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1906B496-6F23-4BE0-87D0-4641DEA14325}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5C5F5512-9120-4214-B391-626049FDBFA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7F488248-C591-4D0B-A014-C2392BE0FF74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C3F8AEC1-8983-4523-8134-5FB41D6D5F2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3F1280BE-5C8C-445A-AAB1-E26AB2B83AD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{26E09CA3-EEB5-41EF-9C5B-ABE78FE8C7F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{9AE5DEA2-6549-4BFF-8C02-AC81FB4D0953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{517490AD-0D31-4D9C-B7C8-A5311512049F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{A6991C70-B5A8-4669-B760-B83FE056CE67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{92396EB4-121F-4EB6-9C33-396E28DE34E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{FFCE6A41-225B-4520-96BC-64FB38957938}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{D6F0D8E7-7838-44BA-B5AC-524BBA058868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{715D91BF-3EBA-4E8D-8352-9FD258EC3109}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5E638D75-C293-4E98-B513-A51E1B99FFD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{404E57D4-6E94-4DA8-833E-892861F5AE07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{BA6D7DDA-7430-401D-B229-8677758A0B70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{A597E0CE-BEE3-4F9C-BCFE-BB3A5E313426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{6DB95BD1-B4FC-4587-89A0-C60F6B10B764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{7A3152CC-62D0-4BA3-904F-B71C6ED51EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FA3EA23D-9C30-40CA-8818-93B4BFEB25B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EC168675-6BC5-44FC-86C0-4DD0F9F88807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{8F44F0FF-6DA9-41CD-83CC-B44C01AF48AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{C81FFA1E-966F-48BF-899B-C8D032A0B43F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6B008241-0DDF-4909-AFEE-A7C2AD396222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8AC20603-AA49-4309-BAAC-8C9BB15DCCF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{F140A766-039F-4D52-82D5-F77E5ED266F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{C5F5BA52-9628-430E-B05B-C5C1B989F051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{508E4C03-9C3C-4F95-8111-5C42CFE67CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{D23EC08B-21B2-4EC6-ADAE-7EF77A725777}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{EE1A99C0-F690-4EA3-83F0-272BB1B222B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{B976843B-F323-4D01-A97E-56688F8EBD30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{D86D2B09-3990-4701-88D1-0C1032BF2715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{BE27578F-DFAF-45C6-BF73-DE2C557EACDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{011B5C18-7DF9-47A8-8328-85A6DB23CDA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B3ABC5EB-4352-4735-9246-1D58CE82F2F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{8194586F-1FD2-47C1-B182-4F0E62B7C40A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{4C956A8B-BB03-4CB5-8AF1-95F50D664590}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{2F4479A8-FABC-46C4-9FAE-A32B76C70B5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{1A15B044-5A8B-431D-8C88-5F783CB5541A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{5D3A6775-9CF5-436B-A00F-F564A15DE6D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{0B05E283-C8FC-4EE2-92E6-B80A4E1A1CEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{B50C0F91-7B20-47E1-B681-424D9B34E73B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{F79EBCC7-F7AE-4D36-9E38-75F6A7F0B474}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{891554BE-2ABA-4F8F-B493-3C7D75217384}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{DFAE243A-9D60-4217-A007-D93A823420F4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E9D2578B-DF36-4104-B41D-6BA7BC98F10D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4CC11B59-3457-4E87-8FC6-84D9ED132183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F0C46E52-BAE6-4131-B042-6AFDB296D91E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{2AB62231-15B3-4684-89D0-98A9D3AF5251}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [UDP Query User{8138A933-AF3D-43A3-A64C-C3B8590C4103}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [{FE3F403C-6493-4B55-AB18-47C886C4E504}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{2685EC80-121E-4965-93E7-BF5715887434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\Sam2.exe
FirewallRules: [{53C9463F-DAE2-46B1-B4CF-1075266E4505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\Sam2.exe
FirewallRules: [{684E4B06-DE46-43EE-ABCC-24CE31F273E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\DedicatedServer.exe
FirewallRules: [{55A1EF2D-9C89-42D0-A658-6B7E2DA37CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\DedicatedServer.exe
FirewallRules: [{7648C36A-5735-4621-AC28-A418863820C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{793D3A35-390D-4D77-8980-054C4561F1D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F7E708DF-6347-49D5-AA9F-DF21124AA29E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61CF9E25-C260-49F7-8401-26D5384FCFED}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{564B6865-0AEB-4300-94B8-64C482BE2294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{05DE9EAE-DF47-4323-B3CF-5B715559B514}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{67B8A34C-8812-478C-BE0C-2F6D7797AB28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{30EA943F-F149-41FC-B237-2965354AD002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{088CE085-11C2-4D79-BC34-E659F315C6CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A50DE24C-42C4-428F-B40A-0AB9CCDD850A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56F2270D-212A-4A46-B1A6-2F0639D021C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{6295AE28-8C0F-45BC-9864-CB7B1475C7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [TCP Query User{B7807071-0E62-4E0E-8472-6ED000755B2F}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [UDP Query User{ADC37400-FEB7-4399-9EB2-0834D3CA1D54}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{591E8774-A846-4B7F-9833-1C03BD8FED0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{E3905074-01BC-4649-950D-B8F00EDFF32B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{73867BD1-6171-4CD2-A82C-7FACEB88764D}] => (Allow) LPort=67
FirewallRules: [{F7DE4336-6E5D-42C9-99D0-1CEFA8B1C7C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B7733C1-11D5-4BAD-AB77-49E3140490AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{269294E2-AB9F-4C8E-95BC-15AC0647AAD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EE29CF7-CB64-4CB9-BAD0-4BAD70368C06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{315680D7-F351-4AF2-A381-94EF4A7F2A17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E4B8E6F6-19F8-422A-A7E8-0E988F29E4FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{87BC2867-C5E9-49FC-ACC4-196B8C11480B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{D2F7FE94-3B19-4465-8E24-A6A71A2B548A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{9CE2A7A1-79D7-4A93-AFAD-2ED21CD29304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{DDF387F9-2872-46CD-B30B-6E0315E6A196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{21FCA55A-662B-4F9F-B2B0-6118D7263429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{D58D2127-789D-40B7-9C0A-B4887F3085E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{E5A77CE6-337E-4B88-BD33-4B915C31EB41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{4F66FD04-8254-4756-BA97-6A3FB7082A2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{8F82A1C0-A5E1-4B92-906F-20263651521B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ED1EE082-9BA6-4D85-AA6A-8DDCBAE626F5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B69C055C-58E7-4BAC-8B38-2489FD7D2C43}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{F7992DF7-82C1-4076-978A-28BE79C54D22}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2016 12:24:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8f4

Start Time: 01d17b6661c10207

Termination Time: 60000

Application Path: C:\Users\Evgeni\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id:

Error: (03/10/2016 11:16:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x81000101).

