Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to delete this search engine ? Help?


  • This topic is locked This topic is locked
4 replies to this topic

#1 Jordanas1488

Jordanas1488

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 25 May 2016 - 02:14 PM

I have recently downloaded some software that came with unwanted additional software(search engine) that I am now trying to remove. 
I use google chrome and everytime I type into the top search bar (address line) to look for something it opens this "go.mail.ru" "smartsputnik.ru" search website. I tried to remove it from Google Chrome Settings in the Manage Search Engines section but it wont let me because it has this symbol (two domino blocks) and says "this setting is enforced by your administrator". I uninstalled all related software with this search engine, reinstalled google chrome, reset settings, used some software to find and delete this search engine software but nothing worked. Someone, help !

Attached Files

  • Attached File  asd.png   152.53KB   0 downloads


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:39 PM

Posted 25 May 2016 - 02:42 PM

Hello
  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
1.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
2.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Jordanas1488

Jordanas1488
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 25 May 2016 - 03:01 PM

Hello, thank you for your reply, here are my log reports from Adw Cleaner and Farbar. 

 

ADW Cleaner Report before computer reboot : 

# AdwCleaner v5.118 - Logfile created 25/05/2016 at 22:45:25
# Updated 23/05/2016 by Xplode
# Database : 2016-05-25.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : ONE - ONE-PC
# Running from : C:\Users\ONE\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\ApplicationHosting
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\Application Data\ApplicationHosting
Folder Found : C:\ProgramData\Application Data\ytd video downloader
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Users\ONE\AppData\Roaming\RPEng
Folder Found : C:\Users\ONE\AppData\Roaming\Mozilla\Firefox\Profiles\8v8m9ev9.default\extensions\search@mail.ru
Folder Found : C:\Users\ONE\AppData\Local\VirtualStore\Program Files (x86)\tencent
 
***** [ Files ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml
File Found : C:\Users\ONE\Favorites\Mail.Ru.url
File Found : C:\Users\ONE\Favorites\Mail.Ru Агент - используй для общения!.url
File Found : C:\Users\ONE\AppData\Roaming\Mozilla\Firefox\Profiles\8v8m9ev9.default\searchplugins\findit.xml
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\Users\Public\Desktop\Google Chrome.lnk ( %SNP% )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( %SNP% )
Shortcut Infected : C:\Users\ONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( %SNP% )
Shortcut Infected : C:\Users\ONE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( %SNP% )
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
Key Found : HKLM\SOFTWARE\Classes\qmgcfiles
Key Found : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E8F97CD-60B5-456F-A201-73065652D099}
Key Found : HKCU\Software\Mail.Ru
Key Found : HKCU\Software\GreenTree Applications\YTD
Key Found : HKCU\Software\AppDataLow\Software\Mail.Ru
Key Found : HKLM\SOFTWARE\Mail.Ru
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Mail.Ru
Key Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\GreenTree Applications\YTD
Key Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\AppDataLow\Software\Mail.Ru
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeeOZya-fgrGZRL_-RPuZXM39_6twJsvNMOvQ6v3ncPwKG0k42WjiH4pECisUY2tpu_6qXs2vKJ3jWM-
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeeOZya-fgrGZRL_-RPuZXM39_6twJsvNMOvQ6v3ncPwKG0k42WjiH4pECisUY2tpu_6qXs2vKJ3jWM-
Data Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Data Found : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BwkVrVpjKKaffy5AvoOXmGvJUc_8xKAoJQNH3IykBRzlovgrIHX9MTDSdXSQcI7xZ7FoGaUQ7pIqYDeteadN0CUdQg2AWvS37Wy3ehWesjG7v7kIdwGqb3sw5z56GfB2o8qpWdKxl3L1ibPQdCxlAjPRYUv-X&q={searchTerms}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
 
***** [ Web browsers ] *****
 
[C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : >
[C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip
 
*************************
 
C:\AdwCleaner\AdwCleaner[C2].txt - [8408 bytes] - [23/09/2015 00:33:32]
C:\AdwCleaner\AdwCleaner[C3].txt - [8404 bytes] - [24/09/2015 00:45:31]
C:\AdwCleaner\AdwCleaner[R0].txt - [8480 bytes] - [14/11/2014 01:50:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [7381 bytes] - [14/11/2014 01:56:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [9297 bytes] - [25/05/2016 22:45:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [8320 bytes] - [23/09/2015 00:31:33]
C:\AdwCleaner\AdwCleaner[S3].txt - [9629 bytes] - [24/09/2015 00:40:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9516 bytes] ##########

 

 
 
 
 
