User Tag List

Yandex.ru

This is a discussion on Yandex.ru within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I accidentally downloaded myself yandex.ru. I tried to update my sound drivers and then suddenly it was there. My


 
 
Thread Tools Search this Thread
Old 11-29-2015, 04:20 AM   #1
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10


Question

Hi,
I accidentally downloaded myself yandex.ru. I tried to update my sound drivers and then suddenly it was there. My bad, I know.
But this yandex is now impossible to get rid of! Yeah, I followed every advice in the internet to disable yandex search bar and so on, but my Firefox is still in Russian only, Extermanite It! finds every time again a file called yandex.ru which is impossible to kill even manually and there is nothing I can do.
Most of the help on the net tries to explain how to get rid of the yandex search bar which is actually just the tip of the iceberg. I also downloaded AdwCleaner which didn't help me at all.
Hence the question - how to get rid of it for real? What am I supposed to do?
Keefan is offline  
Sponsored Links
Advertisement
 
Old 11-29-2015, 11:13 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please post the latest AdwCleaner log using the Cleaning function. It can be found at C:\AdwCleaner\AdwCleaner[C#].txt

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-29-2015, 02:45 PM   #3
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



Thanks!
Here's the AdwCleaner log:

# AdwCleaner v5.022 - Logfile created 29/11/2015 at 13:30:45
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 3 (x64)
# Username : kasutaja66 - KASUTAJA66-PC
# Running from : C:\Users\kasutaja66\Downloads\adwcleaner_5.022.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\SmartTweak Software
[-] Folder Deleted : C:\Program Files (x86)\TweakBit
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\SoftSafe
[-] Folder Deleted : C:\ProgramData\StarApp
[-] Folder Deleted : C:\ProgramData\Uniblue
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\ProgramData\BBrowsse2savye
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[-] Folder Deleted : C:\Users\kasutaja66\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\kasutaja66\AppData\Local\Slick Savings
[-] Folder Deleted : C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj
[-] Folder Deleted : C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof
[-] Folder Deleted : C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Not Deleted : C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj
[!] Folder Not Deleted : C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof

***** [ Files ] *****

[-] File Deleted : C:\END

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] Key Deleted : HKCU\Software\StartSearch
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\InstallIQ
[-] Key Deleted : HKLM\SOFTWARE\SProtector
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Nation toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\2890B659C4354C079E2F9A1CF158CCC1
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****

[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cikkkfooompgefbcjlgdjejfdknkheaj
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cikkkfooompgefbcjlgdjejfdknkheaj
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gpiifgmgnfdiblgpaepbmfdkcheicgof
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gpiifgmgnfdiblgpaepbmfdkcheicgof
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hbcennhacfaagdopikcegfcobcadeocj
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfndaklgolladniicklehhancnlgocpp

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5564 bytes] ##########
Keefan is offline  
Sponsored Links
Advertisement
 
Old 11-29-2015, 02:50 PM   #4
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



And now I got two huge reports from Farbar Recovery Scan Tool. Here comes the first one:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
Ran by kasutaja66 (administrator) on KASUTAJA66-PC (30-11-2015 00:46:58)
Running from C:\Users\kasutaja66\Desktop
Loaded Profiles: kasutaja66 (Available Profiles: kasutaja66)
Platform: Windows 7 Home Premium Service Pack 3 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-11-20] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [DriverPack Notifier] => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [265456 2015-10-21] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\Run: [Google Update] => C:\Users\kasutaja66\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {71c9595b-f7de-11e0-a8fb-4487fc548dae} - F:\Setup\rsrc\Autorun.exe
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {788f14d9-d006-11e2-a411-4487fc548dae} - F:\setup.exe
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
AppInit_DLLs-x32: c:\users\kasutaja66\documents\iterra\jgzaryb.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{605B6E66-90FE-4E05-B907-0340CEF1CFEA}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=204&clid=2100767-002
BHO: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie64.dll [2015-06-02] (RIA)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll [2015-06-02] (RIA)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\kasutaja66\AppData\Roaming\Mozilla\Firefox\Profiles\iitecx04.default-1448794494894
FF DefaultSearchEngine: Google
FF Homepage: hxxps://www.google.ee/?gfe_rd=cr&ei=HdpaVufwAuyO8QeVk6DYBw&gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll [2015-08-28] (RIA)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll [2015-08-28] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2796324459-3983397100-315245851-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\kasutaja66\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2796324459-3983397100-315245851-1000: @talk.google.com/O1DPlugin -> C:\Users\kasutaja66\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2796324459-3983397100-315245851-1000: @tools.google.com/Google Update;version=3 -> C:\Users\kasutaja66\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2796324459-3983397100-315245851-1000: @tools.google.com/Google Update;version=9 -> C:\Users\kasutaja66\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2796324459-3983397100-315245851-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kasutaja66\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-01-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2796324459-3983397100-315245851-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-11-01] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-07-11] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\kasutaja66\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\kasutaja66\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-28] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-11-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: Estonian ID Card authentication module - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2015-08-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-19]
CHR Extension: (Google Drive) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23]
CHR Extension: (Token signing) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2015-06-24]
CHR Extension: (Google Search) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Google Docs Offline) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Avast Online Security) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-22]
CHR Extension: (Gmail) - C:\Users\kasutaja66\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]