Error: (03/10/2016 10:19:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0xC0020017

Error: (03/10/2016 09:15:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8096

Error: (03/10/2016 09:15:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8096

Error: (03/10/2016 09:15:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2016 09:15:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7098

Error: (03/10/2016 09:15:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7098

Error: (03/10/2016 09:15:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2016 09:15:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6099


System errors:
=============
Error: (03/11/2016 10:37:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/11/2016 10:33:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (03/11/2016 10:33:52 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/11/2016 10:32:38 AM) (Source: Schannel) (EventID: 4116) (User: NT AUTHORITY)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is auth.ff.avast.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (03/11/2016 10:32:38 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (03/11/2016 10:32:38 AM) (Source: Schannel) (EventID: 4116) (User: NT AUTHORITY)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is auth.ff.avast.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (03/11/2016 10:32:38 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (03/11/2016 10:31:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
09938754
aswSP
RxFilter
SASDIFSV
SASKUTIL

Error: (03/11/2016 10:31:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (03/11/2016 10:30:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 35%
Total physical RAM: 8151.08 MB
Available physical RAM: 5286.25 MB
Total Virtual: 16300.36 MB
Available Virtual: 13014.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.82 GB) (Free:580.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F8000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 March 2016 - 07:07 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 11 March 2016 - 07:17 PM

Greetings doom007 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Your registry is set up to skip a check of your hard drive upon boot up which is not typical. Are you aware of this or did you intentionally set it?

BootExecute: autocheck autochk /k:C *


Does this look familiar?

MoskvaTV.com - Russian Online TV

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
GroupPolicyUsers\S-1-5-21-1236294955-2546226475-2380618500-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1236294955-2546226475-2380618500-1003\User: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000 -> {85BC5B61-5FD8-4071-9519-03C181C52D16} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-18] (Coupons, Inc.)
CHR Plugin: (Native Client) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Extension: (РоÑÑÐ¸Ñ Ð¢Ð) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\backaeplcmgnncbejeanhhohngidfapj [2013-10-05]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S0 09938754; system32\drivers\39744873.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S1 SASDIFSV; \??\C:\Users\Evgeni\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Evgeni\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 X6va005; \??\C:\Users\Evgeni\AppData\Local\Temp\005376A.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
2016-03-08 23:37 - 2016-03-08 23:37 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{B46D9AD4-26C7-44E9-8749-4E8B8A34C29E}
2016-03-07 23:33 - 2016-03-07 23:33 - 00000000 __SHD C:\found.001
2016-03-07 18:38 - 2016-03-07 18:39 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{3969B6C9-FEC1-40E6-A8A4-5EBD84898F57}
2016-03-06 00:28 - 2016-03-06 00:28 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{8E65AA57-685B-46F4-A5FA-B28405E75A1D}
2016-03-03 23:50 - 2016-03-03 23:50 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{0323779B-36E4-4B1B-A60F-96734D545C60}
2016-03-01 23:20 - 2016-03-01 23:20 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{8F4ED689-E984-4076-922B-043D2EF3B78A}
2016-02-29 18:32 - 2016-02-29 18:32 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{5AFDCC22-EA65-4F21-8C98-A9062A01AA34}
2016-02-28 00:40 - 2016-02-28 00:40 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{A6FCAF15-87EC-4AB1-A185-37629870ECA2}
2016-02-25 23:53 - 2016-02-25 23:53 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{91174D9E-50D7-4625-89B0-5554E13E4B1C}
2016-02-22 18:32 - 2016-02-22 18:32 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{DEFF8AF6-0C74-4A6C-9117-4C25ABF22C0E}
2016-02-20 12:36 - 2016-02-20 12:36 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{8AFBAE43-3BBA-4E66-9865-36F4CB9D2FD5}
2016-02-17 13:37 - 2016-02-17 13:37 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{AB477C67-B872-44AC-B7A2-A09491E5BDF1}
2016-02-16 21:41 - 2016-02-16 21:41 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{CA3BED26-AA6C-4BFE-9BE7-C2E5FD3C2546}
2016-02-15 23:34 - 2016-02-15 23:34 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{64D5F2C6-0769-4F79-A5C9-C9AA4D4C34E0}
2016-02-14 12:45 - 2016-02-14 12:45 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{995DD678-F852-4653-B5F2-5B5155E693D9}
2016-02-13 18:29 - 2016-02-13 18:29 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{F97A1EDF-ECDD-4FD0-8755-9DF7DBF507C1}
2016-02-13 00:37 - 2016-02-13 00:37 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{05F8B94F-F114-485F-8D48-9F6AA9AF1894}
2011-12-30 16:01 - 2011-12-30 16:09 - 0010998 ___SH () C:\Users\Evgeni\AppData\Local\ksx066ue6fle00hn2b761c5urqtuy5rf3gaqh
2012-10-31 13:07 - 2012-10-31 13:07 - 0000651 _____ () C:\Users\Evgeni\AppData\Local\PMB Fik聥s
2011-12-20 11:25 - 2011-10-21 11:25 - 0000032 ____R () C:\ProgramData\hash.dat
2011-12-30 16:01 - 2011-12-30 16:09 - 0010998 ___SH () C:\ProgramData\ksx066ue6fle00hn2b761c5urqtuy5rf3gaqh
Task: {3245A67C-2B77-44B5-A506-DED53D12DCA4} - \{0E6CCEB6-B37A-4FE0-ACB8-764E30229501} -> No File <==== ATTENTION
Task: {440B57FE-897E-47E4-99D8-3D053666FA97} - \2205995384 -> No File <==== ATTENTION
Task: {57B67583-A044-406F-B8E8-FBDE9DB9D003} - \4027891176 -> No File <==== ATTENTION
Task: {5B593D30-629A-43A9-B936-DD939AD21F01} - \3323719272 -> No File <==== ATTENTION
Task: {6D508D45-46FC-4EDE-B457-B87D10AD4875} - \2554344908 -> No File <==== ATTENTION
Task: {8004EC7F-0C64-4A80-B09D-B51112E2CADB} - System32\Tasks\winupd => C:\Users\Evgeni\AppData\Local\Temp\winupd.exe <==== ATTENTION
Task: {B0814BC5-3E10-4C98-A36B-0FDC7D29FA15} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C3D004D5-F92C-472D-8BF8-7A8109D7D8EA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C4ADDC48-0407-4041-BF7A-DAF5D0F67C5C} - \3223461992 -> No File <==== ATTENTION
Task: {DC0DA3C8-C034-426C-AE89-C8814134AC02} - \2958177996 -> No File <==== ATTENTION
Task: {DD79BF45-2E6E-41F6-9C4A-979F40E60D54} - \4109353336 -> No File <==== ATTENTION
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
CMD: type "C:\TDSSKiller.3.1.0.9_10.03.2016_22.12.48_log.txt"
File: C:\TDSSKiller.3.1.0.9_10.03.2016_22.12.48_log.txt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog
  • FSS.txt
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 11 March 2016 - 07:21 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 doom007

doom007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 13 March 2016 - 08:00 PM

I had Fixlist, FRST, FRST.txt, and additional.txt in the same folder when I ran the fix. Got a message saying the fixlog was created. FRST was still running. I did look at the log, it did look like it has most of same things written as  the fixlist, with system recovery being unable to create. Later i turned the computer off, turning it back on, but when it should have show then the user select log in screen, blue screen appears. I can get into safemode just fine. 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 13 March 2016 - 08:28 PM

Please run FRST in Safe Mode and check Addition.txt. Make sure you don't open any documents related to the program until the program is done running.