 
ADW Cleaner Report After Computer Reboot: 
# AdwCleaner v5.118 - Logfile created 25/05/2016 at 22:49:55
# Updated 23/05/2016 by Xplode
# Database : 2016-05-25.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : ONE - ONE-PC
# Running from : C:\Users\ONE\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\ApplicationHosting
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[#] Folder Deleted : C:\ProgramData\Application Data\ApplicationHosting
[#] Folder Deleted : C:\ProgramData\Application Data\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\Users\ONE\AppData\Roaming\RPEng
[-] Folder Deleted : C:\Users\ONE\AppData\Roaming\Mozilla\Firefox\Profiles\8v8m9ev9.default\extensions\search@mail.ru
[-] Folder Deleted : C:\Users\ONE\AppData\Local\VirtualStore\Program Files (x86)\tencent
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml
[-] File Deleted : C:\Users\ONE\Favorites\Mail.Ru.url
[-] File Deleted : C:\Users\ONE\Favorites\Mail.Ru Агент - используй для общения!.url
[-] File Deleted : C:\Users\ONE\AppData\Roaming\Mozilla\Firefox\Profiles\8v8m9ev9.default\searchplugins\findit.xml
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\ONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\ONE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] Key Deleted : HKCU\Software\Mail.Ru
[-] Key Deleted : HKCU\Software\GreenTree Applications\YTD
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Key Deleted : HKLM\SOFTWARE\Mail.Ru
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : >
[-] [C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [5543 bytes] - [25/05/2016 22:49:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [9157 bytes] - [25/05/2016 22:48:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5689 bytes] ##########
 
 
 