Opera:
=======
OPR StartupUrls: "hxxp://www.yandex.ru/?win=204&clid=2100767-002"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-01] (Avast Software)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-09-23] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-01-20] (BitRaider, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-28] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2015-11-28] (Enigma Software Group USA, LLC.)
S3 Survarium-Steam Update Service; C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [96856 2015-10-09] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-09-07] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
S3 atrfiltr; C:\Windows\System32\drivers\atrfiltr.sys [16224 2013-11-28] (Windows (R) Win 7 DDK provider)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-02-18] (BitRaider)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [187264 2013-08-19] (HID Global Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-11-28] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-28] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.)
U5 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-10-22] (Synaptics Incorporated)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-01] (Avast Software)
U5 WinUsb; C:\Windows\System32\Drivers\WinUsb.sys [41984 2010-11-21] (Microsoft Corporation)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
U4 secdrv; no ImagePath
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 00:46 - 2015-11-30 00:47 - 00025016 _____ C:\Users\kasutaja66\Desktop\FRST.txt
2015-11-30 00:46 - 2015-11-30 00:46 - 02350080 _____ (Farbar) C:\Users\kasutaja66\Desktop\FRST64.exe
2015-11-30 00:46 - 2015-11-30 00:46 - 00000000 ___DC C:\FRST
2015-11-29 13:29 - 2015-11-29 13:30 - 00000000 ___DC C:\AdwCleaner
2015-11-29 13:28 - 2015-11-29 13:28 - 01733632 _____ C:\Users\kasutaja66\Downloads\adwcleaner_5.022.exe
2015-11-28 18:42 - 2015-11-29 12:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-28 18:41 - 2015-11-28 18:41 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Curiolab
2015-11-28 18:38 - 2015-11-29 14:21 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2015-11-28 18:38 - 2015-11-28 18:38 - 00001088 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2015-11-28 18:38 - 2015-11-28 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2015-11-28 18:35 - 2015-11-28 18:38 - 156234376 _____ (CURIOLAB S.M.B.A.) C:\Users\kasutaja66\Downloads\ExterminateItSetup.exe
2015-11-28 15:17 - 2015-11-28 15:17 - 00003356 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-11-28 15:17 - 2015-11-28 15:17 - 00001054 _____ C:\Users\kasutaja66\Desktop\SpyHunter.lnk
2015-11-28 15:17 - 2015-11-28 15:17 - 00000000 ___DC C:\sh4ldr
2015-11-28 15:17 - 2015-11-28 15:17 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-11-28 15:17 - 2015-11-28 15:17 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Enigma Software Group
2015-11-28 15:17 - 2015-11-28 15:17 - 00000000 ____C C:\autoexec.bat
2015-11-28 15:16 - 2015-11-28 15:16 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-11-28 15:16 - 2015-11-28 15:16 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-11-28 15:15 - 2015-11-28 15:16 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\kasutaja66\Downloads\SpyHunter-Installer.exe
2015-11-28 14:51 - 2015-11-28 14:51 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-11-28 14:50 - 2015-11-28 14:50 - 00000000 ____D C:\Program Files\Synaptics
2015-11-28 14:47 - 2014-01-30 10:17 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-11-28 14:46 - 2015-10-22 10:06 - 00042600 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-11-28 14:46 - 2015-10-09 21:30 - 08910664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-11-28 14:46 - 2015-10-09 21:29 - 08705552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-11-28 14:46 - 2015-10-09 21:29 - 00159768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-11-28 14:46 - 2015-10-09 21:29 - 00119744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-11-28 14:46 - 2015-10-09 21:29 - 00119744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-11-28 14:46 - 2015-10-09 21:29 - 00102040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-11-28 14:46 - 2015-10-09 21:29 - 00102040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-11-28 14:46 - 2015-10-09 21:27 - 00161304 _____ C:\Windows\system32\hsa-thunk64.dll
2015-11-28 14:46 - 2015-10-09 21:27 - 00151576 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-11-28 14:46 - 2015-10-09 21:27 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-11-28 14:46 - 2015-10-09 21:27 - 00126480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-11-28 14:46 - 2015-10-09 21:27 - 00117776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-11-28 14:46 - 2015-10-09 21:27 - 00098320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-11-28 14:46 - 2015-10-09 21:26 - 00243728 _____ C:\Windows\system32\clinfo.exe
2015-11-28 14:46 - 2015-10-09 21:26 - 00012816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2015-11-28 14:46 - 2015-10-09 21:26 - 00012816 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2015-11-28 14:46 - 2015-10-09 21:25 - 30567440 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-11-28 14:46 - 2015-10-09 21:25 - 25066000 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-11-28 14:46 - 2015-10-09 21:25 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2015-11-28 14:46 - 2015-10-09 21:25 - 00199696 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-11-28 14:46 - 2015-10-09 21:25 - 00059920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2015-11-28 14:46 - 2015-10-09 21:24 - 21528600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-28 14:46 - 2015-10-09 21:24 - 15725584 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 14310928 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 00493584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-11-28 14:46 - 2015-10-09 21:24 - 00219160 _____ C:\Windows\system32\atieah64.exe
2015-11-28 14:46 - 2015-10-09 21:24 - 00198168 _____ C:\Windows\SysWOW64\atieah32.exe
2015-11-28 14:46 - 2015-10-09 21:24 - 00193552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 00114192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 00099344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 00099344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 00071192 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 00060952 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-11-28 14:46 - 2015-10-09 21:24 - 00038416 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-11-28 14:46 - 2015-10-09 21:23 - 47794200 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-11-28 14:46 - 2015-10-09 21:23 - 00943128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-11-28 14:46 - 2015-10-09 21:23 - 00394264 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-11-28 14:46 - 2015-10-09 21:23 - 00064536 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-11-28 14:46 - 2015-10-09 21:23 - 00061976 _____ C:\Windows\system32\amdverag.dll
2015-11-28 14:46 - 2015-10-09 21:23 - 00057872 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-11-28 14:46 - 2015-10-09 21:23 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-11-28 14:46 - 2015-10-09 21:22 - 27544592 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-11-28 14:46 - 2015-10-09 21:21 - 06354456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-11-28 14:46 - 2015-10-09 21:21 - 01196072 _____ C:\Windows\system32\amdocl_as64.exe
2015-11-28 14:46 - 2015-10-09 21:21 - 01070632 _____ C:\Windows\system32\amdocl_ld64.exe
2015-11-28 14:46 - 2015-10-09 21:21 - 01004072 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-11-28 14:46 - 2015-10-09 21:21 - 00807464 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-11-28 14:46 - 2015-10-09 21:21 - 00059416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-11-28 14:46 - 2015-10-09 21:21 - 00047128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-11-28 14:46 - 2015-10-09 21:20 - 05138456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-11-28 14:46 - 2015-10-09 21:20 - 00305400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-11-28 14:46 - 2015-10-09 21:20 - 00237584 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-11-28 14:46 - 2015-10-09 21:20 - 00209936 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-11-28 14:46 - 2015-10-09 21:20 - 00073752 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-28 14:46 - 2015-10-09 21:20 - 00068112 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-28 14:46 - 2015-10-09 18:27 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-11-28 14:46 - 2015-10-09 18:27 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-11-28 14:46 - 2015-10-09 18:27 - 00662480 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-11-28 14:46 - 2015-10-09 18:27 - 00662480 _____ C:\Windows\system32\atiapfxx.blb
2015-11-28 14:46 - 2015-10-09 18:27 - 00177344 _____ C:\Windows\system32\ativce03.dat
2015-11-28 14:46 - 2015-10-09 18:27 - 00100816 _____ C:\Windows\system32\ativce02.dat
2015-11-28 14:46 - 2015-10-09 18:27 - 00020790 _____ C:\Windows\SysWOW64\ativvsnl.dat
2015-11-28 14:46 - 2015-10-09 18:27 - 00020790 _____ C:\Windows\system32\ativvsnl.dat
2015-11-28 14:46 - 2015-10-09 18:27 - 00000025 _____ C:\Windows\SysWOW64\ativvsny.dat
2015-11-28 14:46 - 2015-10-09 18:27 - 00000025 _____ C:\Windows\system32\ativvsny.dat
2015-11-28 14:46 - 2015-10-09 18:26 - 00842001 _____ C:\Windows\system32\amdicdxx.dat
2015-11-28 14:46 - 2015-10-09 18:26 - 00175648 _____ C:\Windows\system32\amde31a.dat
2015-11-28 14:46 - 2015-06-18 05:25 - 01854096 _____ (Logitech, Inc.) C:\Windows\system32\LkmdfCoInst.dll
2015-11-28 14:46 - 2015-06-18 05:25 - 00050832 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LUsbFilt.sys
2015-11-28 14:46 - 2013-11-29 13:41 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2015-11-28 14:43 - 2015-11-28 14:43 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1448714474
2015-11-28 14:42 - 2015-11-28 14:42 - 00003476 _____ C:\Windows\System32\Tasks\DriverPack Notifier
2015-11-28 14:42 - 2015-11-28 14:42 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-28 14:42 - 2015-11-28 14:42 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Yandex
2015-11-28 14:42 - 2015-11-28 14:42 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\DriverPack Notifier
2015-11-28 14:42 - 2015-11-28 14:42 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\Xpom
2015-11-28 14:42 - 2015-11-28 14:42 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\Nichrome
2015-11-28 14:42 - 2015-11-28 14:42 - 00000000 ____D C:\Program Files (x86)\DriverPack Notifier
2015-11-28 14:41 - 2015-11-28 14:41 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Opera Software
2015-11-28 14:41 - 2015-11-28 14:41 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\Opera Software
2015-11-28 14:14 - 2015-11-28 14:36 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\DRPSu
2015-11-28 14:14 - 2015-11-28 14:14 - 02038896 _____ C:\Users\kasutaja66\Downloads\DriverPack-Online_1754040574.1448712653.exe
2015-11-27 11:57 - 2015-11-27 11:57 - 00001231 _____ C:\Users\Public\Desktop\CodecInstaller.lnk
2015-11-27 11:57 - 2015-11-27 11:57 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\JockerSoft
2015-11-27 11:57 - 2015-11-27 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecInstaller
2015-11-27 11:57 - 2015-11-27 11:57 - 00000000 ____D C:\Program Files (x86)\JockerSoft
2015-11-27 11:51 - 2015-11-27 11:51 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-11-27 11:46 - 2015-11-27 11:46 - 00000000 ____D C:\Users\kasutaja66\Downloads\family.guy.s00.e00.a.shot.in.the.dark.().eng.1cd.(6383576)
2015-11-27 11:45 - 2015-11-27 11:45 - 00016636 _____ C:\Users\kasutaja66\Downloads\family.guy.s00.e00.a.shot.in.the.dark.().eng.1cd.(6383576).zip
2015-11-27 11:39 - 2015-11-27 11:45 - 00000000 ____D C:\Users\kasutaja66\Downloads\Family.Guy.S14E07.720p.HDTV.x264-0SEC[rarbg]
2015-11-27 11:39 - 2015-11-27 11:42 - 00000000 ____D C:\Users\kasutaja66\Downloads\Family.Guy.S14E06.HDTV.x264-KILLERS[ettv]
2015-11-27 00:48 - 2015-11-27 00:48 - 00135279 _____ C:\Users\kasutaja66\Downloads\Md5Checker.zip
2015-11-27 00:48 - 2015-11-27 00:48 - 00000000 ____D C:\Users\kasutaja66\Downloads\Md5Checker
2015-11-26 22:37 - 2015-11-29 14:35 - 00000080 _____ C:\Users\kasutaja66\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-11-26 22:37 - 2015-11-26 22:37 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\Rockstar Games
2015-11-26 22:36 - 2015-11-27 01:53 - 00000000 ____D C:\Program Files\Rockstar Games
2015-11-26 22:36 - 2015-11-27 01:53 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-11-25 21:00 - 2015-11-25 21:00 - 00000222 _____ C:\Users\kasutaja66\Desktop\Grand Theft Auto V.url
2015-11-25 18:57 - 2015-11-25 18:57 - 00011491 _____ C:\Users\kasutaja66\Downloads\46_litsentsileping_Helme.bdoc
2015-11-25 15:33 - 2015-11-25 15:37 - 00000000 ____D C:\Users\kasutaja66\Downloads\The Man In The High Castle S01 WEBRip XviD-FUM[ettv]
2015-11-24 09:39 - 2015-11-24 09:39 - 00000000 __SHD C:\found.025
2015-11-19 14:18 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-19 14:18 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-19 13:39 - 2015-11-19 13:39 - 00000000 ____D C:\Windows\CheckSur
2015-11-19 13:21 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-11-19 13:21 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-19 13:21 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-11-19 13:21 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-11-19 13:21 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-11-19 13:21 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-11-19 13:21 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-11-19 13:21 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-11-19 13:21 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-19 13:21 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-11-19 13:21 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-11-19 13:21 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-11-19 13:21 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-11-19 13:21 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-11-19 13:21 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-11-19 13:21 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-11-19 13:21 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-11-19 13:21 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-11-19 13:21 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-11-19 13:21 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-11-19 13:21 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-11-19 13:21 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-11-19 13:21 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-11-19 13:21 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-11-19 13:21 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-11-19 13:21 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-11-19 13:21 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-11-19 13:21 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-11-19 13:21 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-11-19 13:20 - 2015-10-20 03:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-19 13:20 - 2015-10-20 03:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-19 13:20 - 2015-10-20 03:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-19 13:20 - 2015-10-20 03:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-19 13:20 - 2015-10-20 03:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-19 13:20 - 2015-10-20 03:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-19 13:20 - 2015-10-20 03:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-19 13:20 - 2015-10-20 03:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-19 13:20 - 2015-10-20 03:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-19 13:20 - 2015-10-20 03:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-19 13:20 - 2015-10-20 03:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-19 13:20 - 2015-10-20 03:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-19 13:20 - 2015-10-20 03:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-19 13:20 - 2015-10-20 03:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-19 13:20 - 2015-10-20 03:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-19 13:20 - 2015-10-20 02:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-19 13:20 - 2015-10-20 02:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-19 13:20 - 2015-10-20 02:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-19 13:20 - 2015-10-20 02:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-19 13:20 - 2015-10-20 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-19 13:20 - 2015-10-20 02:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-19 13:20 - 2015-10-20 02:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-19 13:20 - 2015-10-20 02:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-19 13:20 - 2015-10-20 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-19 13:20 - 2015-10-20 02:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-19 13:20 - 2015-10-20 02:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-19 13:20 - 2015-10-20 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-19 13:20 - 2015-10-20 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 02:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 01:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-19 13:20 - 2015-10-20 01:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-19 13:20 - 2015-10-20 01:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-19 13:20 - 2015-10-20 01:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-19 13:20 - 2015-10-20 01:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-19 13:20 - 2015-10-20 01:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 01:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 01:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-19 13:20 - 2015-10-20 01:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-19 13:20 - 2015-09-23 15:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-19 13:20 - 2015-09-23 15:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-19 13:20 - 2015-09-23 15:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-19 13:20 - 2015-08-06 20:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-11-19 13:20 - 2015-08-06 20:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-11-19 13:20 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-11-19 13:20 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-11-19 13:20 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-11-19 