In addition do this.

===================================================

Diagnose Blue Screen of Death (BSOD) Errors by Disabling Automatic Restart

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================
  • FRST.txt
  • Addition.txt
  • Blue Screen information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 doom007

doom007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 13 March 2016 - 10:03 PM

Here is FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Evgeni (administrator) on DELL8100XPS (13-03-2016 19:04:54)
Running from C:\Users\Evgeni\Desktop\New folder (2)
Loaded Profiles: Evgeni (Available Profiles: Evgeni & UpdatusUser & Daniel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-10] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2011-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1100920 2015-10-13] (NVIDIA Corporation)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Run: [Google Update] => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-14] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2012-05-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-06-17]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Evgeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-11-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-11-17]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk /k:C *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11
Tcpip\..\Interfaces\{3A9B2DBE-121D-4481-962D-7B9690CA853D}: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11

Internet Explorer:
==================
HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {345E40F9-6AE7-4561-BE88-D5D29980FA6E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {85BC5B61-5FD8-4071-9519-03C181C52D16} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000 -> {155276F4-D2A3-E016-B329-F646B1D9E78C} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGAIDF&install_date=20111008&iesrc={referrer:source}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: HKLM-x32 {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2012-05-14] (Intuit, Inc.)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Evgeni\AppData\Roaming\Mozilla\Firefox\Profiles\k7krut5s.default-1385591705691
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-06] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Evgeni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @talk.google.com/O1DPlugin -> C:\Users\Evgeni\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-1236294955-2546226475-2380618500-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Evgeni\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evgeni\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Adblock Plus - C:\Users\Evgeni\AppData\Roaming\Mozilla\Firefox\Profiles\k7krut5s.default-1385591705691\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Native Client) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
CHR Profile: C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (РоÑÑÐ¸Ñ Ð¢Ð’) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\backaeplcmgnncbejeanhhohngidfapj [2016-03-12]
CHR Extension: (YouTube) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Avast SafePrice) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-15]
CHR Extension: (Avast Online Security) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-15]
CHR Extension: (MoskvaTV.com - Russian Online TV) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgkbfeikclgnpnbddaeeecjagmfjghch [2013-12-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\Evgeni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Default Extension) - C:\Users\Evgeni\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\bimkpcamfcdmpbhobfaafndfdlapfecj [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-14]
StartMenuInternet: Google Chrome.WJDS3ONN4LMCF3VP2U4Z6CLKTI - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-14] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570120 2016-02-14] (Avast Software)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Peachtree SmartPosting 2011; C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2011.exe [43848 2011-10-25] (Sage Software, Inc.)
S2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2010-04-10] (Pervasive Software Inc.)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-05-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-14] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-14] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-14] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-14] (AVAST Software)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-02-14] (AVAST Software)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2010-11-28] ()
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-02-14] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 19:04 - 2016-03-13 19:04 - 00000000 ____D C:\Users\Evgeni\Desktop\New folder (2)
2016-03-12 10:48 - 2016-03-12 10:48 - 00000000 ____D C:\Users\Evgeni\AppData\Local\ElevatedDiagnostics
2016-03-12 01:03 - 2015-10-13 09:19 - 05972783 _____ C:\Windows\system32\nvcoproc.bin
2016-03-12 01:03 - 2015-10-13 08:26 - 00608048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-03-12 01:02 - 2016-03-12 01:03 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-03-12 01:02 - 2015-10-13 12:00 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-03-12 01:02 - 2015-10-13 12:00 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 03209920 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-03-12 01:02 - 2015-10-13 12:00 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-03-12 01:02 - 2015-10-13 12:00 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-03-12 00:58 - 2016-03-12 01:01 - 282949128 _____ (NVIDIA Corporation) C:\Users\Evgeni\Downloads\341.92-desktop-win8-win7-winvista-64bit-international.exe
2016-03-12 00:55 - 2016-03-12 00:55 - 00735328 _____ (Oracle Corporation) C:\Users\Evgeni\Downloads\jxpiinstall.exe
2016-03-12 00:24 - 2016-03-12 00:26 - 00065861 _____ C:\Users\Evgeni\Desktop\Addition.txt
2016-03-12 00:22 - 2016-03-12 00:26 - 00038460 _____ C:\Users\Evgeni\Desktop\FRST.txt
2016-03-12 00:08 - 2016-03-12 00:08 - 00134877 _____ C:\Users\Evgeni\Desktop\Fixlog.txt
2016-03-12 00:05 - 2016-03-13 02:09 - 00767820 _____ C:\Windows\ntbtlog.txt
2016-03-11 17:50 - 2016-03-11 17:50 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{59559029-169A-48A9-A9BF-4E2E86221030}
2016-03-11 13:09 - 2016-03-12 00:08 - 00000000 ____D C:\Users\Evgeni\Desktop\New folder
2016-03-11 12:53 - 2016-03-11 12:53 - 00074165 _____ C:\Users\Evgeni\Documents\FRST.txt
2016-03-11 12:53 - 2016-03-11 12:53 - 00066433 _____ C:\Users\Evgeni\Documents\Addition.txt
2016-03-11 12:44 - 2016-03-11 12:52 - 00074165 _____ C:\Users\Evgeni\Downloads\FRST.txt
2016-03-11 12:44 - 2016-03-11 12:45 - 00066433 _____ C:\Users\Evgeni\Downloads\Addition.txt
2016-03-11 12:43 - 2016-03-13 19:04 - 00000000 ____D C:\FRST
2016-03-10 23:21 - 2016-03-10 23:21 - 00000000 ____D C:\Users\Evgeni\AppData\Local\{94C1BCA7-74BD-4EC5-BE3D-0BF8C7DEE9BF}
2016-03-10 23:06 - 2016-03-10 23:16 - 00000000 ___SD C:\ComboFix
2016-03-10 23:06 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-10 23:06 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-10 23:06 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-10 23:06 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-10 23:05 - 2016-03-10 23:06 - 00000000 ___SD C:\32788R22FWJFW
2016-03-10 23:03 - 2016-03-10 23:03 - 05658088 ____R (Swearware) C:\Users\Evgeni\Desktop\ComboFix.exe
2016-03-10 22:33 - 2016-03-10 22:36 - 00000000 ____D C:\Qoobox
2016-03-10 22:33 - 2016-03-10 22:33 - 05658088 ____R (Swearware) C:\Users\Evgeni\Downloads\ComboFix.exe
2016-03-10 22:33 - 2016-03-10 22:33 - 00000000 ____D C:\Windows\erdnt