 
Farbar report: FRST 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016
Ran by ONE (administrator) on ONE-PC (25-05-2016 22:55:01)
Running from C:\Users\ONE\Downloads
Loaded Profiles: ONE (Available Profiles: ONE)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\avastui.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\ONE\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5515496 2015-06-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-14] ()
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-21] (Piriform Ltd)
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\Run: [C] => C:\Windows\system32\GroupPolicy\Machine\Registry.pol [750 2015-09-23] ()
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\MountPoints2: {60c1d7d7-5a19-11e4-a03c-8c89a5ff6284} - Z:\setup.exe
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\MountPoints2: {c28357fc-5a29-11e4-987e-8ba82598de44} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-23] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\ApphcuotloS\Zaammattough.dll => No File
AppInit_DLLs-x32: C:\ProgramData\ApphcuotloS\YearPlus.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-11-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy-x32: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 212.59.2.2
Tcpip\..\Interfaces\{82AAFDEC-9E9C-453B-9907-CE8059ADB23C}: [DhcpNameServer] 192.168.1.254 212.59.2.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
URLSearchHook: [S-1-5-21-3969334665-3393652028-3311092678-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-22] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ONE\AppData\Roaming\Mozilla\Firefox\Profiles\8v8m9ev9.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF SearchPlugin: C:\Users\ONE\AppData\Roaming\Mozilla\Firefox\Profiles\8v8m9ev9.default\searchplugins\google-avast.xml [2015-10-20]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-12-11]
FF HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}&trackid=sp-006
CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-05-24]
CHR Extension: (Google Drive) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10]
CHR Extension: (Google Search) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Avast Online Security) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Profile: C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-23]
CHR Extension: (YouTube) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-23]
CHR Extension: (Google Search) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-23]
CHR Extension: (Google Sheets) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-23]
CHR Extension: (Avast Online Security) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-23]
CHR Extension: (Mail.Ru) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilamgbdaebkbpkkmfmmfbnaamkhijdek [2015-09-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-23]
CHR Extension: (Домашняя страница Mail.Ru) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec [2015-09-23]
CHR Extension: (Gmail) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Визуальные Закладки Mail.Ru) - C:\Users\ONE\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnooffjhclkocplopffdbcdghmiffhji [2015-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-24] (Avast Software)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-03-14] (Ellora Assets Corp.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mi-raysat_3dsmax2010_64; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [86016 2009-03-12] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-11] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-04-20] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [766400 2012-10-08] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 RDID1130; C:\Windows\System32\Drivers\rdwm1130.sys [199680 2011-11-07] (Roland Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-10-22] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-06-24] (Avast Software)
U3 almlhzz8; C:\Windows\System32\Drivers\almlhzz8.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-25 22:55 - 2016-05-25 22:56 - 00025853 _____ C:\Users\ONE\Downloads\FRST.txt
2016-05-25 22:54 - 2016-05-25 22:55 - 00000000 ____D C:\FRST
2016-05-25 22:54 - 2016-05-25 22:54 - 02382848 _____ (Farbar) C:\Users\ONE\Downloads\FRST64.exe
2016-05-25 22:52 - 2016-05-25 22:52 - 00005771 _____ C:\Users\ONE\Desktop\AdwCleaner[C1]after reboot.txt
2016-05-25 22:48 - 2016-05-25 22:48 - 03677760 _____ C:\Users\ONE\Downloads\AdwCleaner.exe
2016-05-25 22:48 - 2016-05-25 22:48 - 00009598 _____ C:\Users\ONE\Desktop\AdwCleaner Before reboot.txt
2016-05-25 19:39 - 2016-05-25 19:39 - 00185122 _____ C:\Users\ONE\Desktop\kki ns III k 6 sem PRAKTIKOS ATSISKAITYMAS.pdf
2016-05-25 19:39 - 2016-05-25 19:39 - 00141459 _____ C:\Users\ONE\Desktop\02 08 kki III k 6 sem 2015_2016 s m praktikos paskaitu ir seminaru tvarkarastis.pdf
2016-05-24 18:13 - 2016-05-24 18:13 - 00000000 ____D C:\Users\ONE\AppData\Local\Kholat
2016-05-21 22:55 - 2016-05-21 23:27 - 25518039 _____ C:\Users\ONE\Desktop\alisa.wmv
2016-05-21 22:53 - 2016-05-21 22:53 - 04837016 _____ C:\Users\ONE\Desktop\baltas triusis.wmv.sfap0
2016-05-21 22:53 - 2016-05-21 22:53 - 04523096 _____ C:\Users\ONE\Desktop\PING PONGAS MOD.wmv.sfap0
2016-05-21 22:53 - 2016-05-21 22:53 - 04318232 _____ C:\Users\ONE\Desktop\OLA.wmv.sfap0
2016-05-21 22:53 - 2016-05-21 22:53 - 02972888 _____ C:\Users\ONE\Desktop\katinas cesyr.wmv.sfap0
2016-05-21 22:53 - 2016-05-21 22:53 - 00037856 _____ C:\Users\ONE\Desktop\baltas triusis.wmv.sfk
2016-05-21 22:53 - 2016-05-21 22:53 - 00035400 _____ C:\Users\ONE\Desktop\PING PONGAS MOD.wmv.sfk
2016-05-21 22:53 - 2016-05-21 22:53 - 00033800 _____ C:\Users\ONE\Desktop\OLA.wmv.sfk
2016-05-21 22:53 - 2016-05-21 22:53 - 00023296 _____ C:\Users\ONE\Desktop\katinas cesyr.wmv.sfk
2016-05-17 00:37 - 2016-05-17 00:37 - 00000000 ____D C:\Users\ONE\Downloads\New folder
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\Users\ONE\AppData\Roaming\MPC-HC
2016-05-17 00:24 - 2016-05-17 00:24 - 00000000 ____D C:\Program Files\Combined Community Codec Pack 64bit
2016-05-17 00:23 - 2016-05-17 00:24 - 11302536 _____ (CCCP Project ) C:\Users\ONE\Downloads\Combined-Community-Codec-Pack-64bit-2015-10-18.exe
2016-05-17 00:21 - 2016-05-17 00:21 - 726145024 _____ C:\Users\ONE\Desktop\nympho-ymtms3.cd2.avi
2016-05-17 00:20 - 2016-05-17 00:21 - 733315072 _____ C:\Users\ONE\Desktop\nympho-ymtms3.cd1.avi
2016-05-09 14:04 - 2016-05-09 14:04 - 00223036 _____ C:\Users\ONE\Desktop\Praktikos-atsiskaitymo-forma_2015.pdf
2016-05-09 14:03 - 2016-05-09 14:03 - 00223036 _____ C:\Users\ONE\Downloads\Praktikos-atsiskaitymo-forma_2015.pdf
2016-05-08 15:14 - 2016-05-08 20:58 - 00000000 ____D C:\Users\ONE\AppData\Roaming\FxPro-cTraderCommon
2016-05-08 15:14 - 2016-05-08 15:15 - 00000000 ____D C:\Users\ONE\AppData\Roaming\cTrader
2016-05-08 15:14 - 2016-05-08 15:14 - 00000000 ____D C:\Users\ONE\Documents\cTrader
2016-05-08 15:14 - 2016-05-08 15:14 - 00000000 ____D C:\Users\ONE\Documents\cAlgo
2016-05-08 15:14 - 2016-05-08 15:14 - 00000000 ____D C:\Users\ONE\AppData\Roaming\FxPro-cTraderUsers
2016-05-08 15:13 - 2016-05-08 15:14 - 00000000 ____D C:\Users\ONE\AppData\Roaming\FxPro-cTrader
2016-05-08 15:13 - 2016-05-08 15:13 - 00502656 _____ () C:\Users\ONE\Downloads\ctrader-fxpro-setup.exe
2016-05-08 15:13 - 2016-05-08 15:13 - 00000278 _____ C:\Users\ONE\Desktop\FxPro cTrader.appref-ms
2016-05-08 15:13 - 2016-05-08 15:13 - 00000000 ____D C:\Users\ONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FxPro cTrader
2016-05-07 16:49 - 2016-05-07 16:49 - 367157261 _____ C:\Users\ONE\cd11219_1500.mp4
2016-05-07 16:47 - 2016-05-07 16:47 - 00000887 _____ C:\Users\ONE\Downloads\DiskDigger_1.8.0.1701_[Multilanguage]_[License_Key]_[AT-TEAM].torrent
2016-05-07 16:36 - 2016-05-07 16:36 - 00386919 _____ C:\Users\ONE\Downloads\diskdigger.zip
2016-05-06 11:15 - 2016-05-06 11:15 - 02014875 _____ C:\Users\ONE\Downloads\1.wmv
2016-05-05 00:28 - 2016-05-05 00:28 - 07597541 _____ C:\Users\ONE\Desktop\katinas cesyr.wmv
2016-05-05 00:28 - 2016-05-05 00:28 - 00019560 _____ C:\Users\ONE\Desktop\katinas cesyr.veg
2016-05-05 00:19 - 2016-05-05 00:19 - 00014016 _____ C:\Users\ONE\Desktop\CHESHIRO KAINAS.mp4.sfk
2016-05-05 00:12 - 2016-05-05 00:13 - 03565589 _____ C:\Users\ONE\Desktop\KAralienė teismo salė galvos fg.wmv
2016-05-05 00:12 - 2016-05-05 00:12 - 00025560 _____ C:\Users\ONE\Desktop\KAralienė teismo salė galvos fg.veg
2016-05-04 23:45 - 2016-05-04 23:47 - 00025720 _____ C:\Users\ONE\Desktop\KAralienė teismo salė galvos.mp4.sfk
2016-05-04 23:28 - 2016-05-04 23:29 - 01909601 _____ C:\Users\ONE\Desktop\baltas triusis.wmv
2016-05-04 23:28 - 2016-05-04 23:28 - 00035472 _____ C:\Users\ONE\Desktop\baltas triusis.veg
2016-05-04 23:04 - 2016-05-04 23:04 - 00030520 _____ C:\Users\ONE\Desktop\BALTAS TRIUŠIS.mp4.sfk