13:20 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-11-19 13:20 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-11-19 13:20 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-11-19 13:19 - 2015-11-04 00:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-19 13:19 - 2015-11-03 23:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-19 13:19 - 2015-10-31 01:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-19 13:19 - 2015-10-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-19 13:19 - 2015-10-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-19 13:19 - 2015-10-31 01:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-19 13:19 - 2015-10-31 01:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-19 13:19 - 2015-10-31 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-19 13:19 - 2015-10-31 01:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-19 13:19 - 2015-10-31 01:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-19 13:19 - 2015-10-31 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-19 13:19 - 2015-10-31 01:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-19 13:19 - 2015-10-31 01:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-19 13:19 - 2015-10-31 01:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-19 13:19 - 2015-10-31 01:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-19 13:19 - 2015-10-31 01:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-19 13:19 - 2015-10-31 01:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-19 13:19 - 2015-10-31 01:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-19 13:19 - 2015-10-31 01:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-19 13:19 - 2015-10-31 01:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-19 13:19 - 2015-10-31 01:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-19 13:19 - 2015-10-31 00:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-19 13:19 - 2015-10-31 00:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-19 13:19 - 2015-10-31 00:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-19 13:19 - 2015-10-31 00:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-19 13:19 - 2015-10-31 00:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-19 13:19 - 2015-10-31 00:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-19 13:19 - 2015-10-31 00:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-19 13:19 - 2015-10-31 00:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-19 13:19 - 2015-10-31 00:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-19 13:19 - 2015-10-31 00:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-19 13:19 - 2015-10-31 00:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-19 13:19 - 2015-10-31 00:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-19 13:19 - 2015-10-31 00:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-19 13:19 - 2015-10-31 00:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-19 13:19 - 2015-10-31 00:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-19 13:19 - 2015-10-31 00:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-19 13:19 - 2015-10-31 00:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-19 13:19 - 2015-10-31 00:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-19 13:19 - 2015-10-31 00:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-19 13:19 - 2015-10-31 00:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-19 13:19 - 2015-10-31 00:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-19 13:19 - 2015-10-31 00:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-19 13:19 - 2015-10-31 00:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-19 13:19 - 2015-10-31 00:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-19 13:19 - 2015-10-31 00:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-19 13:19 - 2015-10-31 00:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-19 13:19 - 2015-10-31 00:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-19 13:19 - 2015-10-31 00:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-19 13:19 - 2015-10-31 00:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-19 13:19 - 2015-10-31 00:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-19 13:19 - 2015-10-31 00:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-19 13:19 - 2015-10-31 00:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-19 13:19 - 2015-10-31 00:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-19 13:19 - 2015-10-31 00:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-19 13:19 - 2015-10-31 00:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-19 13:19 - 2015-10-31 00:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-19 13:19 - 2015-10-31 00:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-19 13:19 - 2015-10-31 00:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-19 13:19 - 2015-10-31 00:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-19 13:19 - 2015-10-30 23:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-19 13:19 - 2015-10-30 23:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-19 13:19 - 2015-10-30 23:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-19 13:19 - 2015-10-30 23:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-19 13:19 - 2015-10-20 20:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-19 13:19 - 2015-10-20 20:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-19 13:19 - 2015-10-20 20:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-19 13:19 - 2015-10-20 20:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-19 13:19 - 2015-10-20 20:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-19 13:19 - 2015-10-20 20:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-19 13:19 - 2015-10-20 20:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-19 13:19 - 2015-10-20 20:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-19 13:19 - 2015-10-20 20:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-19 13:19 - 2015-10-20 20:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-19 13:19 - 2015-10-20 20:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-19 13:19 - 2015-10-20 19:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-19 13:19 - 2015-10-20 19:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-19 13:19 - 2015-10-20 19:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-19 13:19 - 2015-10-20 19:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-19 13:19 - 2015-10-20 19:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-19 13:19 - 2015-10-01 20:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-19 13:19 - 2015-10-01 20:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-19 13:19 - 2015-10-01 20:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-19 13:19 - 2015-10-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-19 13:19 - 2015-10-01 20:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-19 13:19 - 2015-10-01 20:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-19 13:19 - 2015-10-01 20:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-19 13:19 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-19 13:19 - 2015-10-01 19:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-19 13:19 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-11-19 13:19 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-11-19 13:19 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-11-19 13:19 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-11-19 13:19 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-11-19 13:19 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-11-19 13:19 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-11-19 13:19 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-11-19 13:19 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-11-19 13:19 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-11-19 13:19 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-11-19 13:19 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-11-19 13:19 - 2015-06-03 22:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-11-19 13:19 - 2015-06-03 22:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-19 13:19 - 2015-06-03 22:16 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-19 13:19 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-19 13:19 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-19 13:18 - 2015-07-15 05:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-11-19 13:18 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-11-19 13:17 - 2015-11-03 19:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-19 13:17 - 2015-10-13 18:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-19 13:17 - 2015-10-13 18:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-19 13:17 - 2015-10-13 06:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-19 13:17 - 2015-10-01 20:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-19 13:17 - 2015-10-01 20:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-19 13:17 - 2015-10-01 19:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-19 13:17 - 2015-08-05 19:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-11-19 13:17 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-11-19 13:17 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-11-19 13:17 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-11-19 13:17 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-11-19 13:17 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-11-19 13:17 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-11-19 13:17 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-11-19 13:17 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-11-19 13:17 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-11-19 13:17 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-11-19 13:17 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-11-19 13:17 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-11-19 13:17 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-11-19 13:17 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-11-19 13:17 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-11-19 13:17 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-11-19 13:17 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-11-19 13:17 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-19 13:17 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-19 13:17 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-11-19 13:17 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-11-19 13:17 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-11-19 13:17 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-11-19 13:17 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-11-19 13:17 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-11-19 13:17 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-11-19 13:17 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-11-19 13:17 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-11-19 13:17 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-11-19 13:17 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-11-19 13:17 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-11-19 13:17 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-11-19 13:17 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-11-19 13:17 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-11-19 13:17 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-11-19 13:17 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-11-19 13:17 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-11-19 13:17 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-11-19 13:17 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-11-19 13:17 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-11-19 13:17 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-11-19 13:17 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-11-19 13:17 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-11-19 13:16 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-11-19 13:14 - 2015-07-16 21:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-11-19 13:14 - 2015-07-16 21:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-11-19 13:14 - 2015-07-16 21:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-11-19 13:14 - 2015-07-16 21:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-11-19 13:14 - 2015-07-16 21:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-11-19 13:14 - 2015-07-16 21:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-11-19 13:14 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-11-19 13:14 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-11-19 13:14 - 2015-06-03 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-11-19 13:14 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-11-19 13:14 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-11-19 13:14 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-11-19 13:14 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-11-19 13:04 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-11-19 13:04 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-11-02 23:41 - 2015-11-02 23:47 - 00000000 ____D C:\Users\kasutaja66\Downloads\Editors - In Dream (Deluxe Edition) [2015] [MP3-320Kbps] [CBR] [sn3h1t87] [GloDLS]
2015-11-02 16:43 - 2015-11-02 16:43 - 00000000 ____D C:\Users\kasutaja66\Downloads\Penny.Dreadful.S02E04.HDTV.x264-B10
2015-11-02 16:43 - 2015-11-02 16:43 - 00000000 ____D C:\Users\kasutaja66\Downloads\Penny.Dreadful.S02E03.HDTV.x264-B10
2015-11-01 13:36 - 2015-11-01 13:44 - 00000000 ____D C:\Users\kasutaja66\Downloads\Nazis.at.the.Center.of.the.Earth.2012.BRRip.XviD.Ac3.Feel-Free
2015-10-31 17:43 - 2015-10-31 17:43 - 00000222 _____ C:\Users\kasutaja66\Desktop\Assassin's Creed IV Black Flag.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-30 00:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2015-11-30 00:43 - 2013-09-08 11:35 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-30 00:23 - 2014-08-01 22:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-30 00:13 - 2015-05-13 17:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-29 23:53 - 2015-02-02 23:22 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000UA.job
2015-11-29 23:53 - 2015-02-02 23:22 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000Core.job
2015-11-29 16:23 - 2014-08-01 22:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 14:34 - 2011-07-01 10:00 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Skype
2015-11-29 13:46 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-29 13:46 - 2009-07-14 06:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-29 13:34 - 2014-07-04 13:39 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Raptr
2015-11-29 13:32 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-29 12:35 - 2015-09-30 16:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 12:35 - 2015-09-30 16:13 - 00002054 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-29 12:22 - 2013-11-12 22:23 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-29 12:20 - 2014-03-08 01:51 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\TSVNCache
2015-11-29 12:19 - 2012-05-04 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-28 19:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2015-11-28 18:35 - 2015-07-07 16:39 - 00000000 __SHD C:\Users\kasutaja66\AppData\Local\EmieBrowserModeList
2015-11-28 18:35 - 2014-06-03 08:36 - 00000000 __SHD C:\Users\kasutaja66\AppData\Local\EmieUserList
2015-11-28 18:35 - 2014-06-03 08:36 - 00000000 __SHD C:\Users\kasutaja66\AppData\Local\EmieSiteList
2015-11-28 18:34 - 2014-10-09 10:42 - 00000000 __SHD C:\Users\kasutaja66\AppData\LocalLow\EmieUserList
2015-11-28 18:34 - 2014-10-09 10:42 - 00000000 __SHD C:\Users\kasutaja66\AppData\LocalLow\EmieSiteList
2015-11-28 17:35 - 2012-01-15 23:05 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\BitTorrent
2015-11-28 16:24 - 2013-11-17 13:03 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\vlc
2015-11-28 14:54 - 2012-02-12 18:33 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-11-28 14:42 - 2011-06-16 17:45 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-27 11:53 - 2012-01-07 17:51 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\ElevatedDiagnostics
2015-11-27 00:52 - 2012-01-18 21:15 - 02707456 ___SH C:\Users\kasutaja66\Downloads\Thumbs.db
2015-11-26 22:37 - 2012-01-30 20:02 - 00000000 ____D C:\Users\kasutaja66\Documents\Rockstar Games
2015-11-25 20:51 - 2013-09-08 20:46 - 00000000 ____D C:\Users\kasutaja66\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-23 18:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-11-22 05:04 - 2012-05-16 00:06 - 00000000 ____D C:\Users\kasutaja66\Downloads\Twilight Soundtrack - Eclipse
2015-11-22 03:27 - 2014-07-04 13:39 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-11-20 09:37 - 2009-07-14 07:13 - 00799302 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-20 09:27 - 2013-03-02 22:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-20 09:27 - 2013-03-02 22:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-20 09:27 - 2009-07-14 06:45 - 00298160 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-20 02:33 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-20 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-11-20 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-11-20 02:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-19 14:31 - 2013-07-15 09:27 - 00000000 ____D C:\Windows\system32\MRT
2015-11-19 14:18 - 2013-03-02 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-19 14:10 - 2013-01-26 11:40 - 00791424 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-19 13:02 - 2014-08-11 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-19 13:02 - 2014-08-11 19:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-19 13:02 - 2013-10-16 22:02 - 00000000 ____D C:\ProgramData\Oracle
2015-11-19 13:01 - 2015-08-27 09:42 - 00000000 ____D C:\Users\kasutaja66\.oracle_jre_usage
2015-11-19 13:01 - 2014-08-11 19:12 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-13 23:33 - 2013-10-15 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
2015-11-12 08:25 - 2011-07-01 10:00 - 00000000 ____D C:\ProgramData\Skype
2015-11-11 18:14 - 2015-05-13 17:24 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 18:14 - 2015-05-13 17:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:14 - 2015-05-13 17:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 18:13 - 2013-09-21 11:57 - 05286088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-11-01 11:02 - 2013-10-15 21:53 - 00000000 ____D C:\Users\kasutaja66\AppData\Local\Risen2
2015-10-31 20:10 - 2015-04-09 22:49 - 00000000 ____D C:\Users\kasutaja66\Documents\Survarium-Steam