2016-03-10 22:29 - 2016-03-10 22:31 - 00004150 _____ C:\TDSSKiller.3.1.0.9_10.03.2016_22.29.49_log.txt
2016-03-10 22:25 - 2016-03-10 22:27 - 00427000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 22:17 - 2016-03-10 22:19 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-10 22:17 - 2016-03-10 22:17 - 01524224 _____ C:\Users\Evgeni\Downloads\AdwCleaner (1).exe
2016-03-10 22:16 - 2016-03-10 22:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-03-10 22:12 - 2016-03-10 22:16 - 00231150 _____ C:\TDSSKiller.3.1.0.9_10.03.2016_22.12.48_log.txt
2016-03-10 22:11 - 2016-03-10 22:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Evgeni\Downloads\tdsskiller (1).exe
2016-03-10 22:06 - 2016-03-10 22:09 - 00002278 _____ C:\Users\Evgeni\Desktop\Rkill.txt
2016-03-10 22:05 - 2016-03-10 22:05 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Evgeni\Downloads\rkill (1).exe
2016-03-10 01:02 - 2016-03-10 01:02 - 00115184 _____ C:\Users\Evgeni\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-09 21:57 - 2016-03-09 22:05 - 734703065 _____ ( ) C:\Users\Evgeni\Downloads\Stalker_Complete_2009_v1.4.4_Setup.exe
2016-03-09 20:53 - 2016-03-09 20:53 - 00302011 _____ C:\Users\Evgeni\Downloads\WindowsUpdateDiagnostic (1).diagcab
2016-03-09 19:02 - 2016-03-09 19:02 - 00302011 _____ C:\Users\Evgeni\Downloads\WindowsUpdateDiagnostic.diagcab
2016-03-08 23:45 - 2016-03-08 23:45 - 00985600 _____ C:\Users\Evgeni\Downloads\MicrosoftFixit50123.msi
2016-03-03 06:58 - 2016-03-03 06:58 - 00029715 _____ C:\Users\Evgeni\Downloads\physicsprojectq3handout.pdf
2016-03-02 15:50 - 2016-03-02 20:23 - 00000000 ____D C:\Users\Evgeni\Desktop\clinical trials
2016-03-01 13:56 - 2016-03-01 13:56 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-03-01 13:55 - 2016-03-01 13:55 - 02218504 _____ C:\Users\Evgeni\Downloads\instspeedfan451.exe
2016-03-01 13:48 - 2016-03-11 00:19 - 00000000 ____D C:\Program Files\Defraggler
2016-03-01 13:48 - 2016-03-01 13:48 - 00001726 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-03-01 13:48 - 2016-03-01 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-03-01 13:47 - 2016-03-01 13:47 - 04527736 _____ (Piriform Ltd) C:\Users\Evgeni\Downloads\dfsetup220.exe
2016-03-01 13:09 - 2016-03-01 13:09 - 06837784 _____ (Piriform Ltd) C:\Users\Evgeni\Downloads\ccsetup515.exe
2016-02-29 08:12 - 2016-02-29 08:12 - 00039541 _____ C:\Users\Evgeni\Downloads\Untitleddocument(1).pdf
2016-02-21 12:50 - 2016-02-21 12:50 - 00000000 ____D C:\Users\TEMP
2016-02-14 22:02 - 2016-03-11 00:19 - 00000000 ____D C:\Users\Public\Documents\stalker-shoc
2016-02-14 14:59 - 2016-02-14 14:59 - 00003054 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455487156
2016-02-14 14:59 - 2016-02-14 14:59 - 00001039 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-14 14:59 - 2016-02-14 14:59 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-14 14:52 - 2016-02-14 14:52 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-14 14:52 - 2016-02-14 14:52 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-14 14:52 - 2016-02-14 14:51 - 00154024 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-02-14 14:52 - 2016-02-14 14:51 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-13 18:48 - 2016-03-09 15:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-13 18:48 - 2016-02-13 18:48 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-12 21:39 - 2016-02-13 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 16:19 - 2009-07-13 22:13 - 00821428 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 16:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-12 20:55 - 2015-11-05 20:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-12 18:18 - 2011-10-10 15:46 - 00000000 ____D C:\Users\Evgeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-12 01:03 - 2011-12-29 11:24 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-12 01:03 - 2011-12-29 11:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-12 01:03 - 2010-11-28 20:31 - 00000000 ____D C:\Temp
2016-03-12 01:02 - 2011-12-29 11:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-11 23:59 - 2010-11-28 20:38 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000UA.job
2016-03-11 23:42 - 2012-08-21 23:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-11 23:36 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-11 22:59 - 2010-11-28 20:38 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000Core.job
2016-03-11 10:40 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 10:40 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-11 10:30 - 2010-11-17 18:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-11 10:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-10 22:32 - 2015-07-03 14:23 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-10 22:32 - 2015-07-03 14:23 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-10 17:42 - 2012-07-25 00:24 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 17:42 - 2011-05-30 08:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 01:00 - 2013-08-19 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
2016-03-10 01:00 - 2010-12-28 21:58 - 00000000 ____D C:\Users\Evgeni\Desktop\Misha's classes
2016-03-10 01:00 - 2010-12-02 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scratch
2016-03-10 01:00 - 2010-12-01 21:18 - 00000000 ____D C:\Users\Evgeni\Desktop\latestCannon
2016-03-10 00:59 - 2011-02-17 00:01 - 00000000 ____D C:\Windows\Minidump
2016-03-10 00:59 - 2010-11-17 20:00 - 00000000 ____D C:\Windows\Panther
2016-03-10 00:38 - 2015-06-23 00:25 - 00000000 ____D C:\Windows\pss
2016-03-09 18:19 - 2011-02-17 20:55 - 00000000 ____D C:\Users\Evgeni\AppData\Roaming\SoftGrid Client
2016-03-09 18:19 - 2010-12-01 21:07 - 00000000 ____D C:\Users\Evgeni\Documents\shev
2016-03-09 16:35 - 2015-07-03 14:25 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-03-09 16:34 - 2015-07-03 14:25 - 00000000 ____D C:\Windows\system32\vbox
2016-03-09 13:15 - 2009-07-13 22:08 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-07 14:45 - 2011-12-29 11:24 - 00000000 ____D C:\Users\UpdatusUser
2016-03-07 14:45 - 2011-02-27 10:52 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-01 23:56 - 2014-04-14 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-25 11:37 - 2015-02-06 14:00 - 00000000 ____D C:\Users\Evgeni\AppData\Local\Steam
2016-02-24 11:15 - 2014-09-16 10:18 - 00309248 ___SH C:\Users\Evgeni\Desktop\Thumbs.db
2016-02-24 11:14 - 2013-07-14 16:29 - 00000000 ____D C:\Users\Evgeni\Desktop\passport
2016-02-19 14:00 - 2010-11-28 20:40 - 00002405 _____ C:\Users\Evgeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 14:00 - 2010-11-28 20:40 - 00002380 _____ C:\Users\Evgeni\Desktop\google chrome.lnk
2016-02-18 12:23 - 2015-07-03 14:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-14 14:53 - 2015-07-03 14:23 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1456287994106
2016-02-14 14:52 - 2015-07-03 14:23 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-14 14:52 - 2015-07-03 14:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-14 14:52 - 2015-07-03 14:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-14 14:51 - 2015-07-03 14:21 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-13 19:01 - 2010-11-28 22:54 - 00000000 ____D C:\Users\Evgeni\AppData\Local\Adobe
2016-02-13 18:58 - 2014-12-25 09:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-13 18:48 - 2010-11-28 22:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-13 18:47 - 2010-11-28 22:54 - 00000000 ____D C:\ProgramData\Adobe
2016-02-13 18:38 - 2012-04-27 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 00:34 - 2010-12-01 22:34 - 00813550 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2010-12-01 21:43 - 2015-05-16 12:05 - 0001344 _____ () C:\Users\Evgeni\AppData\Roaming\wklnhst.dat