2016-05-04 22:56 - 2016-05-04 22:57 - 01253589 _____ C:\Users\ONE\Desktop\PING PONGAS MOD.wmv
2016-05-04 19:47 - 2016-05-04 22:53 - 13829583 _____ C:\Users\ONE\Desktop\OLA.wmv
2016-05-04 19:47 - 2016-05-04 22:52 - 00019352 _____ C:\Users\ONE\Desktop\OLA.veg
2016-05-04 19:47 - 2016-05-04 19:47 - 00019592 _____ C:\Users\ONE\Desktop\OLA.veg.bak
2016-05-04 19:36 - 2016-05-04 19:36 - 01469228 _____ C:\Users\ONE\Desktop\low to,m2x.wav
2016-05-04 19:34 - 2016-05-04 19:40 - 00007720 _____ C:\Users\ONE\Desktop\ADDrop.sfk
2016-05-04 19:24 - 2016-05-04 22:58 - 00018640 _____ C:\Users\ONE\Desktop\PING PONGAS MOD.veg
2016-05-04 19:24 - 2016-05-04 19:29 - 00040760 _____ C:\Users\ONE\Desktop\Krytis i ola MOD.wmv.sfk
2016-05-04 19:24 - 2016-05-04 19:24 - 05208728 _____ C:\Users\ONE\Desktop\Krytis i ola MOD.wmv.sfap0
2016-05-04 19:24 - 2016-05-04 19:24 - 00019664 _____ C:\Users\ONE\Desktop\PING PONGAS MOD.veg.bak
2016-05-04 19:17 - 2016-05-04 19:20 - 00202456 _____ C:\Users\ONE\Desktop\Scary Sound Effects.mp3.sfk
2016-05-04 18:44 - 2016-05-04 18:44 - 21041798 _____ C:\Users\ONE\Desktop\CHESHIRO KAINAS.mp4
2016-05-04 18:28 - 2016-05-04 18:27 - 00425199 _____ C:\Users\ONE\Desktop\CHESHIRO KAINAS.pdf
2016-05-04 03:12 - 2016-05-04 03:12 - 08312241 _____ C:\Users\ONE\Desktop\KAralienė teismo salė galvos.mp4
2016-05-04 00:37 - 2016-05-04 00:37 - 01791853 _____ C:\Users\ONE\Desktop\BALTAS TRIUŠIS.mp4
2016-05-02 17:05 - 2016-05-02 17:05 - 00462174 _____ C:\Users\ONE\Downloads\ASIO4ALL_2_13_English.exe
2016-04-27 17:37 - 2016-04-27 17:37 - 00180581 _____ C:\Users\ONE\Downloads\The.Sims.4-RELOADED_.torrent
2016-04-27 02:00 - 2016-04-27 02:00 - 00000099 _____ C:\Users\ONE\Desktop\augalai.txt
2016-04-25 16:17 - 2016-04-25 16:31 - 00000000 ____D C:\Users\ONE\Documents\Assassin's Creed Revelations
2016-04-25 16:17 - 2016-04-25 16:17 - 00000000 ____D C:\ProgramData\Ubisoft
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-25 22:51 - 2015-09-23 00:40 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-25 22:51 - 2014-11-25 22:06 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-25 22:51 - 2014-10-21 19:29 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-25 22:51 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-25 22:49 - 2015-09-23 00:41 - 00001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-25 22:49 - 2015-09-23 00:41 - 00001290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-25 22:49 - 2014-11-14 01:50 - 00000000 ____D C:\AdwCleaner
2016-05-25 22:49 - 2014-10-21 19:20 - 00000985 _____ C:\Users\ONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-25 22:49 - 2009-07-14 07:45 - 00020784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-25 22:49 - 2009-07-14 07:45 - 00020784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-25 22:25 - 2014-11-03 22:54 - 00000000 ____D C:\Users\ONE\AppData\Roaming\vlc
2016-05-25 22:01 - 2015-09-23 00:40 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-25 18:58 - 2014-10-22 23:19 - 00000000 ____D C:\Users\ONE\Desktop\Games
2016-05-25 18:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-05-24 20:53 - 2014-10-22 19:38 - 00000000 ____D C:\Users\ONE\AppData\Roaming\BitComet
2016-05-24 18:04 - 2014-10-22 21:27 - 00000000 ____D C:\Users\ONE\AppData\Roaming\DAEMON Tools Lite
2016-05-23 14:35 - 2016-03-30 17:09 - 00000000 ____D C:\Users\ONE\AppData\Local\CrashDumps
2016-05-23 14:30 - 2009-07-14 08:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-15 22:54 - 2014-12-12 14:53 - 00000000 ____D C:\Users\ONE\AppData\Local\Deployment
2016-05-15 13:54 - 2014-10-31 00:15 - 00000352 _____ C:\Windows\Tasks\Driver Robot.job
2016-05-12 13:56 - 2015-09-23 00:40 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-12 13:56 - 2015-09-23 00:40 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-07 16:49 - 2014-10-21 19:19 - 00000000 ____D C:\Users\ONE
2016-05-05 23:03 - 2015-10-07 18:37 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-05-04 22:55 - 2015-12-24 02:23 - 00000000 ____D C:\Users\ONE\Desktop\Dovilei
2016-05-04 19:29 - 2015-12-24 01:27 - 00000000 ____D C:\Users\ONE\Documents\Addictive Drums 2 Logs
2016-05-03 19:35 - 2014-10-22 12:18 - 00000000 ____D C:\Users\ONE\Desktop\___FAILAI___
2016-05-03 12:51 - 2015-12-24 02:25 - 00000000 ____D C:\Program Files (x86)\Free MIDI to MP3 Converter
2016-05-02 17:06 - 2016-01-14 15:24 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
 
==================== Files in the root of some directories =======
 
2015-09-23 16:12 - 2015-09-23 16:12 - 4875861 _____ () C:\Program Files\Common Files\h2nzaka4.exe
2016-04-24 22:50 - 2016-04-24 22:50 - 0001456 _____ () C:\Users\ONE\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-09-23 12:33 - 2015-09-23 12:33 - 0000187 _____ () C:\Users\ONE\AppData\Local\toughdexon.exe.config
2014-10-22 01:22 - 2014-10-22 01:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-03 12:28 - 2015-02-11 17:34 - 0001663 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\ONE\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
C:\Users\ONE\AppData\Local\Temp\libeay32.dll
C:\Users\ONE\AppData\Local\Temp\msvcr120.dll
C:\Users\ONE\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\ONE\AppData\Local\Temp\nvStInst.exe
C:\Users\ONE\AppData\Local\Temp\sqlite3.dll
C:\Users\ONE\AppData\Local\Temp\ubi17B6.tmp.exe
C:\Users\ONE\AppData\Local\Temp\ubiDBD1.tmp.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-25 01:13
 
==================== End of FRST.txt ============================
 
 
 
Farbar report additional
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016
Ran by ONE (2016-05-25 22:57:12)
Running from C:\Users\ONE\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-10-21 16:19:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3969334665-3393652028-3311092678-500 - Administrator - Disabled)
Guest (S-1-5-21-3969334665-3393652028-3311092678-501 - Limited - Disabled)
ONE (S-1-5-21-3969334665-3393652028-3311092678-1000 - Administrator - Enabled) => C:\Users\ONE
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.85.3 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Alice. Madness Returns (HKLM-x32\...\Alice. Madness Returns_is1) (Version:  - )
Alien Isolation (HKLM-x32\...\Alien Isolation_is1) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.2 - Frictional Games)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 12 v.12.0.1 (HKLM-x32\...\Ashampoo Burning Studio 12_is1) (Version: 12.0.1 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
ASUS Android USB Drivers (HKLM\...\{F6AEADC0-6B97-430E-B78A-C1D633A6528D}) (Version: 4.0.6753 - ASUSTeK Computer Inc.)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.0.0.0 - Auslogics Labs Pty Ltd)
Autodesk 3ds Max 2010 64-bit (HKLM\...\{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}) (Version: 12.0 - Autodesk)
Autodesk 3ds Max 2010 64-bit Components (HKLM\...\{B9E591DD-DAAC-0409-B1B8-5667E359170B}) (Version: 12.0 - Autodesk)
Autodesk Backburner 2008.1 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1.1 - Autodesk, Inc.)
Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit (HKLM\...\Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit) (Version:  - Autodesk)
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk)
Autodesk Pixlr (x32 Version: 1.1.1.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
B109n-z (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
BioShock Infinite Burial at Sea - Episode 1 (HKLM-x32\...\QmlvU2hvY2tJbmZpbml0ZQ==_is1) (Version: 1 - )
Bioshock Infinite Burial at Sea Episode 2 (HKLM-x32\...\Qmlvc2hvY2tJbmZpbml0ZQ==_is1) (Version: 1 - )
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Clive Barker's Jericho (HKLM-x32\...\{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}) (Version: 0.10.0000 - Codemasters)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Coolmuster Android SMS + Contacts Recovery (HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\Coolmuster Android SMS + Contacts Recovery) (Version: 2.2.4.53 - Coolmuster)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dying Light (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
FxPro cTrader (HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\...\3adaa2a4f1ebb465) (Version: 1.35.64939.34830 - FxPro cTrader)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{722B4A13-F24D-43AE-8813-5DB82C0B23C2}) (Version:  - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 es-ES)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 2.5.6 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oddworld - New 'n' Tasty (HKLM-x32\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2135 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhoneRescue 1.7.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 1.7.0 - iMobie Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B109n-z_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.6 - Rockstar Games)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SOMA (HKLM\...\U09NQQ==_is1) (Version: 1 - )
SpyHunter (HKLM-x32\...\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}) (Version: 4.11.10.4138 - Enigma Software Group USA, LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.0.1 - Toontrack)
System Requirements Lab CYRI (HKLM-x32\...\{2DF5765E-5386-4540-9383-DBC9A0A596F9}) (Version: 6.0.15.0 - Husdawg, LLC)
TD-11 Driver (HKLM\...\RolandRDID0130) (Version:  - Roland Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TumblingJazz version 1.453 (HKLM-x32\...\{92610ACA-63D9-44DA-99E3-9689F5B572C0}_is1) (Version: 1.453 - Rootjazz)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B2028FB-C393-4E15-963B-7420ECAF15E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-21] (Piriform Ltd)
Task: {2A95516C-0BCD-443D-BE3B-59485B4B4DDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {40CF5E37-D389-491E-92DB-E9C9AF878CC3} - System32\Tasks\Launch ASUS Sync Loader => C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
Task: {76A76DFF-078F-4335-8428-97760C8CBE68} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-03-22] (Avast Software s.r.o.)
Task: {95E6C22F-354B-42F8-8C87-13047E30E41C} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {99B8B2A5-A59E-4FFF-8AB3-27D8161D5D28} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\Driver Robot.lnk
Task: {A6ECB83E-6EC4-4652-83F8-4131E7D10F5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {B06FCC1F-00B4-41B0-9876-C9B56F7C59A9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {BCF0C9B5-F690-48F3-AD1E-CF933936F003} - System32\Tasks\{BBD07FC0-9004-42C4-8A5B-4CF017A7AE02} => pcalua.exe -a "C:\Program Files (x86)\CnCGenerals\Generals\support\Generals_uninst.exe" -d "C:\Program Files (x86)\CnCGenerals\Generals\support"
Task: {FD477FF6-AA3E-4663-8B65-7241EEAF23F5} - System32\Tasks\dmrpsxx3 => C:\Program Files\Common Files\r2l4tn3b\5f880mlyocill.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\Driver Robot.lnk
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-21 19:28 - 2016-03-22 05:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-05-04 15:41 - 2012-05-04 15:41 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-11-13 14:30 - 2011-11-13 14:30 - 00676864 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-11-13 14:31 - 2011-11-13 14:31 - 03643392 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-03 15:41 - 2016-03-14 16:44 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2009-03-12 17:39 - 2009-03-12 17:39 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
2016-03-28 19:01 - 2016-01-12 07:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-20 22:57 - 2016-04-20 22:57 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-05-13 11:02 - 2016-05-11 06:49 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 11:02 - 2016-05-11 06:49 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2015-06-24 19:49 - 2015-06-24 19:49 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-06-24 19:48 - 2015-06-24 19:48 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-05-25 18:00 - 2016-05-25 18:00 - 02977888 _____ () C:\Program Files\Alwil Software\Avast5\defs\16052501\algo.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-12 17:02 - 2016-01-12 07:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-19 18:59 - 2015-03-19 18:59 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:15NdhuzlIBUX04Cl33Bpd [2268]
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:KDgtaevCuZnAYbSxKYiQZMZoH [2254]
AlternateDataStreams: C:\ProgramData\Microsoft:FOc7pv1C0rmjOax4WE1iXq3 [2364]
AlternateDataStreams: C:\ProgramData\Microsoft:z8zWWpuPnEi0t2uUt4M8Vdr [560]
AlternateDataStreams: C:\Users\ONE\AppData\Local\Temp:SVK3IJLeNMwgjw5LgM [2092]
AlternateDataStreams: C:\Users\ONE\AppData\Local\wVrgxojK:U5eQT567Y7Y5DHrziUDw [2268]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3969334665-3393652028-3311092678-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ONE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 212.59.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0B15B3BA-B52D-45B0-8E8B-3C63D1609338}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{318D4487-EFFE-4776-9F2A-96C6F5A082C9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{44DB25C9-0435-48EF-8AA2-FF93E111BA93}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{39F245A1-7D2C-4E5E-8B5D-6C16596BFDA1}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{0D71D1D5-4184-4D06-99F1-9B58A8A5A25A}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{74CC6AFD-14BB-48B9-B184-EEF6D90827C9}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{B3CDA1D8-88C9-4C69-9D74-26154758A009}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{04F79E6D-6E82-45BF-9657-9F019B44F0B5}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{C1BB0BDD-7144-4DFD-A3D2-2BF3ABEF60EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{58824227-D099-4B1D-A475-1D0769C82DFA}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{AFEBD6E5-E444-4950-A5CA-812A79788C57}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{C7155C8C-0D93-4E25-94A6-DF9DC362DDBF}] => (Allow) C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{C788F927-0E02-45F7-A474-85837184FFD0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3C42232-2A30-4F1A-BDA6-F333232F7FFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20453345-B398-4850-8ED5-5C8DC637C636}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB175A69-BBB8-4EFE-BFAB-D9F21138AA84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C4D10851-D07B-4E02-8C8E-C065E1B945CF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3955DF0C-4802-4D83-BF19-2EECF498E742}C:\program files (x86)\alien isolation\ai.exe] => (Allow) C:\program files (x86)\alien isolation\ai.exe
FirewallRules: [UDP Query User{1686309D-DDAA-4606-9DB9-12A51DEE3CDA}C:\program files (x86)\alien isolation\ai.exe] => (Allow) C:\program files (x86)\alien isolation\ai.exe
FirewallRules: [{1A61575D-D800-4478-85CA-2FA1747313DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{48322153-28A4-47E2-8C70-521D0922E388}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{9684ECC6-A40B-4C19-8531-DA431B11B242}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D9E255FB-A3DB-43ED-9A3E-AB789D3F84B5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A42C2DD5-2705-4F51-AAFB-18C415C9D886}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{121B228E-6644-454C-9C29-859734E21D3B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{675FD2E5-3BDB-4D34-8FBA-B0FD7C8E2A75}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{AA9C87C0-8AD4-4471-9BCC-5423E6D3BBAE}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D78C06D6-16CF-4D8C-9D10-2CA993CF48CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{33F48B4C-7506-44F6-ADB9-45C14E84DC20}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{E76EC820-CF5C-4FB0-B659-D375259E9DA8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{ECB03CBF-70D9-414E-A9C3-B0279D007468}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{450D373C-4A1D-488B-A6AA-C8E83B7467C0}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{219BCD29-63DB-41DF-B362-7EC01E225FE9}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{29ACD79C-ED7D-4145-A1AE-26E4D838F97A}] => (Allow) LPort=18520
FirewallRules: [{E8CA95FB-A304-40FB-BFA4-B7D868CDF611}] => (Allow) LPort=18520
FirewallRules: [{D3CCFF5E-D4AB-4797-BDE1-8CF4BC3E8617}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{AE53FB70-FB5E-457D-A2D0-A964756FB6B8}C:\program files (x86)\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{075DAC36-F03D-47BA-B790-F9FC4EDAF812}C:\program files (x86)\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{7CCAA8C7-2836-4349-818A-63DCD4E47FF8}C:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Allow) C:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [UDP Query User{623C11FB-72C5-4C87-B334-857896D03A1F}C:\gog games\oddworld - new 'n' tasty\nnt.exe] => (Allow) C:\gog games\oddworld - new 'n' tasty\nnt.exe
FirewallRules: [{289CB04C-756E-4B09-9BC0-FDD5D7C1C97B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9FC260DF-83AC-49D1-BADE-A6DC645AD203}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D4E8028-9760-4E6C-8018-7D73993AFED7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{821B2FC2-B753-4E4C-AF98-DAE02440052B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{BD8DFAAE-20C4-42CA-AFFB-331AF74E5CBF}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{3AA51ACC-5E46-4899-B24F-427430439985}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{95D9C9E2-AB63-422F-842C-45030BCBD82E}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{8AFDF200-FB00-469F-B2D9-2D10F3F6EDB7}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{9F6C5830-0A40-4382-9B2A-94ED198BA276}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{E0111D50-21D9-4171-A7BF-82B7D0555CD4}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64.exe
FirewallRules: [{6A334FC8-495E-48B9-B9F6-F1621F715807}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{4A324CAA-0057-4783-B2BC-B90AFD588470}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe
FirewallRules: [{31B3CCDF-C438-45CA-AD47-7D6C93276092}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [{D38CA317-54BD-45D7-B09A-F493A408D2E2}] => (Allow) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
FirewallRules: [{B62D1150-2EBE-404D-BA14-A81F0ACC198D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{6E45F7E9-88DC-41BE-8FB7-857AAEC2C6CC}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{BD953969-9C98-4E0B-827A-A8541369321F}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{79C9D56A-C68A-4F0E-9C5D-5E4ECC0181A8}] => (Allow) C:\Program Files\Alwil Software\Avast5\ng\vbox\aswFe.exe
FirewallRules: [{61F10E76-878C-41BD-9959-BE2FB8FFDEF9}] => (Allow) C:\Program Files (x86)\Ubisoft\bin\Watch_Dogs.exe
FirewallRules: [{EBD2BFB9-A321-4590-9A80-DAFB2629772C}] => (Allow) C:\Program Files (x86)\Ubisoft\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{7BA0A556-1CC6-4CB9-BD74-3C0BA244D746}C:\program files (x86)\alice. madness returns\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\alice. madness returns\binaries\win32\alicemadnessreturns.exe
FirewallRules: [UDP Query User{B1E8D2A0-9173-4E8B-8B54-CCF30B63D54C}C:\program files (x86)\alice. madness returns\binaries\win32\alicemadnessreturns.exe] => (Block) C:\program files (x86)\alice. madness returns\binaries\win32\alicemadnessreturns.exe
FirewallRules: [{0DDAEDBA-6C06-48F9-B8A9-379BB4FFF652}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0A60B031-B81F-42F0-834C-8D5F1250FC4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{846CB52A-6745-4299-94EB-C1D17E2C1BD7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{345CE566-4048-40EB-97A6-4FFA5DE80FA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{17F63D10-D920-4F5B-9BC5-5B68575772A3}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{CAF7A02F-661F-4C71-AEDD-29DD9166BB9E}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Allow) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{625F70BB-F23A-4CF1-94D7-84D3BB4C584A}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Block) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{39DEB31B-FDCE-4BD9-8D8E-F4F38136F10F}C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe] => (Block) C:\program files (x86)\r.g. mechanics\max payne 3\maxpayne3.exe
FirewallRules: [{EA4935C5-4436-4D0A-ACA6-AFCB19BD90B9}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe
FirewallRules: [TCP Query User{D8C026B4-CA37-4045-A948-4658FFF3A7AA}C:\program files (x86)\call of duty black ops iii\blackops3.exe] => (Block) C:\program files (x86)\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{5EED67E7-F2C4-42C1-B48C-255ACD49C84F}C:\program files (x86)\call of duty black ops iii\blackops3.exe] => (Block) C:\program files (x86)\call of duty black ops iii\blackops3.exe
FirewallRules: [{8433FD27-338C-45AE-BFA1-1FAC6A673435}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1A20D290-4389-4F6F-8596-ED9C8B73EE9F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2418DF50-BAA5-46F5-854F-4362953402EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{02F5A0E0-21CB-48B0-AF19-33C8C50D8960}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1D159A2A-538C-4529-9A17-F5F84429188A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D9E5331A-C43F-4DB0-927C-113426033CC5}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2CB43DE9-D459-4F30-92BE-2D97BCCF4AB4}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{A3CEABC8-D1BB-42A6-A247-7A78EF0946BB}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{5F18D5F0-07A7-49F7-93BA-72FD2BC2A911}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{6C23FED2-76DD-4B18-BC61-FC46EC454402}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4.exe
FirewallRules: [{9F0C9E42-C427-4D31-A5B1-CA0E16B5DC90}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4.exe
FirewallRules: [{821E5178-4E74-4F9E-96D0-47199AA1A6FF}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4.exe
FirewallRules: [{FF950818-59B2-476D-A290-1DBFA5A9E17B}] => (Allow) C:\Program Files (x86)\Fallout 4\Fallout4.exe
FirewallRules: [{94C22E34-6A6D-4320-9675-4E2FD583F9A7}] => (Block) %ProgramFiles% (x86)\Fallout 4\Fallout4.exe
FirewallRules: [{CFED5212-E229-44FD-9BEA-03DDE74CBA39}] => (Block) %ProgramFiles% (x86)\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7C5F3ED2-51AC-48A6-BB43-CE0A0EF56A8F}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{76C6FF1F-8654-435A-B3F8-9C6CD0335522}] => (Allow) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{EF80ECAD-3FCE-440C-9C68-D7A7F69E3C12}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{CC28BB85-F7CA-415E-AE68-314FDE5D6E83}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [TCP Query User{828805F8-A87B-40E5-BAFB-147FB6ADC38D}C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe] => (Block) C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{E4CFF368-0AAE-48B3-A802-094259C7C117}C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe] => (Block) C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{AC13FF68-3F4F-4C39-A4B2-5410CA5FF332}C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe] => (Block) C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{FB56AF9A-6409-4B12-A961-224C71495153}C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe] => (Block) C:\downloads\--..programos..__\grand theft auto v-full unlocked-sg\grand theft auto v\gta5.exe
FirewallRules: [{2B2B8CB6-FCFF-40C0-A068-17F01EF7A4FE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C652421C-C37B-4427-9206-A82CFAE840A0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0323CDD6-9694-4AD1-B16C-65222C5FD10E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{07B0B843-3F16-4590-8ADE-6047D5B27516}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{607BA82B-2E4B-484C-A8DB-7D7BE3C6B462}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{C72796A0-5EB7-4C61-A303-748B00C7FEE6}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{E2933B95-2B4D-48D3-8BDF-9C35E17BBEEE}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{335EC92E-E022-4609-8803-380BC2EA5768}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{9702F3EA-8CC8-46E6-A269-F56A395E620A}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{EC430F24-03DC-4A6F-B81F-45FA1C4FD7C6}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{6F21D717-BF2F-4C7E-B949-23AF87B7EFA7}] => (Block) %ProgramFiles% (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{504A9453-BE9B-4031-A1AF-5686C6180214}] => (Block) %ProgramFiles% (x86)\Ubisoft\Assassin's Creed Revelations\ACRPR.exe
FirewallRules: [{04E70AFE-279F-46E6-8D9A-B83C9D6BE4DC}] => (Block) %ProgramFiles% (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{78291AE9-6996-418C-A528-2A7D3278656F}] => (Block) %ProgramFiles% (x86)\Ubisoft\Assassin's Creed Revelations\ACRPR.exe
FirewallRules: [{D0B266AC-42F8-4A18-9286-87F19BCD894C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-05-2016 20:14:51 Scheduled Checkpoint
16-05-2016 15:19:49 Scheduled Checkpoint
25-05-2016 01:20:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Photosmart Wireless B109n-z
Description: Photosmart Wireless B109n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Wireless B109n-z
Description: Photosmart Wireless B109n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/25/2016 10:51:16 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (05/25/2016 10:42:24 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/25/2016 09:42:24 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/25/2016 08:42:24 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/25/2016 07:42:24 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/25/2016 06:42:23 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/25/2016 05:56:51 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (05/25/2016 12:59:48 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/24/2016 11:59:48 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/24/2016 10:59:48 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (05/25/2016 10:49:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/25/2016 10:49:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/25/2016 10:49:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/25/2016 10:49:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Corel License Validation Service V2 x64, Powered by arvato service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/25/2016 10:49:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/25/2016 10:49:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/25/2016 10:49:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/25/2016 10:49:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/25/2016 10:49:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/25/2016 10:49:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FreemakeVideoCapture service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-01-09 15:51:16.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-09 15:51:15.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-09 15:51:15.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-09 15:51:15.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 58%
Total physical RAM: 8191.18 MB
Available physical RAM: 3407.61 MB
Total Virtual: 16380.57 MB
Available Virtual: 11375.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:318.38 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:232.81 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2D9E4983)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C3CE9A3C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
I hope this helps :)
 
 
 


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:39 PM

Posted 25 May 2016 - 04:01 PM

1.
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

SPYHUNTER

Additional instructions can be found here if needed.

2.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




How is the computer running after this fix?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:39 PM

Posted 07 June 2016 - 09:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users