==================== Files in the root of some directories =======

2014-09-24 11:04 - 2014-09-24 11:04 - 0063338 _____ () C:\Users\kasutaja66\AppData\Roaming\icarus-dxdiag.xml
2013-06-08 14:31 - 2013-06-08 14:31 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995

Some files in TEMP:
====================
C:\Users\kasutaja66\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-23 18:22

==================== End of FRST.txt ============================
Keefan is offline  
Old 11-29-2015, 02:52 PM   #5
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



And here is the second one:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-11-2015
Ran by kasutaja66 (2015-11-30 00:48:15)
Running from C:\Users\kasutaja66\Desktop
Windows 7 Home Premium Service Pack 3 (X64) (2011-06-09 08:11:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2796324459-3983397100-315245851-500 - Administrator - Disabled)
Guest (S-1-5-21-2796324459-3983397100-315245851-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2796324459-3983397100-315245851-1002 - Limited - Enabled)
kasutaja66 (S-1-5-21-2796324459-3983397100-315245851-1000 - Administrator - Enabled) => C:\Users\kasutaja66

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnalogX CacheBooster (HKLM-x32\...\AnalogX CacheBooster) (Version: - AnalogX)
Application Profiles (HKLM-x32\...\{FEE83A6D-7E16-ECAB-D10F-0B5813D2799E}) (Version: 2.0.4182.33919 - Advanced Micro Devices, Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version: - Ubisoft Montreal)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AVG 2014 (Version: 14.0.3614 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
CodecInstaller 2.10.4 (HKLM-x32\...\CodecInstaller) (Version: 2.10.4 - JockerSoft)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)
Defiance (HKLM-x32\...\Steam App 224600) (Version: - Trion Worlds, Inc.)
DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 1.3 - DriverPack Solution)
Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland)
Eesti ID-kaardi tarkvara 3.11.1.1599 (64 bit) (HKLM\...\{008C8FFD-83EA-44E2-A996-A1295EB9B38B}) (Version: 3.11.1.1599 - RIA)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version: - Frontier Developments)
eMule (HKLM-x32\...\eMule) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.12.11.26 - CURIOLAB S.M.B.A.)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Fotogalerii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galactic Civilizations II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version: - Stardock Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JetBoost (HKLM-x32\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Mars: War Logs (HKLM-x32\...\Steam App 232750) (Version: - Spiders)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Excel 2010 (HKLM\...\Office14.EXCEL) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0016-0000-1000-0000000FF1CE}_Office14.EXCEL_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 ru) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 ru)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
Nether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.21.2812 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Please, Don’t Touch Anything (HKLM-x32\...\Steam App 354240) (Version: - Four Quarters)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Remember Me (HKLM-x32\...\Steam App 228300) (Version: - DONTNOD Entertainment)
Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Sheltered (HKLM-x32\...\Steam App 356040) (Version: - Unicube)
Should I Remove It (HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version: - Little Green Men Games)
STDU Viewer version 1.5.647.0 (HKLM-x32\...\STDU Viewer_is1) (Version: 1.5.647.0 - STDUtility)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Survarium (HKLM-x32\...\Steam App 355840) (Version: - Vostok Games)
Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.32b - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
The Secret World (HKLM-x32\...\Steam App 215280) (Version: - Funcom)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
TortoiseSVN 1.8.5.25224 (64 bit) (HKLM\...\{57FCA88C-D94A-490A-B8C6-8ECC3A9A48D2}) (Version: 1.8.25224 - TortoiseSVN)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version: - Ubisoft Montpellier)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version: - SEGA)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Victoria 2 (HKLM-x32\...\{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-bitine) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bitine) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
World of Tanks (HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version: - Wargaming.net)
World of Warships (HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2796324459-3983397100-315245851-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\kasutaja66\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2796324459-3983397100-315245851-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\kasutaja66\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

26-11-2015 01:18:27 Scheduled Checkpoint
28-11-2015 17:49:05 Removed I Am Alive.
29-11-2015 12:31:22 Revo Uninstaller's restore point - Adobe Acrobat Reader DC - Deutsch