Some files in TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Evgeni\AppData\Local\Temp\nvStInst.exe
C:\Users\Evgeni\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Evgeni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-10 02:02

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Evgeni (2016-03-13 19:05:31)
Running from C:\Users\Evgeni\Desktop\New folder (2)
Windows 7 Home Premium Service Pack 1 (X64) (2010-11-29 02:03:22)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1236294955-2546226475-2380618500-500 - Administrator - Disabled)
Daniel (S-1-5-21-1236294955-2546226475-2380618500-1003 - Limited - Enabled) => C:\Users\Daniel
Evgeni (S-1-5-21-1236294955-2546226475-2380618500-1000 - Administrator - Enabled) => C:\Users\Evgeni
Guest (S-1-5-21-1236294955-2546226475-2380618500-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1236294955-2546226475-2380618500-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
BattleTag (HKLM-x32\...\{1C3F8999-DFAF-4F38-90B1-4D5D58CAE48F}) (Version: 1.1.0354 - Ubisoft)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BlitzIn 3.0 (HKLM-x32\...\BlitzIn 3.0) (Version:  - Internet Chess Club)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CAT Prep GRE Simulators (HKLM-x32\...\CATPrep) (Version:  - )
Chess Planet (HKLM-x32\...\ChessPlanet_is1) (Version:  - )
ChessBase 10 (x32 Version: 10 - ChessBase) Hidden
ChessBase 9 (HKLM-x32\...\{3FD2223E-C8A2-48C4-AA81-0A0EC47B7860}) (Version: 2 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DjVu Solo 3.1 (HKLM-x32\...\DjVu Solo 3.1) (Version:  - )
DjVu Viewer (HKLM-x32\...\{3A959BCB-643A-462F-A692-5B7FE4CE35AC}_is1) (Version:  - djvuviewer.com)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Fritz11 (x32 Version: 11 - ChessBase) Hidden
Google Chrome (HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImageJ 1.44p (HKLM-x32\...\ImageJ_is1) (Version:  - NIH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Invoke Solutions Participant 6.2.0.1452 (HKLM-x32\...\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}}_is1) (Version:  - Invoke Solutions)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.2.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9075.88 - Linksys By Cisco Systems) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Platform Installer 4.5 (HKLM\...\{458707CD-9D7A-477F-B925-02242A29673B}) (Version: 4.0.1863 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Peachtree Accounting 2011 (HKLM-x32\...\InstallShield_{FC87D80E-5BC6-4EE8-9B09-EBA4F9C0A1C2}) (Version: 18.00.00 - Sage Software, Inc.)
Peachtree Accounting 2011 (x32 Version: 18.00.00 - Sage Software, Inc.) Hidden
PeachTree Signature Ready Forms (x32 Version: 6.11.1 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM-x32\...\Pervasive PSQL v10 SP2 Workgroup (32-bit)) (Version: 10.10.126 - Pervasive Software)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (x32 Version: 10.20.034 - Pervasive Software) Hidden
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
QuickBooks (x32 Version: 21.0.4011.904 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2011 (HKLM-x32\...\{11E0AC7D-6823-4F67-865F-EE1C13D28C38}) (Version: 21.0.4011.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Rybka 4 (HKLM-x32\...\{F9683839-1A7F-4874-91B7-64CDF4AC4679}) (Version: 12.0.0 - ChessBase)
Rybka 4 (x32 Version: 12.0.0 - ChessBase) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Sage Integration Services (HKLM-x32\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
Samsung ML-1740 Series (HKLM-x32\...\Samsung ML-1740 Series) (Version:  - )
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version:  - Lag Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version:  - )
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tracker (HKLM-x32\...\OSP Tracker) (Version: 4.91 - Open Source Physics)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
UVK (HKLM-x32\...\UVK) (Version: 4.0.0.0 - Carifred)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VPython 6.05 (HKLM\...\VPython for Python 2.7_is1) (Version:  - )
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WinDjView 1.0.3 (HKLM-x32\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (x32 Version: 5.01.0 - win.rar GmbH) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wizard101 Test (HKLM-x32\...\{3BE3AEEB-268C-49F9-8B1E-B4989E90E2F9}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evgeni\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {153CAD8F-2E39-4B18-B40E-4CD1FF832FD0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2207F641-462D-463D-BCB7-F8085EA1D21A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10] (Adobe Systems Incorporated)
Task: {30A84E6F-49AF-4588-B337-C2BAB3C882E8} - System32\Tasks\{BCFB7910-DCDC-4565-9551-F8ABCB4F89CC} => pcalua.exe -a C:\Users\Evgeni\Downloads\InstallWizard101.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {34080A4C-09AB-4B8B-B3B3-6B6A7391C6EF} - System32\Tasks\{0C087C49-D55C-48D0-867A-8DCAC97FF9A9} => pcalua.exe -a C:\Users\Evgeni\Downloads\HijackThis.exe -d C:\Users\Evgeni\Downloads
Task: {475981E9-6A76-4305-BB50-D9543A483A30} - System32\Tasks\{FCF99F28-A807-4FB0-9268-13E5D73ECF2B} => pcalua.exe -a "C:\Users\Evgeni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2SVJDAC\InstallWizard101[1].exe" -d C:\Users\Evgeni\Desktop
Task: {53AF39A9-8A34-47CB-B342-4D9A1FD27456} - System32\Tasks\{74A1F22D-CC74-4B7A-9F81-43F71F366B57} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?page=tsProgressBar
Task: {5F5E7DF8-BD9B-4F58-9867-58DDD0DDE394} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-17] (AVAST Software)
Task: {5FF4230C-2F2A-46D5-8710-235B31122473} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000Core => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {752115B2-2CDD-4151-B93C-EBD44A3F4423} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8FD3B150-A847-4B46-8C0C-04194ABDC9E7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {91BD14CB-EADB-464F-87E7-4187B937A5A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9565F3ED-93C5-44BB-894E-CCD4BEAF1179} - System32\Tasks\{4408EE31-802B-4214-B637-CA7F731E9441} => C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe [2015-11-06] ()
Task: {996A30AF-42DC-43D0-8501-86F002CC5CC6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A1571E4E-629D-4B9E-8439-07042B40B2E7} - System32\Tasks\SafeZone scheduled Autoupdate 1455487156 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {A9A49194-63C3-44DD-84CC-21182539DE88} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D01FCAA6-A514-4B25-9FF3-42BA7D4D9CA3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {DE6B866F-4C35-4E02-A5D7-59DD63E44B6E} - System32\Tasks\{8167D269-0AEA-4882-9E27-A3B33B1D8AF0} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {ED065295-E635-4E51-9D63-E4C7F6723DDE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-14] (AVAST Software)
Task: {F6CC8AE6-9183-449E-8648-80A105AADAA8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000UA => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000Core.job => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1236294955-2546226475-2380618500-1000UA.job => C:\Users\Evgeni\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Evgeni\Desktop\MishaSummer2012\ACC200 PeachTree\Peachtree Business Checks and Forms.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.peachtree.com/prd.cfm?parm=25PsdYIho%2BCtgBkALgOW96RnT7NYcq7BgRYC2cK01sqgqA9bEPiyLhqLFvYjfRowqrLPJt4LrJY0eHvB6U%2Bf1oMw2culByl9sG4k%2ByA8ktIBqa4iOEYv7dJm
ShortcutWithArgument: C:\Users\Evgeni\Desktop\MishaSummer2012\ACC200 PeachTree\Peachtree Knowledge Center.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.peachtree.com/prd.cfm?parm=25PsdYAhoeCtgBkALgOW96RnT7NYcq7BgRYC2cK01sqgqA9bEPiyLhqLFvYjfRowqrLPJt4LrJY0eHvB6U%2Bf1oMw2culByl9sG4k%2ByA8ktIBqa4iOEYv7dJm