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D3F368D-D05C-49D1-93B3-7D1D5F287D05} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-11-28] (Enigma Software Group USA, LLC.)
Task: {2064E36F-6DB0-4B3D-85E0-90448256C938} - System32\Tasks\{A71CEDDE-14C6-43C3-81DC-5D80956C47E7} => C:\World of Tanks\WorldOfTanks.exe
Task: {2EA1A05E-E297-405E-AF4C-C47443F4FEFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000UA => C:\Users\kasutaja66\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {30AAFE68-AED5-4C9A-80C0-7108A386DE8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5B86C63A-6524-4281-BD6F-4AF6322579B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {63FC0EE2-4022-48EC-B0C6-ED55760B67D5} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {6ACF1C97-40C6-4BD4-AA47-502741FE15EA} - System32\Tasks\id updater task => id-updater.exe
Task: {6E59FA48-6F72-4DDD-8722-D61687F533E3} - System32\Tasks\{232E0771-2B33-4F16-8B64-662E93111750} => C:\Users\kasutaja66\Downloads\day_z_keygen\day_z_keygen.exe
Task: {7A5D3D48-F13D-48D7-92F6-AD2C4BB992F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {93003542-57F6-4A9D-A7D0-E6E4EC8456D3} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {993017A7-F82D-4DC8-BD50-E7D2E271DBC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {A55FCF84-C201-4C6F-AC0B-CB928FE64B7A} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {AD513C9D-8177-4984-8E71-606A9D3005AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {BA5DCC1D-FE65-46FC-A296-CC1C4A000320} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000Core => C:\Users\kasutaja66\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C5C5790C-C21A-4942-A80A-F35E1A969E4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {CDDE8FD1-054A-4A89-A4B2-50B94F7B4668} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {D0EFD4A5-6B68-41C0-B70A-0634656C3CA6} - System32\Tasks\{6718B550-FB4C-4AF5-B75C-A457F957942D} => C:\Games\World_of_Tanks\WOTLauncher.exe [2015-10-20] (Wargaming.net)
Task: {D63BD308-AC03-4335-9B56-DF4E3FCA467E} - System32\Tasks\{D22D9D64-C67E-4FCD-971E-A146EC9F326C} => pcalua.exe -a C:\Skyirm\install.exe -d C:\Skyirm
Task: {D9546E51-A169-4B0C-B9C8-0D3541C56950} - System32\Tasks\Opera scheduled Autoupdate 1448714474 => C:\Program Files (x86)\Opera\launcher.exe
Task: {E01F6E79-4BDC-4698-B127-0715F2C87841} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {F1D48B9D-B176-4738-882C-EE1F31C66A5E} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe [2015-10-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000Core.job => C:\Users\kasutaja66\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000UA.job => C:\Users\kasutaja66\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-02-18 21:16 - 2014-02-18 21:16 - 00076016 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-02-18 21:16 - 2014-02-18 21:16 - 00088816 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2013-01-14 23:17 - 2015-01-28 01:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2015-08-24 20:28 - 2015-08-24 20:28 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1061.dll
2015-07-01 22:33 - 2015-07-01 22:33 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 22:33 - 2015-07-01 22:33 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-29 12:24 - 2015-11-29 12:24 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112900\algo.dll
2015-07-01 22:33 - 2015-07-01 22:33 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2015-10-21 22:29 - 2015-10-21 22:29 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2015-11-20 01:45 - 2015-11-20 01:45 - 02610944 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2015-06-27 01:09 - 2015-06-27 01:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-02-18 20:32 - 2014-02-18 20:32 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-02-18 20:32 - 2014-02-18 20:32 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-10-06 11:49 - 2015-10-05 18:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 23:29 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 23:29 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 23:29 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-10-06 11:49 - 2015-11-10 04:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2014-10-06 11:48 - 2015-09-24 02:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-06 11:48 - 2015-09-24 02:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-06 11:48 - 2015-09-24 02:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-06 11:48 - 2015-09-24 02:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-06 11:48 - 2015-09-24 02:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-10-06 11:49 - 2015-11-10 04:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:44 - 2015-11-04 00:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2014-10-06 11:48 - 2015-10-09 00:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-19 23:29 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\kasutaja66:Heroes & Generals
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2796324459-3983397100-315245851-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\kasutaja66\AppData\Roaming\Mozilla\Firefox\Taustapilt.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: RGSC => C:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BBE511DA-74AF-4921-88E7-C15171CFE20F}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{23F0507F-1B50-421E-A4BB-C352FC500347}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{F113BC52-BFC5-4521-B3E5-5D65C922B8BA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A222C75B-C1A6-4F63-88A1-B56874C4DBBD}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{C0A23F5D-0E89-49CF-9E45-702854E47F3C}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{7414D558-B530-4DAC-8B0A-21543B9A90B8}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{21A0F2FF-F4CB-4AC9-A525-4F4AEBF9D87D}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{9789D67E-9458-49CC-94F0-5F6B7BDCD15A}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{419A55DF-9650-4BB8-B086-A0B64C082E6E}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{A84DF30C-E196-4BD1-86FC-D3A1030BC675}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [UDP Query User{A50ABE3F-B054-4500-8F57-B09A7467B678}C:\games\world_of_warplanes\worldofwarplanes.exe] => (Allow) C:\games\world_of_warplanes\worldofwarplanes.exe
FirewallRules: [{274B4D50-8E9E-4BF2-A48F-DD1E9E029905}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A56BF81A-F2A2-4A16-901A-D2E23E0546D2}] => (Allow) LPort=2869
FirewallRules: [{E7D8780D-A733-49C4-A5E8-DAC54B86FDEF}] => (Allow) LPort=1900
FirewallRules: [{9A02D992-997A-4EE0-89B5-4BEED915D763}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{72B8053B-4699-4498-9025-48494F485074}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{D3C02B65-BD38-407B-BA17-A3CDF805C9C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3857659E-5E79-48F7-9DE3-27606BD919B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{E698724C-EB42-41D0-A320-048741B5AD5B}C:\nether\nether\binaries\win64\nether.exe] => (Allow) C:\nether\nether\binaries\win64\nether.exe
FirewallRules: [UDP Query User{EC3E52C6-D496-4FE5-B737-283D9BB03185}C:\nether\nether\binaries\win64\nether.exe] => (Allow) C:\nether\nether\binaries\win64\nether.exe
FirewallRules: [TCP Query User{6DF246E7-D6B5-4231-B182-B15E939C40AD}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{642B43F2-8811-4D5D-92E2-8E438C86F7F0}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{144D4F2A-BDDB-47BF-80A9-D182B94C851D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{4CC85DEC-B2A8-41E7-A305-27A7674990EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{5294D2B5-FF9B-4286-8528-F65FED1FD677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Secret World\ClientPatcher.exe
FirewallRules: [{5DBD473C-4064-47DD-991C-078327E8D1F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Secret World\ClientPatcher.exe
FirewallRules: [{405933D7-5948-4E9A-B9B6-06169448A513}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{D4BBBEC7-00BB-4548-AABF-86DDE78AD44F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{88A015A8-FE20-4EA5-94FA-3B865F8C86F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{5BFB6D2B-56E0-4AB4-9C69-6D9584CB14F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{805B4EC4-222B-41A1-B73E-F39DAD9BDD4B}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{5483F316-2A6C-4477-802E-0FF25C6D33F8}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{FE670936-06B7-4EAC-A73D-A29273D85D51}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4_server.exe
FirewallRules: [UDP Query User{0675718E-39D6-4720-BB38-1E358B52D4DC}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4_server.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4_server.exe
FirewallRules: [TCP Query User{1A451B30-B7D1-4015-B665-FC404FA8ABD4}C:\program files (x86)\steam\steamapps\common\nether\game\binaries\win64\nether.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nether\game\binaries\win64\nether.exe
FirewallRules: [UDP Query User{6D4841D0-AF46-46D9-9B4F-F512BB357238}C:\program files (x86)\steam\steamapps\common\nether\game\binaries\win64\nether.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\nether\game\binaries\win64\nether.exe
FirewallRules: [{C9816658-A7B2-4A58-91AC-032333379CA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations II - Ultimate Edition\Twilight\GC2TwilightOfTheArnor.exe
FirewallRules: [{BD93AA6D-4108-458B-A72A-9EA153211898}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations II - Ultimate Edition\Twilight\GC2TwilightOfTheArnor.exe
FirewallRules: [{1048F89C-B02B-46FE-B264-756BC023C382}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{87DB02D8-1089-4BCC-9987-0B816BDCD7C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{FFCA5A41-960D-42FA-B7F2-8C89B905093C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{B2F5FE9F-CC50-4DCF-9BF1-58E0E0FF0FAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{A35EE400-8674-4206-A0B5-D79DE7EA39FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8D8656B6-6997-402E-BEE0-F363E6B6CFF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B9C21621-C149-475B-B5A1-CC3A0E593F20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{C13B7084-17F5-4EA0-A7EF-33ACE3561384}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{C5CD4C37-7467-446B-88C3-04824D62B92B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{4079E296-98A4-45DA-BB10-911AFE4724CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{015F46AD-F1F4-4176-8056-E23FAA44AA2D}] => (Allow) C:\Users\kasutaja66\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6372DF19-FDD6-4C72-A6FA-6AD270095951}] => (Allow) C:\Users\kasutaja66\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{460406BF-838B-4582-A4F3-ABA8233BCCC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{566A53E3-FD6C-423B-ABBB-48C8D36AE57E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C892C471-5652-4F8A-97EA-D6065EDF7DF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphClient.exe
FirewallRules: [{D768C9B6-70B4-471C-9220-2210A7CAC26E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphClient.exe
FirewallRules: [{084D23E2-BBDA-4255-8BCD-2DC368DF5C74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphClient.exe
FirewallRules: [{75EF09DD-186C-49BA-BA91-B10922323AC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphClient.exe
FirewallRules: [{ADD4CD80-591A-4DE2-AEA7-1A709314FEDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\Games\Defiance\Live\Defiance.exe
FirewallRules: [{FEB04DBC-ACDF-4B5F-A551-661EABA44180}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\Games\Defiance\Live\Defiance.exe
FirewallRules: [{B6BC5D40-BA40-421B-8524-00086C70BF88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphDownloader.exe
FirewallRules: [{D1D043FE-31AE-4378-93B0-E00D63DF1F63}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphDownloader.exe
FirewallRules: [{5DAE25E5-2E0B-47DE-BE9F-E68723382A5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphDownloader.exe
FirewallRules: [{7188463B-52E5-423E-9C71-540138C443AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\GlyphDownloader.exe
FirewallRules: [{C2F150C6-86D0-48A7-8ED7-6E520FE8C04D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6AF4D784-8D62-4BFF-B0E0-BA24A900D61C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{35236D6B-B8E9-41B1-AD57-AA4239F90E24}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{BF7791C7-4E41-4C36-BEE3-5168BF52E99B}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{1D5C0627-6E51-4D95-A8F8-ADD865E33CF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{F62B5107-DF87-4B20-9975-65DBECCB6BDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{5D99D8A3-BF2D-45C0-BCBA-412CD322FE51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D808368E-A348-4942-AFF4-4A2C6FB4352A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{CA5316C2-D3FF-4ED9-9499-EFD334A20BC6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{A7CED83D-201A-4016-B3F1-7FCBFFE70DEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{2CF093E1-9F8E-4925-A068-6E17B5754481}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\Patcher.exe
FirewallRules: [{8B5576A7-AEBD-44FB-87C8-DC2113644168}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Defiance\Patcher.exe
FirewallRules: [{8A6ABF83-A3C7-4858-A69C-04FB2D8FBF6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{67264A02-A3BA-450A-8C44-C1EFCE8F37C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{19E61968-D9B3-460A-A887-BD7F0E7A04AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF16A612-6AE6-404A-8D14-50898F947E1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90353ECE-6DDE-4683-A49D-7E7DB2A0BA76}] => (Allow) C:\Games\SWTOR\launcher.exe
FirewallRules: [{E6050723-943B-47BE-8E5B-007A66A136E2}] => (Allow) C:\Games\SWTOR\launcher.exe
FirewallRules: [{8093A06F-4EEC-4BBC-BEA6-DDE1200F3CFF}] => (Allow) C:\Games\SWTOR\launcher.exe
FirewallRules: [{C81A8992-43EB-4788-8D31-E35BAF6EFAA1}] => (Allow) C:\Games\SWTOR\launcher.exe
FirewallRules: [{C42CB7AF-189D-45AF-9E93-F70C27D58316}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{566FF26A-1AC8-4BA7-85B7-779A39D73CE1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DF0B5822-87DA-486C-90C4-F3EC965429B1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EDD01FDE-8D8F-4758-A29A-E7850A666F40}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{112BD5C2-B1AE-431A-A10F-9D29E6A174DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{C9271DAF-3E12-4C17-9AD7-8E322C3DDD6F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Banished\Application-steam-x64.exe
FirewallRules: [{EF11349E-C054-410C-8EDF-E32EC391097C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{356A76EF-8A71-4B66-8C39-D9E99CA1DD46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{9CDB1326-AD68-4823-B2E3-AE92589C998C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{15358D44-4119-43BA-B689-A1FC6A277DEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{C63852D8-1FD4-4A46-BCA3-D68057A3F4F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{86DEA0BC-8C22-4837-BCF5-A75A72985D00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{8327B6C3-B3ED-450C-B1E6-8E1E495654C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_launcher.exe
FirewallRules: [{6230484F-9C06-425E-B498-E41AD4B272EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{3467C823-E5C1-4E1F-8E45-8473D553ACCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{305202DC-7EA7-4E30-9583-9FEBF46F319C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{915E6190-2035-46F0-8B74-19A2DF55DA64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{B71DBFD1-8AFA-4EAB-ACF3-E810FA930300}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{A6D85982-836E-4EEE-846B-B156F9C68085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [TCP Query User{015FEDC5-C166-470B-BB7B-3A6F9E984D47}C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [UDP Query User{EE500DD4-1525-4897-BB6F-01F4A23D853B}C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\survarium\game\binaries\x86\survarium.exe
FirewallRules: [{5761F9DE-9340-4B19-9B0E-343A9D8BEF65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{5304093E-B68C-44A7-9971-55A846E6C74F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{184C93ED-5E5B-414A-8D6E-76B4F80D07D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{F1DC3867-3170-45F7-9141-A540BAEE2E42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{34774DAB-D558-4F85-B198-B264156108DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{E6CD0188-29FC-4E1F-BFF2-026D817809F4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{E07694EC-7952-453A-B681-142D21860F29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Please, Don’t Touch Anything\donttouchanything.exe
FirewallRules: [{0A347617-3251-4E11-B8A8-9A7408DDACC9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Please, Don’t Touch Anything\donttouchanything.exe
FirewallRules: [{B62A544A-45A9-4CEA-B915-A89F2AAB7C55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{95E1241A-115A-48F7-AAB8-F38CC702F7F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{06414450-9CB1-41FA-AAC6-2F0E270A6677}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{00BEABFE-7CC2-4A05-88F7-0DEE9DD60AFE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{2EC1CF52-E626-4332-960E-11A7B88A4259}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{74909B0D-339A-4168-988E-514400F2D17A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [TCP Query User{0D325D26-65F8-4EC8-95CB-B47AE7C36714}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{5037D7E3-13CD-45BB-AD2B-23069309447F}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{221CC9F9-3FE9-4367-9A2D-E20D46DBC258}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{40EA9BA3-BB49-45FB-8F3C-D0C6DCBC4392}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{D2F03322-0042-424B-84DA-D4BF60A9E445}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A693789E-5D7A-4201-9E4C-90CEBCF78931}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{161B0C8B-CB4C-4628-B67B-7FFC413F9E9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [{257E5561-4F43-4B06-BDF0-2507778C3719}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crusader Kings II\CK2game.exe
FirewallRules: [TCP Query User{945AAEBB-D220-4CF3-AA3D-C2E9E526B363}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{C198C8E0-2D77-4E93-8DB4-C4D9DED037F4}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{85ED5A62-B99C-46ED-8757-B7C97163A056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mars War Logs\MarsWarLogs.exe
FirewallRules: [{FA20BA75-D4CB-4D09-B13A-F778DD7EE2C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mars War Logs\MarsWarLogs.exe
FirewallRules: [{C8EC39A6-7FC8-4A48-A79A-04A1218A3DAE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{C268F21B-FBAF-4AA0-8D42-0E0A484D8690}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{C6D90E0B-78B3-45BA-A694-B3D0EEF127EC}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{F918A026-3F5A-4542-8CC1-C71BF5B509F3}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{37399948-12FE-4FF2-8245-D3D9EDF68131}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{1775E28D-A884-462A-B47C-48E29654CDB5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{77B9FDD8-9B5B-429F-BF2D-1307E6A5E53B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sheltered\Sheltered.exe
FirewallRules: [{295B29C0-A222-4794-B4C6-87F79C55EA55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sheltered\Sheltered.exe
FirewallRules: [{DF76B93D-C197-443B-B207-C40B7FABBD9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{1EF85EE7-3677-4484-A132-82E22B5378E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [TCP Query User{87E93461-9D4E-4D1B-A965-94F4F3143B4A}C:\users\kasutaja66\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\kasutaja66\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
FirewallRules: [UDP Query User{9DCF0255-D1F5-4553-AB3B-39731600D116}C:\users\kasutaja66\appdata\roaming\bittorrent\updates\7.9.5_41203.exe] => (Allow) C:\users\kasutaja66\appdata\roaming\bittorrent\updates\7.9.5_41203.exe
FirewallRules: [{8692DF91-1565-46A3-A829-A359CD213ED1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{38B8F2B5-10C7-4D89-AB60-3C483F03DB88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{9898BBB9-A710-4149-8000-D3FC55A1C57D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{90F0C784-60C4-4894-9FB3-CF5441302C7D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{E6C818B9-5990-449C-A4B4-A4C4C25CAC5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{88ECA7F1-8401-42C1-A950-4C043D4DCB55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{28A34A3F-BA14-462F-913B-0708FB221A22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{2B527257-9818-40A7-9977-1BA28A298BA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{F98B4B76-9E9F-49DD-971F-DAF84E66D65F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{405D66B1-F6EF-494E-8759-00B9287BBD52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F848C8A0-842F-4F67-8688-841339C5F875}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{73E172A2-6828-4270-A775-E72B17457A3D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E60B2EE2-129B-4C2B-9F80-980F107C09ED}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D369207E-33C7-4BF7-9F53-B1B771355D02}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{00BD7828-F80D-4ADB-B10D-D62EA10A1D1E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DD36A8AE-A832-41D9-A1CF-02EEFBB1D4A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4E9D38B7-DD4F-417D-9100-57D78DCF26AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{049D55FE-9DAA-430C-998C-C65C040914CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{D5ECDCE4-9957-41C3-A00D-75B8F08901B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe

==================== Faulty Device Manager Devices =============

Name: Hotspot Shield Routing Driver 6
Description: Hotspot Shield Routing Driver 6
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HssDRV6
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2015 01:33:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 01:32:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgwdsvc.exe, version: 14.0.0.4150, time stamp: 0x52433d90
Faulting module name: avgwd.dll, version: 14.0.0.4150, time stamp: 0x52434012
Exception code: 0xc0000005
Fault offset: 0x00082905
Faulting process id: 0x6b4
Faulting application start time: 0xavgwdsvc.exe0
Faulting application path: avgwdsvc.exe1
Faulting module path: avgwdsvc.exe2
Report Id: avgwdsvc.exe3

Error: (11/29/2015 01:26:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ExterminateIt.exe version 2.12.0.12 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 958

Start Time: 01d12a959c82f9c8

Termination Time: 5

Application Path: C:\Program Files (x86)\Exterminate It!\ExterminateIt.exe

Report Id: fb8d8ed4-968b-11e5-b869-4487fc548dae

Error: (11/29/2015 00:59:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ExterminateIt.exe version 2.12.0.12 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d08

Start Time: 01d12a92c101f5a7

Termination Time: 5

Application Path: C:\Program Files (x86)\Exterminate It!\ExterminateIt.exe

Report Id: 4b0cbbf8-9688-11e5-b869-4487fc548dae

Error: (11/29/2015 00:55:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (11/29/2015 00:20:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2015 00:19:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgwdsvc.exe, version: 14.0.0.4150, time stamp: 0x52433d90
Faulting module name: avgwd.dll, version: 14.0.0.4150, time stamp: 0x52434012
Exception code: 0xc0000005
Fault offset: 0x00082905
Faulting process id: 0x6dc
Faulting application start time: 0xavgwdsvc.exe0
Faulting application path: avgwdsvc.exe1
Faulting module path: avgwdsvc.exe2
Report Id: avgwdsvc.exe3

Error: (11/29/2015 06:58:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ExterminateIt.exe version 2.12.0.12 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: af0

Start Time: 01d129fe46abbc3b

Termination Time: 2114

Application Path: C:\Program Files (x86)\Exterminate It!\ExterminateIt.exe

Report Id: d81bcfd2-9655-11e5-af41-4487fc548dae

Error: (11/28/2015 07:00:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ExterminateIt.exe version 2.12.0.12 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8c0

Start Time: 01d129fb892e1423

Termination Time: 6

Application Path: C:\Program Files (x86)\Exterminate It!\ExterminateIt.exe

Report Id: 574177ea-95f1-11e5-af41-4487fc548dae

Error: (11/28/2015 06:59:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0xe58
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (11/29/2015 02:21:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\extit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/29/2015 02:18:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\extit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/29/2015 01:38:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/29/2015 01:37:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/29/2015 01:37:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/29/2015 01:37:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/29/2015 01:37:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/29/2015 01:37:53 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/29/2015 01:37:53 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/29/2015 01:37:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535


CodeIntegrity:
===================================
Date: 2013-06-23 11:28:59.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:28:59.404
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:28:59.312
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:28:59.223
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:28:56.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:28:56.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:28:56.599
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:28:56.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:26:57.485
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.16385_none_5722666f137ae177\appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-23 11:26:57.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\kasutaja66\Desktop\SailitatudAndmed\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.16385_none_5722666f137ae177\appid.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 33%
Total physical RAM: 8183.12 MB
Available physical RAM: 5418.69 MB
Total Virtual: 16364.44 MB
Available Virtual: 13323.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:221.88 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive h: (VERBATIM) (Fixed) (Total:232.88 GB) (Free:137.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C82AC1A9)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 3EB3D1DE)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Keefan is offline  
Old 11-29-2015, 03:22 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Keefan.

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 12:30 AM   #7
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



Here they are:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\games\world_of_tanks\res\audio\objects_ice_crack.fsb
c:\program files (x86)\steam\steamapps\common\dying light\dw\data\menu\movies\skills\blueprintsfirecrackers.bik
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\decals\airstripconcretecracks1a_diffuse.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintburned1a_diffuse.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintburned1a_normal.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintwhite1a_diffuse.crn
c:\program files (x86)\steam\steamapps\common\heroes & generals\_packed\environments\pictures\architecture\walls\crackedpaintwhite1a_normal.crn
c:\program files (x86)\steam\steamapps\common\how to survive\island_06\assets\puit01_\compiled\puit01_crack01.mat
c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\common\mountblade warband\sounds\fire_small_crackle_slick_op.ogg
c:\program files (x86)\steam\steamapps\common\napoleon total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\linuxnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock5_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock6_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock7_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock9_lavacrack.uasset.z.uncompressed_size
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z
c:\program files (x86)\steam\steamapps\workshop\content\346110\496735411\windowsnoeditor\shootergame\content\primalearth\environment\marketplace\materials\mic_rock_lavacrack_basemic.uasset.z.uncompressed_size
scanner sequence 3.ZZ.11.SOAAM0
----- EOF -----
Keefan is offline  
Old 11-30-2015, 12:59 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you running a pirated(illegal) version of DayZ:

Quote:
Task: {6E59FA48-6F72-4DDD-8722-D61687F533E3} - System32\Tasks\{232E0771-2B33-4F16-8B64-662E93111750} => C:\Users\kasutaja66\Downloads\day_z_keygen\day_z_keygen.exe
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 01:07 AM   #9
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



It cannot be! I bought it on Steam! I don't know what to say.
Keefan is offline  
Old 11-30-2015, 01:09 AM   #10
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



Weird - when I check my Download folder, the said folder and this file wont even show up. Could it be, it's some kind of virus or malware concealed as a keygen file?
Keefan is offline  
Old 11-30-2015, 01:09 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Someone downloaded the cracktool to your Downloads folder. Are you the only user?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 01:10 AM   #12
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



I am the only user of this computer. Noone ever uses it beside me. Does it mean someone hijacked my computer? What is the date of this keygen file? The thing with yandex happened on Saturday, Nov 28.
Keefan is offline  
Old 11-30-2015, 01:23 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Keefan. Your computer wasn't hijacked, and no, it isn't malware concealed as a keygen file.