==================== Loaded Modules (Whitelisted) ==============

2016-02-14 14:52 - 2016-02-14 14:52 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-14 14:52 - 2016-02-14 14:52 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-14 14:52 - 2016-02-14 14:52 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-14 14:52 - 2016-02-14 14:52 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09938754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72516738.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\09938754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72516738.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\live.com -> hxxps://login.live.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-02-08 17:03 - 2012-04-04 20:12 - 00000795 ____A C:\Windows\system32\Drivers\etc\hosts

  127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1236294955-2546226475-2380618500-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Evgeni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 68.105.28.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: PeachtreePrefetcher.exe => C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{45E83174-8EF9-419E-9306-0B142AC3B22F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{13BEAD7C-7D32-4FA8-874D-C42A567A8004}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{761DA1E9-6642-4F28-99E4-78DBC63A7D2D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9A652D32-F0A1-4DDF-A703-B755EE30EBBE}] => (Allow) svchost.exe
FirewallRules: [{FE63890C-0ABD-4CE1-8C7A-B6ADAF39E1CE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{53A5D4BE-4349-492C-A337-0EEAF5932DC9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96A8A51E-1A73-4672-AEE0-AA9456DDEA9C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{45976E80-77C5-4DF7-BDE4-31CC25477042}] => (Allow) LPort=67
FirewallRules: [{9436D80C-C588-4A73-9F4C-1608C33D4A87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{532FA0CC-8A79-405A-AAC7-62DE1D66FC5D}] => (Allow) LPort=2869
FirewallRules: [{AD11CFA9-934C-4200-B117-557017EDA72B}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{37A48BEC-5363-48A6-B320-216BBE3AF998}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [UDP Query User{CE32C5C8-3B71-4667-944C-B0C6288569C7}C:\program files (x86)\microsoft games\age of empires iii\age3.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires iii\age3.exe
FirewallRules: [{275A7DE2-0E4B-404F-81C8-25E492215159}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D14DF1FB-A235-4589-9CA8-6E11D10782A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2B6C61B-6722-480B-A011-A5A1CCF498EA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BBC464E8-882F-433D-8FAB-F20AFE373180}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEA8DD89-AE05-4A35-ABA0-CDFB60D7B21D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{178767FB-EC09-433F-A0F6-05C749489578}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{6AC3A60F-776E-4B54-83E9-596060D064BA}] => (Allow) LPort=1583
FirewallRules: [{2ECA5322-1322-48F1-AB98-6C07A36E2188}] => (Allow) LPort=3351
FirewallRules: [{01156DE4-1203-44B9-9F5A-E649A7A47914}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{76B83E20-6A2A-4ACC-B9BA-4E3CE91C403B}] => (Allow) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{64F5CB9C-048F-4374-A47B-97806F2E03EA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A5F9BA6F-CBAC-45F1-9E85-E3E20ED6E627}C:\program files (x86)\ubisoft\battletag\bin\battletag.exe] => (Allow) C:\program files (x86)\ubisoft\battletag\bin\battletag.exe
FirewallRules: [UDP Query User{F5BF0040-D823-45C9-9DEF-BA46DC6A724A}C:\program files (x86)\ubisoft\battletag\bin\battletag.exe] => (Allow) C:\program files (x86)\ubisoft\battletag\bin\battletag.exe
FirewallRules: [TCP Query User{27D0403D-6DCB-42F8-9513-1DD06BC7A323}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe] => (Allow) C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe
FirewallRules: [UDP Query User{4CE67D01-D33B-4CB1-A804-DFDAA3BCB1E8}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe] => (Allow) C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe
FirewallRules: [TCP Query User{ECBC1738-C8C9-4409-BFD7-8CB0FC928183}C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{280B29D4-9F4E-44F8-9178-5B70A5E0E548}C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe] => (Block) C:\program files (x86)\steam\steamapps\shahmaty\team fortress 2\hl2.exe
FirewallRules: [{1FDBA0B9-EE89-4CA3-8CF4-62377100644E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1274A9C0-BF4B-4D66-8289-C1DEB80EA0AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{608BCE08-7510-4C6E-95CD-47AF9ED42B9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{FD8BE631-F576-4150-AA49-F97FAB29FA05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{E482BC58-775B-45B2-AF12-4CF5378E5B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{76F3B3B7-5AF8-45A7-A1E4-831ABE694F94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{360BFCAB-4BE7-424D-B8A7-78690E9AADC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{7B01FE0B-747F-4C46-9EEA-CEFC90FC7794}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{5E802B0C-7EF7-46C4-A908-7CC6ECA9E6B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B6D5573A-40A4-4483-95DD-F0A0495E7196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2A699C9C-7AA0-4195-B741-8F006E9F86D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{3CBD204B-7CD9-44E5-924E-1C48929FE1F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{21821730-3997-452A-8CE9-1976A5C03D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{32646DBF-066B-472F-862F-6B2E256B835F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{9013D8A3-34CF-4325-AF49-043B8AF6E234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{50FDE729-F9EE-4112-B797-92CEFB40C7E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7FE35444-1070-447D-A7B5-4347981484A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{5F4E0CDD-5772-41A6-94D5-C03503D51BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{F275BBDD-05FD-4371-8AD2-4805E07D1FEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{1C0BB40F-9495-4E6D-9C5D-04621EB1878B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{E9EA9FE6-E587-47A7-8AD6-18EBB0DAB2C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{35E5752D-A4E2-42B1-9FF7-5F4341302660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{6405321A-B02C-4694-BE9D-5F36F97D210E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{F9241025-65C2-43CF-9F7E-E0728393091D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{080CB6F8-A060-4372-B395-ED81C13D61EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{6FA96C90-D39F-4DCA-AD7A-B591A3629FF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{9D514D98-73F6-4093-916D-6C068995F835}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{49E9B42E-D7E7-4769-BEBE-D818326B6A97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{07A98AA7-81FA-4A34-ACE6-8AA07E25D908}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{27A9E558-969A-4568-A68B-2CDC24D4717C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DD7B6A08-2F05-44A3-8820-F19744DD1EB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{CF938955-F80C-4526-B71A-4405B4592139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3ED3AD75-D477-44F5-8F51-27630DE18209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6D9C6AA4-763D-4422-880B-36876B8A7111}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E4A17D44-62CB-4963-90B2-A89C8F438133}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5248BBC2-5CD8-454D-927C-64262EB04B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D084699-EBC2-447C-9B92-B4F8DA35C4B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6E067EFF-242C-4975-85D8-54A2CE75B14C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{1906B496-6F23-4BE0-87D0-4641DEA14325}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5C5F5512-9120-4214-B391-626049FDBFA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7F488248-C591-4D0B-A014-C2392BE0FF74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C3F8AEC1-8983-4523-8134-5FB41D6D5F2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3F1280BE-5C8C-445A-AAB1-E26AB2B83AD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{26E09CA3-EEB5-41EF-9C5B-ABE78FE8C7F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{9AE5DEA2-6549-4BFF-8C02-AC81FB4D0953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{517490AD-0D31-4D9C-B7C8-A5311512049F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{A6991C70-B5A8-4669-B760-B83FE056CE67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{92396EB4-121F-4EB6-9C33-396E28DE34E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{FFCE6A41-225B-4520-96BC-64FB38957938}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{D6F0D8E7-7838-44BA-B5AC-524BBA058868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{715D91BF-3EBA-4E8D-8352-9FD258EC3109}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5E638D75-C293-4E98-B513-A51E1B99FFD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{404E57D4-6E94-4DA8-833E-892861F5AE07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{BA6D7DDA-7430-401D-B229-8677758A0B70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{A597E0CE-BEE3-4F9C-BCFE-BB3A5E313426}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{6DB95BD1-B4FC-4587-89A0-C60F6B10B764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{7A3152CC-62D0-4BA3-904F-B71C6ED51EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FA3EA23D-9C30-40CA-8818-93B4BFEB25B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EC168675-6BC5-44FC-86C0-4DD0F9F88807}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{8F44F0FF-6DA9-41CD-83CC-B44C01AF48AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{C81FFA1E-966F-48BF-899B-C8D032A0B43F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6B008241-0DDF-4909-AFEE-A7C2AD396222}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8AC20603-AA49-4309-BAAC-8C9BB15DCCF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{F140A766-039F-4D52-82D5-F77E5ED266F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{C5F5BA52-9628-430E-B05B-C5C1B989F051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{508E4C03-9C3C-4F95-8111-5C42CFE67CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{D23EC08B-21B2-4EC6-ADAE-7EF77A725777}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{EE1A99C0-F690-4EA3-83F0-272BB1B222B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{B976843B-F323-4D01-A97E-56688F8EBD30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{D86D2B09-3990-4701-88D1-0C1032BF2715}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{BE27578F-DFAF-45C6-BF73-DE2C557EACDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{011B5C18-7DF9-47A8-8328-85A6DB23CDA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B3ABC5EB-4352-4735-9246-1D58CE82F2F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{8194586F-1FD2-47C1-B182-4F0E62B7C40A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{4C956A8B-BB03-4CB5-8AF1-95F50D664590}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{2F4479A8-FABC-46C4-9FAE-A32B76C70B5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{1A15B044-5A8B-431D-8C88-5F783CB5541A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{5D3A6775-9CF5-436B-A00F-F564A15DE6D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{0B05E283-C8FC-4EE2-92E6-B80A4E1A1CEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{B50C0F91-7B20-47E1-B681-424D9B34E73B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{F79EBCC7-F7AE-4D36-9E38-75F6A7F0B474}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{891554BE-2ABA-4F8F-B493-3C7D75217384}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{DFAE243A-9D60-4217-A007-D93A823420F4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E9D2578B-DF36-4104-B41D-6BA7BC98F10D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4CC11B59-3457-4E87-8FC6-84D9ED132183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F0C46E52-BAE6-4131-B042-6AFDB296D91E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [TCP Query User{2AB62231-15B3-4684-89D0-98A9D3AF5251}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [UDP Query User{8138A933-AF3D-43A3-A64C-C3B8590C4103}C:\programdata\battle.net\agent\agent.beta.2753\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.beta.2753\agent.exe
FirewallRules: [{FE3F403C-6493-4B55-AB18-47C886C4E504}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{2685EC80-121E-4965-93E7-BF5715887434}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\Sam2.exe
FirewallRules: [{53C9463F-DAE2-46B1-B4CF-1075266E4505}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\Sam2.exe
FirewallRules: [{684E4B06-DE46-43EE-ABCC-24CE31F273E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\DedicatedServer.exe
FirewallRules: [{55A1EF2D-9C89-42D0-A658-6B7E2DA37CE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 2\Bin\DedicatedServer.exe
FirewallRules: [{7648C36A-5735-4621-AC28-A418863820C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{793D3A35-390D-4D77-8980-054C4561F1D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F7E708DF-6347-49D5-AA9F-DF21124AA29E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{61CF9E25-C260-49F7-8401-26D5384FCFED}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{564B6865-0AEB-4300-94B8-64C482BE2294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{05DE9EAE-DF47-4323-B3CF-5B715559B514}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{67B8A34C-8812-478C-BE0C-2F6D7797AB28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{30EA943F-F149-41FC-B237-2965354AD002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{088CE085-11C2-4D79-BC34-E659F315C6CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A50DE24C-42C4-428F-B40A-0AB9CCDD850A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56F2270D-212A-4A46-B1A6-2F0639D021C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{6295AE28-8C0F-45BC-9864-CB7B1475C7F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [TCP Query User{B7807071-0E62-4E0E-8472-6ED000755B2F}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [UDP Query User{ADC37400-FEB7-4399-9EB2-0834D3CA1D54}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{591E8774-A846-4B7F-9833-1C03BD8FED0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{E3905074-01BC-4649-950D-B8F00EDFF32B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{73867BD1-6171-4CD2-A82C-7FACEB88764D}] => (Allow) LPort=67
FirewallRules: [{F7DE4336-6E5D-42C9-99D0-1CEFA8B1C7C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B7733C1-11D5-4BAD-AB77-49E3140490AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{269294E2-AB9F-4C8E-95BC-15AC0647AAD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EE29CF7-CB64-4CB9-BAD0-4BAD70368C06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{315680D7-F351-4AF2-A381-94EF4A7F2A17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E4B8E6F6-19F8-422A-A7E8-0E988F29E4FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{87BC2867-C5E9-49FC-ACC4-196B8C11480B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{D2F7FE94-3B19-4465-8E24-A6A71A2B548A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe
FirewallRules: [{9CE2A7A1-79D7-4A93-AFAD-2ED21CD29304}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{DDF387F9-2872-46CD-B30B-6E0315E6A196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{21FCA55A-662B-4F9F-B2B0-6118D7263429}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{D58D2127-789D-40B7-9C0A-B4887F3085E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{8F82A1C0-A5E1-4B92-906F-20263651521B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ED1EE082-9BA6-4D85-AA6A-8DDCBAE626F5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B69C055C-58E7-4BAC-8B38-2489FD7D2C43}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{F7992DF7-82C1-4076-978A-28BE79C54D22}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2016 04:56:27 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (03/12/2016 12:08:39 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (03/12/2016 12:08:39 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (03/11/2016 11:59:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.3.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ebc

Start Time: 01d17c2811ff8925

Termination Time: 60000

Application Path: C:\Users\Evgeni\Desktop\New folder\FRST64.exe

Report Id: db0a1ed1-e81f-11e5-8ea1-001018000000

Error: (03/11/2016 11:42:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2
Faulting module name: ole32.dll, version: 6.1.7601.19131, time stamp: 0x569a9398
Exception code: 0xc0000005
Fault offset: 0x0000000000029f89
Faulting process id: 0x17e4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (03/11/2016 11:36:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Evgeni\Desktop\New folder\FRST64.exe folder\FRST64.exe" ; Description = Restore Point Created by FRST; Error = 0x81000101).

Error: (03/11/2016 01:19:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 958

Start Time: 01d17bd33b3e5ec3

Termination Time: 46

Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

Report Id: 96f9ceb4-e7c6-11e5-8ea1-001018000000

Error: (03/11/2016 01:05:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19f0

Start Time: 01d17bd034259625

Termination Time: 10

Application Path: Q:\140061.enu\Office14\WINWORD.EXE

Report Id: 868eb607-e7c4-11e5-8ea1-001018000000

Error: (03/11/2016 12:24:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8f4

Start Time: 01d17b6661c10207

Termination Time: 60000

Application Path: C:\Users\Evgeni\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id:

Error: (03/10/2016 11:16:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x81000101).


System errors:
=============
Error: (03/13/2016 07:05:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2016 07:05:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2016 07:05:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2016 07:04:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/13/2016 07:04:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (03/13/2016 07:00:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2016 07:00:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2016 07:00:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2016 06:58:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/13/2016 06:58:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 22%
Total physical RAM: 8151.08 MB
Available physical RAM: 6345.01 MB
Total Virtual: 16300.36 MB
Available Virtual: 15090.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.82 GB) (Free:587.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F8000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

As for the BSOD, didn't have top one. The bottom one is:

 

** STOP: 0x0000007E (0xFFFFFFFFC0000005,0xfffff880053B37E1,0xFFFFF880037EE5e8,0xFFFFF880037EDE40)

 

***        aswMonFlt.sys - Adress  FFFFF880053B37E1  base at FFFFF880053B2000, Datestamp 56dfe8c9

 

 

 

 

As for previous question, know about the website, don't know about the other thing.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 13 March 2016 - 10:22 PM

Greetings,

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Boot into Safe Mode
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR Plugin: (Native Client) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
BootExecute: autocheck autochk /k:C *
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Avast

  • Reboot your computer normally
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Can you boot normally?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 doom007

doom007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 13 March 2016 - 10:40 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Evgeni (2016-03-13 20:29:08) Run:3
Running from C:\Users\Evgeni\Desktop
Loaded Profiles: Evgeni (Available Profiles: Evgeni & UpdatusUser & Daniel)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CHR Plugin: (Native Client) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
BootExecute: autocheck autochk /k:C *
*****************

C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\pdf.dll => not found.
C:\Users\Evgeni\AppData\Local\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully

==== End of Fixlog 20:29:08 ====

 

Got rid of Avast and can boot normally.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 13 March 2016 - 10:42 PM

OK good, how is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 doom007

doom007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 13 March 2016 - 10:52 PM

Trying to create a system restore point but it looks like it is stuck on creating one.


Edited by doom007, 13 March 2016 - 10:52 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 13 March 2016 - 10:53 PM

OK,

I am ending for the evening after this post but please do this and I will check in first thing in the morning.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 doom007

doom007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 13 March 2016 - 10:57 PM

Farbar Service Scanner Version: 27-01-2016
Ran by Evgeni (administrator) on 13-03-2016 at 20:56:57
Running from "C:\Users\Evgeni\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

It mentioned the reason why it cant is: "The creation of a shadow copy has timed out. Try this operation again. (0x81000101)


Edited by doom007, 13 March 2016 - 11:11 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 14 March 2016 - 09:30 AM

Thank you for the information. Please do this.

===================================================

Purging Extra System Restore Points and Managing Max Usage Setting

--------------------
  • Click Start, Control Panel then click on System
  • For Windows 8/10 right click on the Windows icon and select Control Panel
  • Click System Protection
  • Click Configure...
  • Adjust the Max Usage: slider to roughly 20 GB, then click OK
  • Click Create
  • Name the Restore Point Purged Old, then click Create
  • After the restore point has been successfull created close out all open windows
  • Click Start, type cleangmr and hit Enter
  • Select the (C:) drive, then click OK
  • Allow the program to Calculate the drive
  • Click the More Options tab and allow the process to complete
  • Note: If you don't see the More Options tab click Clean up system files, select your drive and check for the More Options tab again
  • Under System Restore and Shadow Copies click Clean up...
  • Click Delete and wait for a Disk Cleanup popup screen to appear
  • Click Delete Files
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Edited by Oh My!, 14 March 2016 - 09:33 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 doom007

doom007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 14 March 2016 - 01:17 PM

Wasn't able to create a Restore point.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:11 AM

Posted 14 March 2016 - 02:22 PM

Same error message or something else?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 doom007

doom007
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 14 March 2016 - 02:43 PM

Yep "The creation of a shadow copy has timed out. Try this operation again. (0x81000101)" appears.

For recovery system protection should it be on or off?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users