There is no date as the file no longer appears to be on the machine.

Do you still have your license key for DayZ?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 02:57 AM   #14
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



It doesn't have a cd key. Not in this form at least. When I try to view it on Steam, it is not showing anything. I can find my receipt for paying for it etc., but no key whatsoever. Just googled the thing - some other players are wondering as well and the only answer found on the internet is, that the CD-key is locked to my Steam account (which is Peeter1978, if You want to check it out).
Keefan is offline  
Old 11-30-2015, 04:34 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Keefan. We'll move on.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

I see you have SpyHunter installed on your system. This application was previously listed as a rogue program because of deceptive advertising. Please read here

Although no longer listed as such, we recommend uninstalling it via Programs and Features in your Control Panel and downloading antispyware programs that have proven themselves tried and true. See here for a list of trustworthy antispyware products.

If you decide to uninstall it, also delete this Folder if it still exists:

C:\Program Files\Enigma Software Group

------------------------------------------------------

CCleaner
JetClean


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner or JetClean. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I see you have P2P software ( BitTorrent and eMule ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall them. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AVG 2014 (Version: 14.0.3614 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
    Task: {0D3F368D-D05C-49D1-93B3-7D1D5F287D05} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-11-28] (Enigma Software Group USA, LLC.)
    Task: {63FC0EE2-4022-48EC-B0C6-ED55760B67D5} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
    C:\Program Files (x86)\hide.me VPN
    Task: {6ACF1C97-40C6-4BD4-AA47-502741FE15EA} - System32\Tasks\id updater task => id-updater.exe
    Task: {6E59FA48-6F72-4DDD-8722-D61687F533E3} - System32\Tasks\{232E0771-2B33-4F16-8B64-662E93111750} => C:\Users\kasutaja66\Downloads\day_z_keygen\day_z_keygen.exe
    C:\Users\kasutaja66\Downloads\day_z_keygen
    Task: {93003542-57F6-4A9D-A7D0-E6E4EC8456D3} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: {A55FCF84-C201-4C6F-AC0B-CB928FE64B7A} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    C:\Program Files (x86)\IObit
    AlternateDataStreams: C:\Users\kasutaja66:Heroes & Generals
    AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {71c9595b-f7de-11e0-a8fb-4487fc548dae} - F:\Setup\rsrc\Autorun.exe
    HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {788f14d9-d006-11e2-a411-4487fc548dae} - F:\setup.exe
    AppInit_DLLs-x32: c:\users\kasutaja66\documents\iterra\jgzaryb.dll => No File
    HKU\S-1-5-21-2796324459-3983397100-315245851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=204&clid=2100767-002
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
    OPR StartupUrls: "hxxp://www.yandex.ru/?win=204&clid=2100767-002"
    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
    S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 05:53 AM   #16
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



Done and done! I followed all the instructions to the letter. I didin't even know, I still had eMule on my computer - I really must be careless sometimes. Embarassing. But I really appreciate the job You are doing, thank You!
Well, the fixlog looks like that:

Fix result of Farbar Recovery Scan Tool (x64) Version:29-11-2015
Ran by kasutaja66 (2015-11-30 15:37:12) Run:1
Running from C:\Users\kasutaja66\Desktop
Loaded Profiles: kasutaja66 (Available Profiles: kasutaja66)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AVG 2014 (Version: 14.0.3614 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
Task: {0D3F368D-D05C-49D1-93B3-7D1D5F287D05} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-11-28] (Enigma Software Group USA, LLC.)
Task: {63FC0EE2-4022-48EC-B0C6-ED55760B67D5} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
C:\Program Files (x86)\hide.me VPN
Task: {6ACF1C97-40C6-4BD4-AA47-502741FE15EA} - System32\Tasks\id updater task => id-updater.exe
Task: {6E59FA48-6F72-4DDD-8722-D61687F533E3} - System32\Tasks\{232E0771-2B33-4F16-8B64-662E93111750} => C:\Users\kasutaja66\Downloads\day_z_keygen\day_z_keygen.exe
C:\Users\kasutaja66\Downloads\day_z_keygen
Task: {93003542-57F6-4A9D-A7D0-E6E4EC8456D3} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {A55FCF84-C201-4C6F-AC0B-CB928FE64B7A} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
C:\Program Files (x86)\IObit
AlternateDataStreams: C:\Users\kasutaja66:Heroes & Generals
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {71c9595b-f7de-11e0-a8fb-4487fc548dae} - F:\Setup\rsrc\Autorun.exe
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\...\MountPoints2: {788f14d9-d006-11e2-a411-4487fc548dae} - F:\setup.exe
AppInit_DLLs-x32: c:\users\kasutaja66\documents\iterra\jgzaryb.dll => No File
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=204&clid=2100767-002
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
OPR StartupUrls: "hxxp://www.yandex.ru/?win=204&clid=2100767-002"
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AA50158A-AE06-4806-8BFB-340442BD4B4C}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AA50158A-AE06-4806-8BFB-340442BD4B4C}\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D3F368D-D05C-49D1-93B3-7D1D5F287D05} => key not found.
C:\Windows\System32\Tasks\SpyHunter4Startup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63FC0EE2-4022-48EC-B0C6-ED55760B67D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63FC0EE2-4022-48EC-B0C6-ED55760B67D5}" => key removed successfully
C:\Windows\System32\Tasks\arp_flush => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\arp_flush" => key removed successfully
"C:\Program Files (x86)\hide.me VPN" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ACF1C97-40C6-4BD4-AA47-502741FE15EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ACF1C97-40C6-4BD4-AA47-502741FE15EA}" => key removed successfully
C:\Windows\System32\Tasks\id updater task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\id updater task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E59FA48-6F72-4DDD-8722-D61687F533E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E59FA48-6F72-4DDD-8722-D61687F533E3}" => key removed successfully
C:\Windows\System32\Tasks\{232E0771-2B33-4F16-8B64-662E93111750} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{232E0771-2B33-4F16-8B64-662E93111750}" => key removed successfully
"C:\Users\kasutaja66\Downloads\day_z_keygen" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93003542-57F6-4A9D-A7D0-E6E4EC8456D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93003542-57F6-4A9D-A7D0-E6E4EC8456D3}" => key removed successfully
C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A55FCF84-C201-4C6F-AC0B-CB928FE64B7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A55FCF84-C201-4C6F-AC0B-CB928FE64B7A}" => key removed successfully
C:\Windows\System32\Tasks\SmartDefrag4_Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag4_Update" => key removed successfully
C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Users\kasutaja66 => ":Heroes & Generals" ADS removed successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\\Default => value restored successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\\AlternateShell => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully
"HKU\S-1-5-21-2796324459-3983397100-315245851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71c9595b-f7de-11e0-a8fb-4487fc548dae}" => key removed successfully
HKCR\CLSID\{71c9595b-f7de-11e0-a8fb-4487fc548dae} => key not found.
"HKU\S-1-5-21-2796324459-3983397100-315245851-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{788f14d9-d006-11e2-a411-4487fc548dae}" => key removed successfully
HKCR\CLSID\{788f14d9-d006-11e2-a411-4487fc548dae} => key not found.
"c:\users\kasutaja66\documents\iterra\jgzaryb.dll" => Value data removed successfully.
HKU\S-1-5-21-2796324459-3983397100-315245851-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => key removed successfully
OPR StartupUrls: "hxxp://www.yandex.ru/?win=204&clid=2100767-002" => removed successfully
taphss6 => service removed successfully
HssDRV6 => service removed successfully
xhunter1 => service removed successfully
EmptyTemp: => 491.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:39:23 ====
Keefan is offline  
Old 11-30-2015, 06:08 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Keefan. You're very welcome. Is Yandex gone now?

------------------------------------------------------

It appears that you have two antivirus programs installed, Avast and AVG.

Even though AVG isn't running, they can still conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

I suggest uninstalling AVG.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-30-2015, 06:39 AM   #18
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



I don't know if it's gone. Firefox is still in Russian and even when I try to change the language settings, nothing happens, it won't obey.
And once more, thank You - I hadn't noticed I still had AVG in my computer. I used it years ago and then for some reason I have forgotten, not anymore.
Well, I will now run ComboFix.
Keefan is offline  
Old 11-30-2015, 07:05 AM   #19
Registered Member
 
Join Date: Oct 2008
Location: Tallinn, Estonia
Posts: 203
OS: Windows 10



Oh, the reason I had SpyHunter was just me being naive - when I first noticed this yandex problem I just searched for a remedy and went to the first thing found. A mistake, I know now. I also downloaded Exterminate It! - is it useful or should I get rid of it as well?
Here comes the log file by ComboFix:

ComboFix 15-11-30.01 - kasutaja66 30.11.2015 16:44:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.3.1252.1.1033.18.8183.5702 [GMT 2:00]
Running from: c:\users\kasutaja66\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kasutaja66\AppData\Roaming\DRPSu
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-7x64-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\dpinst.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\FORCED-7x64-6.0.11.1000-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\FORCED-Catalyst-7x64-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.2.1020_NEW-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\Logitech-FORCED-Allx64-SetPoint-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\NTx64-Fujitsu_nb-19.0.13.10-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\Realtek-NTx64-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\DRIVERS\Sonix-WinAll-USB_5.8.54400.105-drp.zip
c:\users\kasutaja66\AppData\Roaming\DRPSu\Logs\log___2015-11-28-14-14-56.html
c:\users\kasutaja66\AppData\Roaming\DRPSu\Logs\log___2015-11-28-14-36-06.html
c:\users\kasutaja66\AppData\Roaming\DRPSu\PROGRAMS\downloader_elements.exe
c:\users\kasutaja66\AppData\Roaming\DRPSu\PROGRAMS\DriverPack-Notifier.exe
c:\users\kasutaja66\AppData\Roaming\DRPSu\PROGRAMS\Firefox.exe
c:\users\kasutaja66\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink.exe
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_1551.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_21406.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_43051.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_45971.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_51539.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_59214.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_67725.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_74278.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_77015.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_91267.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_95600.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_99202.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_finished_99448.txt
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_1551.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_21406.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_43051.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_45971.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_51539.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_59214.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_67725.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_74278.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_77015.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_91267.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_95600.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_99202.log
c:\users\kasutaja66\AppData\Roaming\DRPSu\temp\wget_log_99448.log
c:\users\kasutaja66\Documents\~WRL0001.tmp
c:\users\kasutaja66\Documents\~WRL0003.tmp
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-10-28 to 2015-11-30 )))))))))))))))))))))))))))))))
.
.
2015-11-30 14:59 . 2015-11-30 14:59 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-11-30 14:59 . 2015-11-30 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-29 22:46 . 2015-11-30 13:41 -------- dc----w- C:\FRST
2015-11-29 11:29 . 2015-11-29 11:30 -------- dc----w- C:\AdwCleaner
2015-11-28 16:41 . 2015-11-28 16:41 -------- d-----w- c:\users\kasutaja66\AppData\Roaming\Curiolab
2015-11-28 16:38 . 2015-11-29 12:21 -------- d-----w- c:\program files (x86)\Exterminate It!
2015-11-28 12:50 . 2015-11-28 12:50 -------- d-----w- c:\program files\Synaptics
2015-11-28 12:47 . 2014-01-30 08:17 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2015-11-28 12:42 . 2015-11-28 12:42 -------- d-----w- c:\users\kasutaja66\AppData\Local\Xpom
2015-11-28 12:42 . 2015-11-28 12:42 -------- d-----w- c:\users\kasutaja66\AppData\Local\Nichrome
2015-11-28 12:42 . 2015-11-28 12:42 -------- d-----w- c:\users\kasutaja66\AppData\Roaming\Yandex
2015-11-28 12:42 . 2015-11-28 12:42 -------- d-----w- c:\users\kasutaja66\AppData\Roaming\DriverPack Notifier
2015-11-28 12:42 . 2015-11-28 12:42 -------- d-----w- c:\program files (x86)\DriverPack Notifier
2015-11-28 12:41 . 2015-11-28 12:41 -------- d-----w- c:\users\kasutaja66\AppData\Roaming\Opera Software
2015-11-28 12:41 . 2015-11-28 12:41 -------- d-----w- c:\users\kasutaja66\AppData\Local\Opera Software
2015-11-27 09:57 . 2015-11-27 09:57 -------- d-----w- c:\users\kasutaja66\AppData\Local\JockerSoft
2015-11-27 09:57 . 2015-11-27 09:57 -------- d-----w- c:\program files (x86)\JockerSoft
2015-11-27 09:51 . 2015-11-27 09:51 -------- d--h--w- c:\program files (x86)\Temp
2015-11-26 20:37 . 2015-11-26 20:37 -------- d-----w- c:\users\kasutaja66\AppData\Local\Rockstar Games
2015-11-26 20:36 . 2015-11-26 23:53 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-11-26 20:36 . 2015-11-26 23:53 -------- d-----w- c:\program files\Rockstar Games
2015-11-24 07:39 . 2015-11-24 07:39 -------- d-----w- C:\found.025
2015-11-19 12:18 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-11-19 12:18 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-19 11:39 . 2015-11-19 11:39 -------- d-----w- c:\windows\CheckSur
2015-11-19 11:20 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-11-19 11:19 . 2015-10-30 23:33 50176 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-11-19 11:18 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-19 11:18 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-19 11:16 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-11-19 11:09 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-11-19 11:09 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-11-19 11:09 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-11-19 11:09 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-11-19 11:09 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-11-19 11:09 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-11-19 11:09 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-11-19 11:04 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-11-19 11:04 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-11-19 11:01 . 2015-11-19 11:01 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-28 12:54 . 2012-02-12 16:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-11-19 11:01 . 2014-08-11 17:12 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-11-11 16:14 . 2015-05-13 15:24 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-11 16:14 . 2015-05-13 15:24 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-11 16:13 . 2013-09-21 09:57 5286088 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-10-27 16:43 . 2011-06-09 09:00 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-10-20 00:45 . 2015-11-19 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-12 23:29 . 2015-10-12 23:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-12 23:22 . 2015-10-12 23:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-09 19:30 . 2015-07-16 02:11 146728 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2015-10-09 19:30 . 2015-06-23 02:08 176848 ----a-w- c:\windows\system32\atiuxp64.dll
2015-10-09 19:30 . 2013-08-31 00:13 7970904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2015-10-09 19:30 . 2013-08-31 00:13 7238984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2015-10-09 19:29 . 2013-03-29 02:37 133240 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2015-10-09 19:29 . 2015-06-23 02:08 11262576 ----a-w- c:\windows\system32\atidxx64.dll
2015-10-09 19:29 . 2015-07-16 02:11 9560152 ----a-w- c:\windows\SysWow64\atidxx32.dll
2015-10-09 19:29 . 2015-06-23 02:08 1469808 ----a-w- c:\windows\system32\aticfx64.dll
2015-10-09 19:29 . 2014-04-18 02:42 1214248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2015-10-09 19:26 . 2015-06-23 01:21 873488 ----a-w- c:\windows\system32\coinst_15.20.dll
2015-10-09 19:24 . 2014-11-21 02:08 166928 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-10-09 19:24 . 2015-07-16 01:17 305168 ----a-w- c:\windows\system32\atiesrxx.exe
2015-10-09 19:24 . 2015-07-16 01:17 704528 ----a-w- c:\windows\system32\atieclxx.exe
2015-10-09 19:24 . 2015-06-23 01:14 451096 ----a-w- c:\windows\system32\atidemgy.dll
2015-10-09 19:23 . 2014-11-21 02:09 943128 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-10-09 19:23 . 2015-06-23 01:11 1252880 ----a-w- c:\windows\system32\atiadlxx.dll
2015-10-09 19:22 . 2015-06-23 01:55 22327320 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2015-10-09 19:21 . 2014-11-21 02:32 39720976 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-11-10 3011152]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-08-19 8455960]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-10-14 48145024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-02 5515496]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-11-20 56080]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-07-15 767176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
"DriverPack Notifier"="c:\program files (x86)\DriverPack Notifier\DriverPackNotifier.exe" [2015-10-21 265456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 atrfiltr;ATR Filter driver service;c:\windows\system32\drivers\atrfiltr.sys;c:\windows\SYSNATIVE\drivers\atrfiltr.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 cxbu0x64;OMNIKEY 1021;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Survarium-Steam Update Service;Survarium-Steam Update Service;c:\program files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe Survarium-Steam;c:\program files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe Survarium-Steam [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - spldr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-12 15:24 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13 16:14]
.
2015-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-01 20:12]
.
2015-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-01 20:12]
.
2015-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000Core.job
- c:\users\kasutaja66\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-02 14:43]
.
2015-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2796324459-3983397100-315245851-1000UA.job
- c:\users\kasutaja66\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-02 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-01 20:33 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\kasutaja66\AppData\Roaming\Mozilla\Firefox\Profiles\iitecx04.default-1448794494894\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ee/?gfe_rd=cr&ei=HdpaVufwAuyO8QeVk6DYBw&gws_rd=ssl
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Smart Defrag 4_is1 - c:\program files (x86)\IObit\Smart Defrag 4\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2796324459-3983397100-315245851-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74142D58-F729-90DC-B068-C68D34536B00}*]
"jabnoclpakdckjdedchk"=hex:62,61,69,6b,00,00
"iabmjpcondalbmkoke"=hex:6b,61,61,6c,68,64,69,66,68,64,67,62,68,6e,68,68,6f,6d,
6e,70,63,61,00,77
"jabnoclpakdckjdedclk"=hex:62,61,66,68,00,00
.
[HKEY_USERS\S-1-5-21-2796324459-3983397100-315245851-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:17,38,b8,38,04,c0,a6,9f,88,55,c3,be,30,9c,97,15,5d,ff,4b,b7,9d,
22,cc,27,ea,61,b9,9d,7e,9a,b1,f3,6f,ca,22,f8,51,1f,93,4d,2f,29,c8,e9,24,07,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-30 17:02:05
ComboFix-quarantined-files.txt 2015-11-30 15:02
.
Pre-Run: 248*648*052*736 bytes free
Post-Run: 248*328*577*024 bytes free
.
- - End Of File - - 0D519EDF7FF160182F535B41C5353A70
A36C5E4F47E84449FF07ED3517B43A31
Keefan is offline  
Old 11-30-2015, 08:56 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Keefan. You're very welcome. What language do you want in FF?

Sorry, but I have no experience with Exterminate It!, so I can't say.

If you haven't already, please uninstall AVG via Programs and Features in your Control Panel.

------------------------------------------------------

Please download AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avg_remover_stf_x64_2015_5501.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Reboot your computer if not prompted already.
  • Then delete avg_remover_stf_x64_2012_1796.exe and the avgremover.log from your desktop.
------------------------------------------------------

It appears your Safe Mode is in need of repair.

Please download SafeBootKeyRepair and Save it to your Desktop.

Double-click on SafeBootKeyRepair.exe to run it. It will take a few minutes for it to finish running, please be patient.

Please post the log it produces at C:\SafeBoot_Repair.txt in your next reply.

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
ClearJavaCache::

Folder::
c:\users\kasutaja66\AppData\Local\Xpom
c:\users\kasutaja66\AppData\Local\Nichrome
c:\users\kasutaja66\AppData\Roaming\Yandex

Driver::
avgwd
AVGIDSHA
Avgloga
Avgmfx64
Avgrkx64
Avgdiska
AVGIDSDriver
Avgldx64
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:41 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts