Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

just making sure i'm not infected or smth. [Solved]

Started by n1K. , Apr 08 2014 01:30 AM

This topic is locked

#1
n1K.

Posted 08 April 2014 - 01:30 AM

New Member

Member
8 posts

Greetings,

My pc's performance is slightly slow, spikes in CPU usage.
and I just want to make sure that i'm not infected with virus/rat or smth

OTL log:

OTL logfile created on: 08.04.2014 10:05:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000422 | Country: Україна | Language: UKR | Date Format: dd.MM.yyyy

5,91 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 71,74% Memory free
11,82 Gb Paging File | 9,93 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,49 Gb Total Space | 157,98 Gb Free Space | 52,75% Space Free | Partition Type: NTFS
Drive D: | 151,80 Gb Total Space | 24,58 Gb Free Space | 16,19% Space Free | Partition Type: NTFS

Computer Name: MYCOMP | User Name: n1K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (VsEtwService120) -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (Riverbed Technology, Inc.)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (srvSMART) -- C:\Program Files (x86)\ACE Lab\SMART Vision\SMARTSrv.exe (ACE Lab)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (WPCSvc) -- C:\Windows\SysWOW64\wpcsvc.dll (Корпорация Майкрософт)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis International GmbH)
DRV:64bit: - (tib_mounter) -- C:\Windows\SysNative\drivers\tib_mounter.sys (Acronis)
DRV:64bit: - (tib) -- C:\Windows\SysNative\drivers\tib.sys (Acronis International GmbH)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis International GmbH)
DRV:64bit: - (vidsflt) -- C:\Windows\SysNative\drivers\vidsflt.sys (Acronis International GmbH)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis International GmbH)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis International GmbH)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (Riverbed Technology, Inc.)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\cmdatp.sys (Comodo, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (wmdusbser) -- C:\Windows\SysNative\drivers\wmdusbser.sys (WeTelecom Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = uk
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 7C 05 28 AD CA CE 01 [binary data]
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..network.proxy.http: "67.237.24.23"
FF - prefs.js..network.proxy.http_port: 27131
FF - prefs.js..network.proxy.no_proxies_on: "localhost, "
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnLvn: C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll File not found
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnRdp: C:\Program Files\COMODO\Unite\NpRdpView.dll File not found
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnVnc: C:\Program Files\COMODO\Unite\NpVncView.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\n1K\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

[2014.02.06 10:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Extensions
[2014.02.06 10:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2014.04.03 13:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Firefox\Profiles\ilyzy6le.default\extensions
[2014.04.02 01:26:40 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\n1K\AppData\Roaming\mozilla\Firefox\Profiles\ilyzy6le.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.11.23 23:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.03.29 23:40:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: iMacros Plugin (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npiopus.dll
CHR - plugin: iMacros Scripting Interface (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npsi.dll
CHR - plugin: iMacros Image Recognition Plugin (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npimr.dll
CHR - plugin: РЈРґР°Р»РµРЅРЅСР№ СЂР°Р±РѕСРёР№ СЃСРѕР» Chrome (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.98_0\remoting_host_plugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\n1K\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
CHR - Extension: Magic Actions for YouTubeвў = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.3_0\
CHR - Extension: Quickly Save Tabs = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobclpbhnodnafnndcfgfecfeloganfm\1.0.3_0\
CHR - Extension: РРѕРєСѓРјРµРЅСС Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: РРёСЃРє Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Dota 2 Stream Browser = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhfhjlfbaehncgjfnleejhehimhleip\1.2.0.6_0\
CHR - Extension: РџРѕРёСЃРє Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HitLeap Add-On = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjjkcigaahaeecihdfkkjpclkfeoalm\2.1_0\
CHR - Extension: РЈРґР°Р»РµРЅРЅСР№ СЂР°Р±РѕСРёР№ СЃСРѕР» Chrome = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\
CHR - Extension: РЈРґР°Р»РµРЅРЅСР№ СЂР°Р±РѕСРёР№ СЃСРѕР» Chrome = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\34.0.1847.90_0\~
CHR - Extension: VkOpt = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoboppgpbgclpfnjfdidokiilachfcbb\2.2.1.3_0\
CHR - Extension: SaveFrom.net РїРѕРјРѕСРЅРёРє = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl\2.37_0\
CHR - Extension: DotA 2 Match Ticker = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nejdjlaibiicicciokonbbkecjleilon\1.6.3_0\
CHR - Extension: TMS - РџРѕРёСЃРє СРѕСЂСЂРµРЅСРѕРІ, СЂР°СЃСРёСЂРµРЅРёРµ = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcldkkokhibdmeamidppdknbhegmhdh\0.9.99_0\
CHR - Extension: TMS - РџРѕРёСЃРє СРѕСЂСЂРµРЅСРѕРІ, СЂР°СЃСРёСЂРµРЅРёРµ = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcldkkokhibdmeamidppdknbhegmhdh\1.0.0_0\
CHR - Extension: Google РљРѕСРµР»РµРє = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Modern New Tab Page = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogllliimbhgmclkgjldeffhjbhaenapo\2014.4.4_0\
CHR - Extension: Gmail = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: uCoz - РРµР·РѕРїР°СЃРЅСР№ РІСРѕРґ = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\0.9.5_0\

O1 HOSTS File: ([2013.10.21 00:41:05 | 000,001,523 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O1 - Hosts: 127.0.0.1 order.tune-up.com
O1 - Hosts: 127.0.0.1 tune-up.com
O1 - Hosts: 127.0.0.1 tune-up.com/order
O1 - Hosts: 127.0.0.1 registertuneup.com
O1 - Hosts: 127.0.0.1 tuneup.de
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000..\Run: [Rainmeter] D:\Rainmeter\Rainmeter.exe ()
O4 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 [2014.04.02 00:48:30 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2014.03.27 00:17:49 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2014.04.02 00:49:58 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2014.04.06 00:30:03 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 [2014.04.02 00:47:24 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 [2013.07.23 13:29:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 [2014.03.25 11:51:29 | 000,000,000 | ---D | M]
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECB707D-DD81-4AA1-9624-0AD6892585A1}: NameServer = 213.160.128.3,8.8.8.8
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bip_camera1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\btassist1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\eccenter1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\tosbtproc1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\usrguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\vmplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wirelessftp1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bip_camera1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\btassist1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\eccenter1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\tosbtproc1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\usrguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\vmplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\wirelessftp1.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\Shell - "" = AutoRun
O33 - MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.04.04 00:43:12 | 000,000,000 | ---D | C] -- C:\Users\n1K\AppData\Roaming\Process Hacker 2
[2014.04.04 00:43:08 | 000,000,000 | ---D | C] -- C:\Users\n1K\AppData\Roaming\Wireshark
[2014.04.04 00:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014.04.04 00:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014.04.04 00:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2014.04.03 23:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2014.04.03 23:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2014.04.03 01:13:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.04.02 23:40:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2014.04.02 01:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\iOpus
[2014.04.02 01:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iOpus
[2014.03.28 21:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2014.03.14 02:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I Am Alive
[2014.03.12 14:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Left 4 Dead

========== Files - Modified Within 30 Days ==========

[2014.04.08 09:53:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.04.08 09:50:16 | 000,001,560 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014.04.08 09:40:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.04.08 08:11:16 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.04.08 08:11:16 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.04.08 08:09:37 | 001,658,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.04.08 08:09:37 | 000,727,636 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2014.04.08 08:09:37 | 000,657,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.04.08 08:09:37 | 000,152,446 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2014.04.08 08:09:37 | 000,123,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.04.08 08:02:46 | 463,491,071 | -HS- | M] () -- C:\hiberfil.sys
[2014.04.07 13:59:13 | 000,145,354 | ---- | M] () -- D:\Desktop\f9oSoKaVd94.jpg
[2014.04.06 21:59:15 | 000,170,842 | ---- | M] () -- D:\Desktop\915.jpg
[2014.04.06 21:13:42 | 000,070,582 | ---- | M] () -- D:\Desktop\JRd2Vg5m21E.jpg
[2014.04.04 00:39:29 | 000,001,589 | ---- | M] () -- C:\Users\n1K\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2014.04.03 23:42:51 | 000,001,725 | ---- | M] () -- D:\Desktop\Process Hacker 2.lnk
[2014.04.02 23:40:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2014.04.02 23:37:42 | 000,015,802 | ---- | M] () -- D:\Desktop\1363742601_1.jpg
[2014.04.02 23:35:55 | 000,005,330 | ---- | M] () -- D:\Desktop\logo-fs.png
[2014.04.02 23:00:22 | 001,426,178 | ---- | M] () -- D:\Desktop\AdwCleaner.exe
[2014.04.02 01:17:37 | 000,190,510 | ---- | M] () -- D:\Desktop\mem3.jpg
[2014.04.02 01:17:26 | 000,200,294 | ---- | M] () -- D:\Desktop\mem2.jpg
[2014.04.02 01:09:40 | 000,401,458 | ---- | M] () -- D:\Desktop\mem1.jpg
[2014.03.30 02:15:30 | 000,000,930 | ---- | M] () -- D:\Desktop\Cryptic VPN.lnk
[2014.03.28 09:48:13 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.03.28 09:48:13 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.03.25 11:02:48 | 005,124,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.03.23 03:16:40 | 000,050,530 | ---- | M] () -- D:\Desktop\batumi.jpg

========== Files Created - No Company Name ==========

[2014.04.07 13:59:13 | 000,145,354 | ---- | C] () -- D:\Desktop\f9oSoKaVd94.jpg
[2014.04.06 21:59:06 | 000,170,842 | ---- | C] () -- D:\Desktop\915.jpg
[2014.04.06 21:13:42 | 000,070,582 | ---- | C] () -- D:\Desktop\JRd2Vg5m21E.jpg
[2014.04.04 00:39:29 | 000,001,589 | ---- | C] () -- C:\Users\n1K\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2014.04.03 23:42:51 | 000,001,725 | ---- | C] () -- D:\Desktop\Process Hacker 2.lnk
[2014.04.02 23:37:42 | 000,015,802 | ---- | C] () -- D:\Desktop\1363742601_1.jpg
[2014.04.02 23:35:55 | 000,005,330 | ---- | C] () -- D:\Desktop\logo-fs.png
[2014.04.02 22:59:53 | 001,426,178 | ---- | C] () -- D:\Desktop\AdwCleaner.exe
[2014.04.02 01:17:35 | 000,190,510 | ---- | C] () -- D:\Desktop\mem3.jpg
[2014.04.02 01:17:24 | 000,200,294 | ---- | C] () -- D:\Desktop\mem2.jpg
[2014.04.02 01:09:38 | 000,401,458 | ---- | C] () -- D:\Desktop\mem1.jpg
[2014.03.30 02:15:30 | 000,000,930 | ---- | C] () -- D:\Desktop\Cryptic VPN.lnk
[2014.03.25 00:00:54 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014.03.23 03:16:40 | 000,050,530 | ---- | C] () -- D:\Desktop\batumi.jpg
[2014.02.25 02:37:16 | 000,000,000 | -HS- | C] () -- C:\Users\n1K\AppData\Local\LumaEmu
[2013.12.04 20:47:54 | 000,000,132 | ---- | C] () -- C:\Users\n1K\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013.10.25 15:41:41 | 000,000,132 | ---- | C] () -- C:\Users\n1K\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013.10.25 01:56:25 | 000,007,606 | ---- | C] () -- C:\Users\n1K\AppData\Local\Resmon.ResmonCfg
[2013.10.21 13:47:44 | 000,166,752 | ---- | C] () -- C:\Windows\Mathcad 14 Russian Pack Uninstaller.exe
[2013.10.17 22:50:58 | 000,001,560 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.10.17 20:19:31 | 001,676,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.27 08:07:38 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.06.27 07:56:12 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013.06.27 07:56:12 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013.03.01 04:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.10.21 01:26:00 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\ACD Systems
[2013.10.26 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Acronis
[2014.03.28 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\AIMP3
[2013.10.21 12:31:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Autodesk
[2013.12.13 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Bitcasa
[2013.10.21 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\DAEMON Tools Lite
[2013.10.16 23:41:16 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\driveridentifier
[2013.11.03 01:13:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\FileZilla
[2014.03.11 17:34:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Foxit Software
[2013.11.15 10:36:09 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mask Surf
[2013.10.20 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mathsoft
[2013.10.18 00:34:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Media Get LLC
[2013.11.27 13:20:53 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mumble
[2013.11.03 01:14:31 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Nico Mak Computing
[2013.11.17 00:38:29 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Notepad++
[2014.02.06 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\NuGet
[2014.02.06 10:50:43 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\OpenVPN Technologies
[2013.11.22 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Origin
[2014.04.04 00:43:12 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Process Hacker 2
[2013.10.18 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Publish Providers
[2013.10.17 23:05:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\R-TT
[2013.11.27 13:29:22 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\raidcall
[2014.03.28 09:37:15 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Rainmeter
[2013.10.21 23:45:43 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Red Giant Link
[2013.12.18 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SanDisk
[2013.12.05 00:55:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SanDisk SecureAccess
[2013.10.22 01:32:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Sony
[2013.10.17 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SystemRequirementsLab
[2014.03.25 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\TeamViewer
[2013.10.16 23:00:04 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\toshiba
[2013.10.17 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\TuneUp Software
[2013.10.17 22:22:23 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\URSoft
[2013.10.16 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\WinBatch
[2014.04.04 00:43:08 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Wireshark

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

#2
n1K.

Posted 14 April 2014 - 01:30 AM

New Member

Topic Starter
Member
8 posts

no one's gonna help me?

Edited by n1K., 14 April 2014 - 05:32 AM.

#3
Machiavelli

Posted 01 May 2014 - 12:00 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Sorry, for not answering.

Do you still need help?

#4
Machiavelli

Posted 04 May 2014 - 01:41 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Are you still with me?

#5
n1K.

Posted 04 May 2014 - 01:36 PM

New Member

Topic Starter
Member
8 posts

Are you still with me?

hello,

yes, i'm here.

one good member from another forum helped me a while ago,

but a quick check-up will be good, if you have time ...

Edited by n1K., 04 May 2014 - 01:38 PM.

#6
Machiavelli

Posted 04 May 2014 - 01:42 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey,
good!

Then I like to see a new OTL Scan. Could you give me a link to the old thread?

Thanks!

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.

Download Mirror #1

Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
mpsvc.dll
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
Open on the desktop. To do that:
- XP users: Double click on the OTL icon.
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
- You will see a console like the one below:
  - Click the box beside Scan All Users at the top of the console
  - If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
  - Make sure the Output box at the top is set to Standard Output.
  - Check the boxes beside LOP Check and Purity Check.
  - Make sure that Use Safe List is checked under Extra Registry.
  - Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
  - Click the button. Do not change any settings unless otherwise told to do so.
  - Let the scan run uninterrupted.
  - When the scan completes, it will open OTL.Txt on the desktop.
  - Please copy the contents of these files and paste it into your reply. To do that:
    - On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    - Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
  - Please do the same for the Extras.txt

#7
n1K.

Posted 04 May 2014 - 03:41 PM

New Member

Topic Starter
Member
8 posts

Thank you.
as requested - OLD thread:: http://www.hackforum...php?tid=4162339
New OTL log:

OTL logfile created on: 05.05.2014 0:25:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop\Programs\Cure
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000422 | Country: Україна | Language: UKR | Date Format: dd.MM.yyyy

5,91 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 47,26% Memory free
11,82 Gb Paging File | 8,26 Gb Available in Paging File | 69,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,49 Gb Total Space | 159,46 Gb Free Space | 53,24% Space Free | Partition Type: NTFS
Drive D: | 151,80 Gb Total Space | 8,18 Gb Free Space | 5,39% Space Free | Partition Type: NTFS

Computer Name: MYCOMP | User Name: n1K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.04.29 13:09:08 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.04.29 13:08:42 | 001,040,464 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2014.04.29 13:08:35 | 000,800,848 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2014.04.29 13:08:33 | 000,737,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.04.29 13:08:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.04.29 13:08:32 | 001,044,048 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2014.04.16 23:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\Programs\Cure\OTL.exe
PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.03.15 03:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.12.10 05:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013.12.10 05:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013.11.08 23:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.10.21 01:15:27 | 003,886,072 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013.10.18 13:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013.10.18 13:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013.10.18 12:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013.05.09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013.01.10 14:12:22 | 001,105,656 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2010.02.24 01:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009.12.25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2009.07.21 11:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

========== Modules (No Company Name) ==========

MOD - [2014.03.15 03:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014.03.15 03:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014.03.15 03:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014.03.15 03:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014.03.15 03:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014.03.15 03:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014.03.15 03:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2013.12.19 23:33:31 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2013.01.10 13:43:34 | 000,014,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014.04.15 16:59:16 | 000,043,320 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2014.03.06 11:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.01.17 22:01:08 | 000,187,592 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2013.12.10 05:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013.10.21 10:40:16 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013.10.05 00:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV:64bit: - [2013.08.22 16:25:08 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2013.05.27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.02.13 12:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013.02.13 12:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012.02.28 19:00:32 | 000,342,464 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010.02.03 02:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV:64bit: - [2010.01.19 17:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010.01.19 17:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010.01.19 17:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009.10.21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.04.29 19:54:14 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.04.29 13:09:08 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.04.29 13:08:42 | 001,040,464 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014.04.29 13:08:35 | 000,800,848 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2014.04.29 13:08:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.04.29 13:08:32 | 001,044,048 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2014.04.15 16:59:20 | 002,140,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014.04.15 16:59:16 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.03.29 23:40:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.03.20 13:32:50 | 004,971,840 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.02.26 00:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.12.10 05:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.21 01:15:27 | 003,886,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013.10.18 13:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013.10.18 13:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013.10.18 12:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013.10.09 09:04:16 | 000,905,272 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.09.02 19:22:28 | 009,742,888 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2013.08.22 05:21:36 | 000,119,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013.08.22 04:55:00 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013.08.21 18:18:08 | 001,144,704 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2013.08.09 16:26:10 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013.05.16 18:13:25 | 000,089,600 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe -- (WindowBlinds)
SRV - [2013.05.09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013.03.01 04:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.04.27 18:50:52 | 000,222,208 | ---- | M] (ACE Lab) [Disabled | Stopped] -- C:\Program Files (x86)\ACE Lab\SMART Vision\SMARTSrv.exe -- (srvSMART)
SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.07.14 04:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.05.05 00:01:27 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.04.29 13:08:34 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014.04.29 13:08:33 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014.01.17 22:01:06 | 000,202,600 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013.12.19 23:33:31 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.12.09 01:11:54 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013.12.05 11:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.11.12 14:06:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.10.21 13:54:09 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.10.21 01:15:29 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013.10.21 01:15:24 | 001,464,096 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013.10.21 01:15:23 | 000,183,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013.10.21 01:15:22 | 001,120,032 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
DRV:64bit: - [2013.10.21 01:15:11 | 000,161,568 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2013.10.21 01:15:03 | 000,117,024 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2013.10.21 01:15:01 | 000,269,600 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013.10.21 01:14:57 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013.10.18 13:46:18 | 000,064,080 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013.10.18 13:45:12 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013.10.18 13:44:58 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013.10.18 13:44:58 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013.10.18 13:44:54 | 000,032,848 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2013.10.15 12:38:24 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.10.09 09:04:06 | 000,053,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2013.10.09 09:03:42 | 000,038,456 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2013.10.08 19:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2013.10.08 19:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2013.08.22 14:42:06 | 000,528,112 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013.08.22 14:42:06 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013.07.25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013.07.01 13:51:36 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013.06.27 08:07:42 | 005,361,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013.05.09 04:23:38 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013.03.01 04:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013.01.22 11:53:13 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013.01.22 11:53:05 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.10.25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.04.14 12:01:46 | 000,020,888 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdatp.sys -- (ATP)
DRV:64bit: - [2010.11.21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 06:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 06:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 06:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.08.03 17:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.07.01 20:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010.06.11 05:47:08 | 000,154,240 | ---- | M] (WeTelecom Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wmdusbser.sys -- (wmdusbser)
DRV:64bit: - [2010.05.18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.04.09 15:49:20 | 000,330,856 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.04.29 01:56:40 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2008.04.29 01:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2008.04.25 09:16:30 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2014.02.10 12:06:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = uk
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 7C 05 28 AD CA CE 01 [binary data]
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnLvn: C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll File not found
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnRdp: C:\Program Files\COMODO\Unite\NpRdpView.dll File not found
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnVnc: C:\Program Files\COMODO\Unite\NpVncView.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\n1K\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

[2014.02.06 10:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Extensions
[2014.02.06 10:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2014.04.27 13:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Firefox\Profiles\ilyzy6le.default\extensions
[2014.04.02 01:26:40 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\n1K\AppData\Roaming\mozilla\Firefox\Profiles\ilyzy6le.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2014.04.27 13:47:04 | 000,124,721 | ---- | M] () (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\firefox\profiles\ilyzy6le.default\extensions\[email protected]
[2013.11.23 23:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.03.29 23:40:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: iMacros Plugin (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npiopus.dll
CHR - plugin: iMacros Scripting Interface (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npsi.dll
CHR - plugin: iMacros Image Recognition Plugin (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npimr.dll
CHR - plugin: РЈРґР°Р»РµРЅРЅС‹Р№ СЂР°Р±РѕС‡РёР№ СЃС‚РѕР» Chrome (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.98_0\remoting_host_plugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Raidcall plugin (Enabled) = C:\Users\n1K\AppData\Roaming\raidcall\plugins\nprcplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
CHR - Extension: Magic Actions for YouTubeв„ў = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.5_0\
CHR - Extension: Р”РѕРєСѓРјРµРЅС‚С‹ Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Р”РёСЃРє Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Dota 2 Stream Browser = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhfhjlfbaehncgjfnleejhehimhleip\1.2.0.6_0\
CHR - Extension: РџРѕРёСЃРє Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.7.13_0\
CHR - Extension: РЈРґР°Р»РµРЅРЅС‹Р№ СЂР°Р±РѕС‡РёР№ СЃС‚РѕР» Chrome = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.37_0\
CHR - Extension: VkOpt = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoboppgpbgclpfnjfdidokiilachfcbb\2.2.1.3_0\
CHR - Extension: SaveFrom.net РїРѕРјРѕС‰РЅРёРє = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl\2.41_0\
CHR - Extension: DotA 2 Match Ticker = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nejdjlaibiicicciokonbbkecjleilon\1.6.3_0\
CHR - Extension: TMS - РџРѕРёСЃРє С‚РѕСЂСЂРµРЅС‚РѕРІ, СЂР°СЃС€РёСЂРµРЅРёРµ = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcldkkokhibdmeamidppdknbhegmhdh\1.0.1_0\
CHR - Extension: Google РљРѕС€РµР»РµРє = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Modern New Tab Page = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogllliimbhgmclkgjldeffhjbhaenapo\2014.4.4_0\
CHR - Extension: Gmail = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: uCoz - Р‘РµР·РѕРїР°СЃРЅС‹Р№ РІС…РѕРґ = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\0.9.5_0\

O1 HOSTS File: ([2014.04.16 00:48:53 | 000,518,519 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 0.0.0.0 fr.a2dfp.net
O1 - Hosts: 0.0.0.0 m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0 mfr.a2dfp.net
O1 - Hosts: 0.0.0.0 ad.a8.net
O1 - Hosts: 0.0.0.0 asy.a8ww.net
O1 - Hosts: 0.0.0.0 static.a-ads.com
O1 - Hosts: 0.0.0.0 abcstats.com
O1 - Hosts: 0.0.0.0 ad4.abradio.cz
O1 - Hosts: 0.0.0.0 a.abv.bg
O1 - Hosts: 0.0.0.0 adserver.abv.bg
O1 - Hosts: 0.0.0.0 adv.abv.bg
O1 - Hosts: 0.0.0.0 bimg.abv.bg
O1 - Hosts: 0.0.0.0 ca.abv.bg
O1 - Hosts: 0.0.0.0 www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0 track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0 accuserveadsystem.com
O1 - Hosts: 0.0.0.0 www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0 achmedia.com
O1 - Hosts: 0.0.0.0 csh.actiondesk.com
O1 - Hosts: 0.0.0.0 ads.activepower.net
O1 - Hosts: 0.0.0.0 app.activetrail.com
O1 - Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 traffic.acwebconnecting.com
O1 - Hosts: 15487 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000..\Run: [Rainmeter] D:\Rainmeter\Rainmeter.exe ()
O4 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: &Отправить в OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: &Экспорт в Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Отправить в OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: &Экспорт в Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.160.128.3 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19277388-3B7D-41B6-9B49-EFAB7C177BFA}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DABED8F0-9A64-48AD-9A75-026D04E93683}: DhcpNameServer = 213.160.128.3 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\Shell - "" = AutoRun
O33 - MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.05.03 21:33:02 | 000,000,000 | ---D | C] -- C:\Users\n1K\AppData\Roaming\OmniCoin
[2014.05.02 00:52:37 | 000,029,496 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2014.05.02 00:52:37 | 000,025,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2014.05.02 00:52:28 | 000,043,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2014.05.02 00:52:28 | 000,036,152 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2014.04.25 23:30:29 | 000,182,464 | ---- | C] (Stardock Software, Inc) -- C:\Windows\SysNative\wbload.dll
[2014.04.25 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2014.04.25 23:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2014.04.25 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2014.04.25 23:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2014.04.24 16:21:24 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.24 16:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.04.24 16:19:59 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.24 16:19:59 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.24 16:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.04.21 13:52:35 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.04.21 13:52:28 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.04.21 13:52:28 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.04.21 13:52:28 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.04.21 13:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.04.20 18:43:46 | 000,040,760 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2014.04.20 18:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014
[2014.04.20 18:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2014
[2014.04.16 00:54:45 | 000,000,000 | ---D | C] -- C:\Users\n1K\AppData\Local\TuneUp Software
[2014.04.15 01:17:15 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.04.15 01:17:15 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.04.15 01:17:14 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.04.15 01:17:10 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.04.15 01:17:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.04.15 01:17:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.04.15 01:17:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.04.15 01:17:09 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.04.15 01:17:09 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.04.15 01:17:09 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.04.15 01:17:08 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.04.15 01:17:08 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.04.15 01:17:08 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.04.15 01:17:07 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.04.15 01:17:07 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.04.15 01:17:07 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.04.15 01:17:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.04.15 01:17:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.04.15 01:17:07 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.04.15 01:17:06 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.04.15 01:17:06 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.04.15 01:17:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.04.15 01:17:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.04.15 01:17:05 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.04.15 01:17:05 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.04.15 01:17:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.04.15 01:17:04 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.04.15 01:17:03 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.04.15 01:17:01 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.04.14 01:04:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014.04.12 10:03:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.04.12 01:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014.04.10 08:58:45 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014.04.10 08:58:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014.04.10 08:58:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014.04.10 08:58:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014.04.10 08:58:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014.04.10 08:58:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014.04.10 08:58:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014.04.10 08:58:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014.04.10 08:58:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014.04.10 08:58:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN

========== Files - Modified Within 30 Days ==========

[2014.05.05 00:01:27 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.04 23:53:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.04 19:08:57 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.04 19:08:57 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.04 19:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.04 19:00:33 | 463,491,071 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.04 13:53:58 | 000,001,608 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014.05.04 00:23:15 | 003,880,515 | ---- | M] () -- D:\Desktop\ebook giveaway.rar
[2014.05.03 02:39:19 | 002,177,412 | ---- | M] () -- D:\Desktop\Макс Корж - Жить в кайф.mp3
[2014.05.02 21:44:42 | 001,658,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.02 21:44:42 | 000,727,636 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2014.05.02 21:44:42 | 000,657,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.02 21:44:42 | 000,152,446 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2014.05.02 21:44:42 | 000,123,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.04.30 18:42:55 | 000,079,233 | ---- | M] () -- D:\Desktop\Безымяннsdfsdfый.png
[2014.04.29 19:54:12 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.04.29 19:54:12 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.04.29 13:08:34 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.04.29 13:08:33 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.04.27 19:51:09 | 000,069,837 | ---- | M] () -- D:\Desktop\Снимок.JPG
[2014.04.16 14:45:35 | 000,011,488 | ---- | M] () -- D:\Desktop\xi2_F7_WD.jpg
[2014.04.16 00:48:53 | 000,518,519 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2014.04.15 16:59:24 | 000,040,760 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2014.04.15 16:59:16 | 000,043,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2014.04.15 16:59:16 | 000,036,152 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2014.04.15 16:59:16 | 000,029,496 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2014.04.15 16:59:16 | 000,025,400 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2014.04.14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.04.14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.04.14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.04.14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.04.10 01:22:21 | 000,094,594 | ---- | M] () -- D:\Desktop\stock-illustration-21533572-abstract-icons-for-letter-n.psd
[2014.04.10 01:21:10 | 000,013,615 | ---- | M] () -- D:\Desktop\n2.png
[2014.04.10 01:21:10 | 000,000,132 | ---- | M] () -- C:\Users\n1K\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014.04.10 00:58:17 | 000,013,634 | ---- | M] () -- D:\Desktop\n.png
[2014.04.08 11:03:41 | 000,426,379 | ---- | M] () -- D:\Desktop\google_chrome_icon_by_auriel2k4-d4y9tjc.png

========== Files Created - No Company Name ==========

[2014.05.04 00:22:37 | 003,880,515 | ---- | C] () -- D:\Desktop\ebook giveaway.rar
[2014.05.03 02:38:47 | 002,177,412 | ---- | C] () -- D:\Desktop\Макс Корж - Жить в кайф.mp3
[2014.04.30 18:42:51 | 000,079,233 | ---- | C] () -- D:\Desktop\Безымяннsdfsdfый.png
[2014.04.28 23:29:56 | 000,095,021 | ---- | C] () -- D:\Desktop\181737.rtf
[2014.04.27 13:53:23 | 000,069,837 | ---- | C] () -- D:\Desktop\Снимок.JPG
[2014.04.20 18:43:38 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
[2014.04.16 14:45:35 | 000,011,488 | ---- | C] () -- D:\Desktop\xi2_F7_WD.jpg
[2014.04.10 01:09:56 | 000,013,615 | ---- | C] () -- D:\Desktop\n2.png
[2014.04.10 00:39:48 | 000,013,634 | ---- | C] () -- D:\Desktop\n.png
[2014.04.08 13:16:27 | 000,094,594 | ---- | C] () -- D:\Desktop\stock-illustration-21533572-abstract-icons-for-letter-n.psd
[2014.04.08 11:03:41 | 000,426,379 | ---- | C] () -- D:\Desktop\google_chrome_icon_by_auriel2k4-d4y9tjc.png
[2014.02.25 02:37:16 | 000,000,000 | -HS- | C] () -- C:\Users\n1K\AppData\Local\LumaEmu
[2013.12.04 20:47:54 | 000,000,132 | ---- | C] () -- C:\Users\n1K\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013.10.25 15:41:41 | 000,000,132 | ---- | C] () -- C:\Users\n1K\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013.10.25 01:56:25 | 000,007,606 | ---- | C] () -- C:\Users\n1K\AppData\Local\Resmon.ResmonCfg
[2013.10.21 13:47:44 | 000,166,752 | ---- | C] () -- C:\Windows\Mathcad 14 Russian Pack Uninstaller.exe
[2013.10.17 22:50:58 | 000,001,608 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.10.17 20:19:31 | 001,676,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.27 08:07:38 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.06.27 07:56:12 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013.06.27 07:56:12 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013.03.01 04:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.10.21 01:26:00 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\ACD Systems
[2013.10.26 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Acronis
[2014.05.03 03:37:57 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\AIMP3
[2013.10.21 12:31:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Autodesk
[2013.12.13 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Bitcasa
[2013.10.21 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\DAEMON Tools Lite
[2013.10.16 23:41:16 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\driveridentifier
[2013.11.03 01:13:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\FileZilla
[2014.03.11 17:34:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Foxit Software
[2013.11.15 10:36:09 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mask Surf
[2013.10.20 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mathsoft
[2013.10.18 00:34:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Media Get LLC
[2013.11.27 13:20:53 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mumble
[2013.11.03 01:14:31 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Nico Mak Computing
[2014.04.26 01:23:14 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Notepad++
[2014.02.06 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\NuGet
[2014.05.04 00:11:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\OmniCoin
[2014.02.06 10:50:43 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\OpenVPN Technologies
[2013.11.22 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Origin
[2014.04.04 00:43:12 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Process Hacker 2
[2013.10.18 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Publish Providers
[2013.10.17 23:05:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\R-TT
[2013.11.27 13:29:22 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\raidcall
[2014.03.28 09:37:15 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Rainmeter
[2013.10.21 23:45:43 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Red Giant Link
[2013.12.18 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SanDisk
[2013.12.05 00:55:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SanDisk SecureAccess
[2013.10.22 01:32:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Sony
[2013.10.17 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SystemRequirementsLab
[2014.03.25 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\TeamViewer
[2013.10.16 23:00:04 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\toshiba
[2013.10.17 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\TuneUp Software
[2013.10.17 22:22:23 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\URSoft
[2013.10.16 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\WinBatch
[2014.04.04 00:43:08 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Wireshark

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009.07.14 04:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013.02.27 08:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 04:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.21 06:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.21 06:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013.09.25 04:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 04:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 04:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.05 01:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013.07.09 08:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013.07.09 07:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.21 06:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.21 06:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.21 06:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 09:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 04:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 04:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 04:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 04:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.21 06:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 04:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 04:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 04:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 04:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 04:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010.11.21 06:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 04:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 14:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010.11.21 06:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013.09.25 04:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 04:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.21 06:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.21 06:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.21 06:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013.09.25 04:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 04:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.21 06:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.21 06:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.21 06:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.21 06:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.21 06:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.21 06:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 04:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010.11.21 06:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.21 06:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.21 06:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.21 06:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.21 06:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013.05.27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010.11.21 06:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.21 06:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.21 06:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.21 06:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.21 06:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 04:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.03 01:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.21 06:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 04:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.21 06:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010.11.21 06:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.21 06:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.21 06:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.21 06:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MPSVC.DLL >
[2013.05.27 08:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013.05.27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013.05.27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll

< MD5 for: QMGR.DLL >
[2010.11.21 06:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010.11.21 06:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010.11.21 06:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010.11.21 06:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES >
[2014.03.02 19:29:56 | 000,927,278 | ---- | M] () MD5=D178944C4CF2CAAA37269B435F79BBBB -- C:\Program Files\Wireshark\services
[2009.06.11 00:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009.07.14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010.11.21 10:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010.11.21 10:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2011.01.21 20:25:41 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=EB63EE0FD3C4826F45845C6E83058570 -- C:\Windows\SysNative\ru-RU\services.exe.mui
[2011.01.21 20:25:41 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=EB63EE0FD3C4826F45845C6E83058570 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_0f13507290ab300f\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009.07.14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Все пользователи\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2014.01.21 12:59:57 | 000,000,353 | ---- | M] () MD5=EBFF504C3CB0E3A5705C27A53DC5FE59 -- C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VJ894JTQ\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009.06.10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011.01.21 20:25:34 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\SysNative\ru-RU\services.msc
[2011.01.21 20:25:43 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\SysWOW64\ru-RU\services.msc
[2011.01.21 20:25:34 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_4955205e6714ca02\services.msc
[2011.01.21 20:25:43 | 000,092,790 | ---- | M] () MD5=20037594600FF469A209FA3465ECBA8A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_ed3684daaeb758cc\services.msc
[2010.11.21 10:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009.06.10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010.11.21 10:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010.11.21 10:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009.06.10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010.11.21 10:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.TICO >
[2009.09.25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2014\data\services.tico

< MD5 for: SVCHOST.EXE >
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 04:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 06:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 06:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 06:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< MD5 for: WINSOCK.H >
[2013.08.21 17:36:04 | 000,038,515 | ---- | M] () MD5=4C9A38861B425AC47623BA6187FB124E -- C:\Program Files (x86)\Windows Kits\8.1\Include\um\winsock.h
[2012.10.01 10:14:04 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include\WinSock.h

< dir "%systemdrive%\*" /S /A:L /C >
’®¬ ў гбва®©бвўҐ C Ґ Ё¬ҐҐв ¬ҐвЄЁ.
‘ҐаЁ©л© ®¬Ґа в®¬ : 2420-E071
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\
14.07.2009 08:08 <JUNCTION> Documents and Settings [C:\Users]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Program Files\Windows NT
16.10.2013 22:25 <JUNCTION> ‘в ¤ авлҐ [C:\Program Files\Windows NT\Accessories]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\ProgramData
14.07.2009 08:08 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009 08:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009 08:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009 08:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009 08:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 08:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
16.10.2013 22:25 <JUNCTION> ѓ« ў®Ґ ¬Ґо [C:\ProgramData\Microsoft\Windows\Start Menu]
16.10.2013 22:25 <JUNCTION> „®Єг¬Ґвл [C:\Users\Public\Documents]
16.10.2013 22:25 <JUNCTION> €§Ўа ®Ґ [C:\Users\Public\Favorites]
16.10.2013 22:25 <JUNCTION> ђ Ў®зЁ© бв®« [C:\Users\Public\Desktop]
16.10.2013 22:25 <JUNCTION> Ў«®л [C:\ProgramData\Microsoft\Windows\Templates]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\ProgramData\Microsoft\Windows\Start Menu
16.10.2013 22:25 <JUNCTION> Џа®Ја ¬¬л [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users
14.07.2009 08:08 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009 08:08 <JUNCTION> Default User [C:\Users\Default]
16.10.2013 22:25 <SYMLINKD> ‚бҐ Ї®«м§®ў вҐ«Ё [C:\ProgramData]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\All Users
14.07.2009 08:08 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009 08:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009 08:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009 08:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009 08:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 08:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
16.10.2013 22:25 <JUNCTION> ѓ« ў®Ґ ¬Ґо [C:\ProgramData\Microsoft\Windows\Start Menu]
16.10.2013 22:25 <JUNCTION> „®Єг¬Ґвл [C:\Users\Public\Documents]
16.10.2013 22:25 <JUNCTION> €§Ўа ®Ґ [C:\Users\Public\Favorites]
16.10.2013 22:25 <JUNCTION> ђ Ў®зЁ© бв®« [C:\Users\Public\Desktop]
16.10.2013 22:25 <JUNCTION> Ў«®л [C:\ProgramData\Microsoft\Windows\Templates]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\All Users\Microsoft\Windows\Start Menu
16.10.2013 22:25 <JUNCTION> Џа®Ја ¬¬л [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\Default
14.07.2009 08:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009 08:08 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14.07.2009 08:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14.07.2009 08:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14.07.2009 08:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009 08:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009 08:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009 08:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009 08:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009 08:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
16.10.2013 22:25 <JUNCTION> ѓ« ў®Ґ ¬Ґо [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
16.10.2013 22:25 <JUNCTION> Њ®Ё ¤®Єг¬Ґвл [C:\Users\Default\Documents]
16.10.2013 22:25 <JUNCTION> Ў«®л [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\Default\AppData\Local
14.07.2009 08:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14.07.2009 08:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009 08:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
16.10.2013 22:25 <JUNCTION> Џа®Ја ¬¬л [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\Default\Documents
14.07.2009 08:08 <JUNCTION> My Music [C:\Users\Default\Music]
14.07.2009 08:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14.07.2009 08:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
16.10.2013 22:25 <JUNCTION> Њ®Ё ўЁ¤Ґ®§ ЇЁбЁ [C:\Users\Default\Videos]
16.10.2013 22:25 <JUNCTION> Њ®Ё аЁбгЄЁ [C:\Users\Default\Pictures]
16.10.2013 22:25 <JUNCTION> Њ®п ¬г§лЄ [C:\Users\Default\Music]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\n1K
16.10.2013 22:26 <JUNCTION> Application Data [C:\Users\n1K\AppData\Roaming]
16.10.2013 22:26 <JUNCTION> Cookies [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Cookies]
16.10.2013 22:26 <JUNCTION> Local Settings [C:\Users\n1K\AppData\Local]
16.10.2013 22:26 <JUNCTION> NetHood [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16.10.2013 22:26 <JUNCTION> PrintHood [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16.10.2013 22:26 <JUNCTION> Recent [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Recent]
16.10.2013 22:26 <JUNCTION> SendTo [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\SendTo]
16.10.2013 22:26 <JUNCTION> ѓ« ў®Ґ ¬Ґо [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Start Menu]
16.10.2013 22:26 <JUNCTION> Њ®Ё ¤®Єг¬Ґвл [C:\Users\n1K\Documents]
16.10.2013 22:26 <JUNCTION> Ў«®л [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Templates]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\n1K\AppData\Local
16.10.2013 22:26 <JUNCTION> Application Data [C:\Users\n1K\AppData\Local]
16.10.2013 22:26 <JUNCTION> History [C:\Users\n1K\AppData\Local\Microsoft\Windows\History]
16.10.2013 22:26 <JUNCTION> Temporary Internet Files [C:\Users\n1K\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Start Menu
16.10.2013 22:26 <JUNCTION> Џа®Ја ¬¬л [C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\n1K\Documents
16.10.2013 22:26 <JUNCTION> Њ®Ё ўЁ¤Ґ®§ ЇЁбЁ [C:\Users\n1K\Videos]
16.10.2013 22:26 <JUNCTION> Њ®Ё аЁбгЄЁ [C:\Users\n1K\Pictures]
16.10.2013 22:26 <JUNCTION> Њ®п ¬г§лЄ [C:\Users\n1K\Music]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\Public\Documents
14.07.2009 08:08 <JUNCTION> My Music [C:\Users\Public\Music]
14.07.2009 08:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14.07.2009 08:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
16.10.2013 22:25 <JUNCTION> Њ®Ё ўЁ¤Ґ®§ ЇЁбЁ [C:\Users\Public\Videos]
16.10.2013 22:25 <JUNCTION> Њ®Ё аЁбгЄЁ [C:\Users\Public\Pictures]
16.10.2013 22:25 <JUNCTION> Њ®п ¬г§лЄ [C:\Users\Public\Music]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\‚бҐ Ї®«м§®ў вҐ«Ё
14.07.2009 08:08 <JUNCTION> Application Data [C:\ProgramData]
14.07.2009 08:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14.07.2009 08:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14.07.2009 08:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14.07.2009 08:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 08:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
16.10.2013 22:25 <JUNCTION> ѓ« ў®Ґ ¬Ґо [C:\ProgramData\Microsoft\Windows\Start Menu]
16.10.2013 22:25 <JUNCTION> „®Єг¬Ґвл [C:\Users\Public\Documents]
16.10.2013 22:25 <JUNCTION> €§Ўа ®Ґ [C:\Users\Public\Favorites]
16.10.2013 22:25 <JUNCTION> ђ Ў®зЁ© бв®« [C:\Users\Public\Desktop]
16.10.2013 22:25 <JUNCTION> Ў«®л [C:\ProgramData\Microsoft\Windows\Templates]
0 д ©«®ў 0 Ў ©в
‘®¤Ґа¦Ё¬®Ґ Ї ЇЄЁ C:\Users\‚бҐ Ї®«м§®ў вҐ«Ё\Microsoft\Windows\Start Menu
16.10.2013 22:25 <JUNCTION> Џа®Ја ¬¬л [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 д ©«®ў 0 Ў ©в
‚бҐЈ® д ©«®ў:
0 д ©«®ў 0 Ў ©в
87 Ї Ї®Є 171я222я667я264 Ў ©в бў®Ў®¤®

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >

New Extras

OTL Extras logfile created on: 05.05.2014 0:25:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop\Programs\Cure
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000422 | Country: Україна | Language: UKR | Date Format: dd.MM.yyyy

5,91 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 47,26% Memory free
11,82 Gb Paging File | 8,26 Gb Available in Paging File | 69,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,49 Gb Total Space | 159,46 Gb Free Space | 53,24% Space Free | Partition Type: NTFS
Drive D: | 151,80 Gb Total Space | 8,18 Gb Free Space | 5,39% Space Free | Partition Type: NTFS

Computer Name: MYCOMP | User Name: n1K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 7.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\7.0\ACDSeeQVPro7.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 7.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\7.0\ACDSeeQVPro7.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061EAB48-186B-4E65-9244-ADD714277066}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0720D92B-2A7C-4002-B928-2104B0CC3512}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{11575B1C-B6F2-4679-92AD-0090C12739A7}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{132F189B-381D-4B22-A223-1E682BDBBFB1}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{13DBD746-F908-4922-B238-0B8E99A1493A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1F7D6111-98BA-4DE0-B36B-6D1C0671CEEF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{28E4E43B-D622-46F5-8B25-6FB1017EFBB7}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{29D0149F-ABF6-47EB-83C1-282BF8D8F05A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2E2922DE-2428-4840-A354-883ADFE49460}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2FC35CCD-A043-4F57-85AB-265E5E36DE64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{3B873F02-7A02-4832-8306-7D4F889036BE}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{5DDED5A5-B90B-48FB-AE84-AEA5898B8493}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{6376B6A5-27A5-4B85-BB1D-D95AF0EBF095}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7FABDEB1-F9BB-41BB-9C26-C56FCC12034E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{87754409-60A2-467E-9943-EBF16ED7BC6F}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{92E6B269-1283-4C85-84D1-D3FF77E0AAED}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{964DD734-33E7-4F0C-9C44-7BB10E543D36}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{AED0B1F7-3428-4547-A3EB-927F9A1C3A77}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{B47428B2-AA4A-4647-A01C-0F8327B6E8F5}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{B5204E1E-3EDD-44BC-B056-DD2B327D8C3F}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B79B2C72-36DA-4DFB-BA0D-B9F3F32AAF9E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{CEA15695-629F-4BD6-B0FB-DF18A16AF396}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{D32766A9-FC17-41B5-B6AC-7F5E971FBFEE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DB261D62-9A3A-4072-B962-29F3B2535509}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F1CA08D7-42FB-49FF-96CD-A27E3E78DFA6}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F6B288C7-019D-4AC1-9BAD-A88CBEFC271A}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{FFF676DB-9FBF-4158-887A-78ACE521DB5A}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\devenv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037C507B-4627-4A55-8CBF-0BDA072E156E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{104E3DE6-7288-4481-BBAA-086E7D905C53}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{14954A20-498A-4EE6-8F63-A2F5809CCBC4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{16FFC75A-485B-495C-9F1A-CA4845F048B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1BCB9C25-48B5-45C3-9136-43EE864097BC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C7FCF22-FAFB-4096-B0C2-37AF56509C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2C8DC387-6650-40B0-B20E-0E39C733D8B2}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{349B3C65-2AE4-44B0-9793-73E2FF569D8D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3CF2C665-EAA2-4BB9-A64D-B78EE54D259E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{44065363-DD24-4FAB-8F2D-EEF7F72CECA3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{462FC4C7-88E2-4193-ADD1-C46EB9DB5E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4676B3B2-D165-412A-A697-7DE9FF2FEE4A}" = protocol=6 | dir=in | app=c:\users\n1k\appdata\local\mediaget2\mediaget.exe |
"{5F1653DB-2EFC-4DE1-93D2-8FCA685236BE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{618AEF7D-3B94-434F-9535-12514FF75986}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{62EB6127-F7AD-479C-B598-B5674CF471B0}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{69D74C54-1E69-452D-95A8-9A349FC59487}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{711D34D5-67F0-4CEF-87B0-322D32CAD964}" = protocol=58 | dir=in | app=system |
"{7B18A76D-21A2-4274-A796-BDA6EB930165}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{7B8E3DF9-6C51-490D-9056-52E4154D5A8E}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{8C8F6FD2-A813-42E5-945C-05A654D9AF6D}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{8DF0B514-2941-4D3C-878B-7917E5C2A7CA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{91E60C4E-1BCB-4917-8C05-2F54B23666F9}" = protocol=58 | dir=out | [email protected],-503 |
"{98360929-A7F5-4F86-A0E1-723D9214652C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{99EEE13F-07F1-4C61-A97C-A6E892559D1B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C1CA6300-BA81-4B93-BCF9-5208F8F4458E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C5B7E875-178F-4800-B3EE-8C4A6C0F838D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF02F5C0-76F5-478D-850A-2BBD5AFAF71E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D96A6FE1-E721-4409-A736-3DE90A9422FE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{DA2C2622-3BA7-4F86-B195-76073C2DA0F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E0A8B0AF-13F7-4D90-940B-563B738A8054}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E0AF0F95-3620-4A8E-88D3-08CE7E7A0446}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E5BA4EF3-3DEE-46E0-B4C2-C779E5C68CCA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E6B73EEA-CBED-4DC3-B79D-81E942911B7A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA4B7A29-5590-4FA0-AE17-0FFB742ECE7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FF54437B-029E-4D7B-838B-02A5ECDBF5F2}" = protocol=17 | dir=in | app=c:\users\n1k\appdata\local\mediaget2\mediaget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B6BDD27-3097-4FE1-BDE6-1D5EC7399563}" = Visual Studio 2013 Prerequisites
"{0FE0E59E-0814-4ECA-9982-26626EEFBBAA}" = Системные типы Microsoft SQL Server System CLR Types (x64)
"{145AAC9D-28E7-4158-A953-72769EC93948}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1D2CEC61-C3F0-C27E-7280-F9D6B10378BE}" = Windows App Certification Kit Native Components
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E4064EE-26B4-341E-9208-72859FCDE1DA}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64)
"{1EF1FB94-20B7-4CC5-9529-1B53D25010B6}" = Visual Studio 2013 Prerequisites - RUS Language Pack
"{1F4004F7-3BC0-3ABC-86F6-7A125D11F98B}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64)
"{2044FC4C-4EA3-4113-BC1E-962DF568D201}" = JavaScript Tooling
"{23F8B360-3E60-3B05-8330-19FD4F9F4525}" = Microsoft .NET Framework 4.5.1 (RUS)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{3674F088-9B90-473A-AAC3-20A00D8D810C}" = Microsoft Web Deploy 3.5
"{37D0157F-45C6-4DB2-9AE5-489DD98CE169}" = iTunes
"{3D007365-90A4-4925-B6AE-133E3F66165D}" = Microsoft Visual Studio 2013 IntelliTraceLoc
"{43EBA222-8DF7-11E1-862B-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{49F6DFDE-8DF7-11E1-9E5F-F04DA23A5C58}" = MSVCRT Redists
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51AFA61B-AD01-4317-8AB2-5E512F3F80D7}" = Microsoft SQL Server 2012 Native Client
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{5D4935CE-C316-3A13-8609-53700F2EA4A4}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - RUS
"{65C91666-C3E8-3A42-BDA8-87932DD34F89}" = Microsoft Team Foundation Server 2013 Object Model (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{7CBBEE56-EEF2-462D-B1CE-EACDBBF6457E}" = Oracle VM VirtualBox 4.3.0
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{863418CA-620E-440B-B7FB-E7E9EF819843}" = Magic Bullet Suite 64-bit
"{8C14CEED-6DBB-3B78-BFB0-43B918935C60}" = Языковой пакет инструментов разработчика Microsoft Office 2013 для Microsoft Visual Studio (x64) - RUS
"{90140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0419-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2010
"{90140000-0016-0419-1000-0000000FF1CE}_Office14.STANDARD_{066235FC-DAF7-4CBE-A528-2F0B0503CD87}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0419-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2010
"{90140000-0018-0419-1000-0000000FF1CE}_Office14.STANDARD_{066235FC-DAF7-4CBE-A528-2F0B0503CD87}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0419-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2010
"{90140000-0019-0419-1000-0000000FF1CE}_Office14.STANDARD_{066235FC-DAF7-4CBE-A528-2F0B0503CD87}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0419-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2010
"{90140000-001A-0419-1000-0000000FF1CE}_Office14.STANDARD_{066235FC-DAF7-4CBE-A528-2F0B0503CD87}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0419-1000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2010
"{90140000-001B-0419-1000-0000000FF1CE}_Office14.STANDARD_{066235FC-DAF7-4CBE-A528-2F0B0503CD87}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.STANDARD_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARD_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-1000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}_Office14.STANDARD_{0441704C-1789-4294-8DA5-7C85D54EDB3E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-1000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-1000-0000000FF1CE}_Office14.STANDARD_{532AA5EF-AB2A-47E5-A704-A1D1428EAE1E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0419-1000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2010
"{90140000-002C-0419-1000-0000000FF1CE}_Office14.STANDARD_{DC433EFF-4144-4535-92B0-E377FBBA5B28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0419-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Russian) 2010
"{90140000-0043-0419-1000-0000000FF1CE}_Office14.STANDARD_{504CA73A-D815-4B26-A24C-740C79ED2CAE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0419-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2010
"{90140000-006E-0419-1000-0000000FF1CE}_Office14.STANDARD_{B567BA5B-8D64-4C42-8E82-1A52EA8B9D7A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0419-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2010
"{90140000-00A1-0419-1000-0000000FF1CE}_Office14.STANDARD_{066235FC-DAF7-4CBE-A528-2F0B0503CD87}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049" = Microsoft .NET Framework 4.5.1 (Русский)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{94BEF1F6-D614-4B4D-AC8E-97D26B0A2B07}" = Microsoft System CLR Types для SQL Server 2012 (x64)
"{95150001-1163-0409-1000-0000000FF1CE}" = SharePoint Client Components
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
"{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1" = iMacros Version 10.0.0.2738 (x64)
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{9F8CC7EC-388B-43B1-97BC-2EBDB47C776D}" = Средства сбора данных о производительности Microsoft Visual Studio 2013 - RUS
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF5B65A0-B8FE-47A4-9BB6-C9DC3AE0BF62}" = Microsoft SQL Server 2012 Data-Tier App Framework (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Панель управления NVIDIA 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Графический драйвер 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Системное программное обеспечение PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Обновления NVIDIA 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B47797F6-4C28-3F32-83DC-2784335CA487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B50B367A-AFE1-489D-87E7-6CCCD96049A3}" = Microsoft Visual Studio 2013 IntelliTrace Core amd64
"{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel® PROSet/Wireless WiFi Software
"{BCB88708-07FD-3963-B8BA-742940F2DD6C}" = Языковой пакет для раскадровки Microsoft Visual Studio Team Foundation Server 2013 (x64) - RUS
"{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
"{C8268B3A-4205-3297-AB09-9BF8CEE358A0}" = Microsoft Visual C++ 2013 x64 Designtime - 12.0.21005
"{D2553265-3190-425E-B22C-2001496BF4A9}" = Microsoft SQL Server 2012 Management Objects (x64)
"{D2A6EC54-CB46-49E4-A6FC-A9179F9D9D12}" = ACDSee Pro 7 (64-bit)
"{DA8D4FB7-4E8D-4660-B514-D3F5EFDFD4EF}" = Утилиты командной строки для Microsoft SQL Server 2012
"{DD879D25-A705-471C-A637-63BD8D1CAC6E}" = Средства сбора данных о производительности Microsoft Visual Studio 2013
"{E10C4125-229F-467B-B250-B02C443D2A29}" = Microsoft SQL Server Compact 4.0 SP1 x64 RUS
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E5500576-5330-4D00-B9C2-60B02533F862}" = Microsoft SQL Server 2012 Express LocalDB
"{E76C2ACB-1E5C-3EB0-9368-1B5E3C301D5B}" = Языковые ресурсы средств сборки - amd64
"{E799873D-0D0A-4D24-A805-9DD53BF97D3E}" = Workflow Manager Tools 1.0 for Visual Studio
"{E7FCB150-C5B7-4A82-8B81-5FECFA0406E8}" = Workflow Manager Client 1.0
"{F17662A3-4569-4A61-ABD4-E51B632D3C4D}" = Microsoft Visual Studio 2013 VsGraphics Helper Dependencies
"{F17E4000-ED91-11E2-B3BD-F04DA23A5C58}" = MSVCRT Redists
"{F527D3F1-57DF-43B5-A570-ADED61CE8C06}" = COMODO Unite
"{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}" = TOSHIBA eco Utility
"{F74753A3-C93C-34F5-A199-993CAF602B7D}" = Build Tools - amd64
"{F99F24BF-0B90-463E-9658-3FD2EFC3C992}" = Microsoft Identity Extensions
"{FA40F0A3-03DE-3BE2-94F2-33A0CDBD3246}" = Языковой пакет для объектной модели Microsoft Team Foundation Server 2013 (x64) - RUS
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Mathcad 14 Russian Pack" = Mathcad 14 Russian Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - RUS" = Языковой пакет Microsoft Visual Studio 2010 Tools для среды выполнения Office (x64) - RUS
"Office14.STANDARD" = Microsoft Office стандартный 2010
"OpenVPN" = OpenVPN 2.3.2-I003
"Process_Hacker2_is1" = Process Hacker 2.33 (r5590)
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 4.08 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TAP-Windows" = TAP-Windows 9.9.2
"Unlocker" = Unlocker 1.9.2
"WinDjView" = WinDjView 2.0.2
"WinRAR archiver" = WinRAR 5.00 (64-разрядная)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0099B899-7894-3B1D-9FF3-5992F84E631F}" = Microsoft LightSwitch for Visual Studio 2013 Core
"{01db25f3-1b76-4d97-88c8-1c90634d88fb}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04B0BFB5-D0CE-3329-A2C6-4109615DE3B4}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer rus Resources
"{059054F0-64DA-493C-ABCE-69663D004B84}" = WCF Data Services 5.6.0 RUS Language Pack
"{060F4869-F79B-406E-B92C-A7C53C7598EA}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - RUS
"{0644DB41-343B-34DE-9747-15434A8754F9}" = Microsoft Visual Studio Ultimate 2013 - RUS
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06EEE072-B561-38E5-85D9-485ABCBE8342}" = Visual F# 3.1 SDK
"{0776A6DB-3520-4BA3-BE6C-754D2A400F23}" = Системные типы Microsoft SQL Server System CLR Types
"{07BD0D11-ECE3-3336-BB29-67A5BB56ECC4}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
"{08AEF86A-1956-4846-B906-B01350E96E30}" = Entity Framework Tools for Visual Studio 2013
"{097EA71A-0A26-4E57-9005-C01459D4AE44}" = Microsoft SQL Server 2012 Management Objects
"{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}" = Behaviors SDK (XAML) for Visual Studio
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++ x64 Libraries
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0F533317-9A94-4806-AB1B-EA333FB9CC89}" = JavaScript Tooling
"{10A9E62A-DE91-3D11-8326-18C37C32491C}" = Ресурсы Microsoft Visual Studio 2013 Devenv
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{145248E3-EEF4-47DD-8EC1-95D95452E72E}" = Необходимые компоненты для SSDT
"{14C8CE46-C68C-461B-BCA9-E276A85851C6}" = TuneUp Utilities 2014 (en-US)
"{150326D4-6762-450A-929B-FFAD2AD832CC}" = Пакет SDK Microsoft .NET Framework 4.5.1 (Русский)
"{157D3F5F-2A8A-443A-9EFA-82733F096747}" = PreEmptive Analytics Client Russian Language Pack
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{16A901BB-CD8E-3B48-9932-5927FB13508D}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio
"{1777CCDA-F2F2-4A77-ACF4-0B7341229BBB}" = TOSHIBA ConfigFree
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1D59DE91-7519-4CAD-9314-3A636FF5B2B6}" = WCF Data Services Tools for Microsoft Visual Studio 2013 RUS Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{213697C1-569B-42B9-A2C4-F8E951BF0DFF}" = Служба языка T-SQL Microsoft SQL Server 2012
"{21BEF2EA-A7E1-4E31-A416-6DB8EAC09980}" = Microsoft Visual C++ 2013 Compilers - RUS Resources
"{23127FE2-983D-305A-904D-89ED86D36269}" = Microsoft Visual Studio Ultimate 2013
"{2386192E-D6DB-4AD2-9564-65586A0AE53E}" = Dotfuscator and Analytics Community Edition
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{30F2491C-9410-4DB1-BE66-77B360B1F484}" = Microsoft Visual C++ x64-arm Cross Compilers
"{310C4AE2-3EA2-3E39-B0D1-3467B00C1A29}" = Microsoft LightSwitch для Visual Studio 2013 CoreRes - RUS
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{3A74E1C7-FB48-4783-B7C4-363CF560B76C}" = Microsoft System CLR Types для SQL Server 2012
"{3AE4DF39-FD8D-3F08-B77D-FBE84097C41D}" = Microsoft Visual Studio Premium 2013 - RUS
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E456233-1EA5-42ED-8556-0481BA728B41}" = Microsoft NuGet - Visual Studio 2013
"{3EA16E23-14D2-466A-8268-D7CD40DC46B6}" = Open XML SDK 2.5 for Microsoft Office
"{3F5216B1-2B4D-3CF5-A778-4F96FA198FA6}" = Пакет многоплатформенного нацеливания Microsoft .NET Framework 4.5.1 (Русский)
"{3FBFCF2C-392A-4632-9442-14C305B44D5E}" = AzureTools.Notifications
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 4.2.7
"{4345E9A5-1300-4710-919D-077BA7E6B3DA}" = Windows Azure Mobile Services SDK
"{44C4B43D-A08C-3633-8885-5AA0CF9C08FE}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - rus
"{466103FE-A4CF-455A-B490-CCA1E5C43056}" = Mathcad Civil Engineering Library
"{46910786-E4AC-41E4-A4A0-C086EA85242D}" = WCF Data Services 5.6.0 Runtime
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{492498A3-F88C-FE2F-755C-9B1B91724CA5}" = LocalESPC Dev12
"{49DDA733-958A-44D1-A8C9-AB91AB74816A}" = Microsoft .NET Framework 4.5 SDK - русский языковой пакет
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ADE40C4-4DA4-47FE-A70A-C20DA2994BE4}" = Языковой пакет для инструментов мобильных услуг Windows Azure для Visual Studio 2013 (предварительная версия) - v1.0
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{4B17EDE4-7D22-3E49-B254-D3D9DF2EF4AE}" = Visual F# 3.1 SDK Language Pack - RUS
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5339C65D-1BB2-46B9-9D41-C55D520AAA1E}" = Microsoft ASP.NET Web Pages 2 Runtime - RUS
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5481F163-B9E5-30A8-8441-4DBBB87D6AA2}" = Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries
"{56906975-AE6C-3EAA-B43F-01CD6AB11F84}" = Visual F# 3.1 VS Language Pack - RUS
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}" = WCF RIA Services V1.0 SP2
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{610EC879-C0F0-4B6B-9A98-F1D433A103D5}" = Языковой пакет Dotfuscator and Analytics Community Edition
"{61B329E8-D2DF-3464-AEEA-840109C436DF}" = Пакет многоплатформенного нацеливания Microsoft .NET Framework 4.5.1 RC для приложений Магазина Windows (Русский)
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{62952508-8C6F-4D31-9802-099FC67B41C3}_is1" = «I Am Alive» 1.01.0
"{6321F2D4-366B-3AE4-877A-8E539EC3331A}" = Visual F# 3.1 VS
"{64297226-2B81-4588-89BD-76440BC0BCFC}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU
"{6474C0AB-A8CD-3B41-A029-D8EEA594EFE8}" = Языковой пакет для инструментов разработчика Microsoft SharePoint 2013 для Visual Studio - RUS
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6AB13C21-C3EC-46E1-8009-6FD5EBEE515B}" = Microsoft Advertising SDK for Windows 8.1 - ENU
"{6D467122-559D-4ED8-BAEA-DF96BF993E54}" = Acronis True Image 2014
"{6DB52BC5-2E90-40B2-B80C-18C6B262054F}" = Microsoft Visual Studio 2013 IntelliTraceFrontEndLoc
"{6EE9E2DF-2CD7-4952-A649-95DEA8697BD8}" = Microsoft Exchange Web Services Managed API 2.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72076159-B94A-42AE-A64C-CA3855E9CB28}" = Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1
"{721C380F-E296-4118-9ACE-589E8EF86208}" = Microsoft Visual Studio 2013 Profiling Tools
"{76C52EFB-02E1-4344-91DC-15BDC97065F5}" = Tools for .Net 3.5 - RUS Lang Pack
"{776AF05B-784A-416F-B14C-31A1FBAF8B19}_is1" = Mail.Ru Cloud
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{794D38B6-C8B2-4DFC-BF1B-122233A336F3}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7E7AE728-1DFF-4E35-8AE7-147D1B06FCD0}" = Microsoft Visual C++ x64-arm Cross Compilers - RUS Resources
"{81A2CE23-4510-ED99-E4D6-7E74CC89B41B}" = LocalESPCui for ru-ru Dev12
"{834B1971-047A-3184-BE10-751A8F6D135C}" = Microsoft Visual Studio Professional 2013 - RUS
"{848F7C66-A4ED-479D-8436-342AF474C0B3}" = Подготовка Microsoft Visual Studio 2013
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{891A1A16-9018-4704-BC7D-F4380E17189C}" = Microsoft Visual C++ 2013 32bit Compilers - RUS Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE4FC9D-3D5C-3CAF-8CFD-C7E8A7B97445}" = Языковые ресурсы средств сборки - x86
"{8E8DBA63-FB38-4498-8314-55E1AD1020D7}" = Blend for Visual Studio 2013 RUS resources
"{9027FE9C-5488-30C3-AA42-7330D25BF92D}" = Microsoft Portable Library Multi-Targeting Pack
"{912FE490-D159-437A-ACB5-6E8BEC9E0752}" = Mathcad Mechanical Engineering Library
"{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}" = PreEmptive Analytics Visual Studio Components
"{97592A5E-6A50-38E0-885C-7334BA7A43D8}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package
"{976C3D92-0DEC-37A6-A870-FF4FC18CD029}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
"{979C7495-FB42-484E-92EA-7F2A59DD7718}" = Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9C593464-7F2F-37B3-89F8-7E894E3B09EA}" = Microsoft Visual Studio Professional 2013
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E673C3F-423B-458E-8EA4-9AE87C49AFC8}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools
"{9E93C038-1836-4CD4-B191-E90835A2C741}" = Платформа приложения уровня данных Microsoft SQL Server 2012
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A1D06677-1103-32DE-AA74-6EE44DCF7F81}" = Microsoft Visual C++ 2013 Extended Libraries
"{A2CCB3C1-3DF9-4E3E-8D3F-DDBBCDDB28B5}" = Microsoft C++ REST SDK for Visual Studio 2013
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++ x86 Libraries
"{A3D374E9-82E6-4BB6-BDD6-0882BC28E448}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - RUS
"{A5A16ACF-AB38-4E47-A1B0-2F43B96CB6F5}" = Microsoft SQL Server Data Tools Build Utilities - RUS (12.0.30919.1)
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A61593A2-2DD7-4B26-B845-44191C1B1047}" = Microsoft ASP.NET MVC 4 Runtime - RUS
"{A741D7B7-FF96-4438-B5E7-DB2C4F54EAA2}" = Microsoft SQL Server Data Tools - RUS (12.0.30919.1)
"{A8229A09-E570-412B-8D18-E78985673E34}" = Microsoft Visual C++ ARM Libraries
"{A90D2684-D44A-4479-AA68-55DC2C7E9738}" = Microsoft Visual C++ x64 Native Compilers - RUS Resources
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0964AF-0F95-4A72-BD29-F833A382EDC2}" = Microsoft Visual Studio 2013 IntelliTrace Core x86
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{B0A82E02-E959-3C46-AB11-D38527BC573E}" = Microsoft Visual Studio Premium 2013
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B536762B-1047-4B51-8ECF-46D5686E5416}" = Microsoft ASP.NET Web Pages 2 Runtime
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A0A174-33E0-3D42-92EA-547D318CB149}" = Microsoft Visual Studio 2013 Devenv
"{B86C786E-11A2-4CAB-BB2E-D7CD5D65D552}" = Microsoft LightSwitch v4.0 SDK
"{B98F310A-162D-343E-85FD-E86239BB1359}" = Языковой пакет для средства просмотра справки (Microsoft) 2.1 - RUS
"{BD63060C-F4C7-4E86-9C2A-4A102E7EE12C}" = Microsoft Web Developer Tools 2013 - Visual Studio 2013
"{BD72C04F-892F-48EE-A236-CC10891610D6}" = Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
"{BF3E2194-F89B-44FB-A801-464BF787599F}" = WCF Data Services Tools for Microsoft Visual Studio 2013
"{C00453B2-27AD-4858-A20D-F44E39481C7D}" = Microsoft Report Viewer Add-On for Visual Studio 2013
"{C1D0E508-ECAF-45AA-A549-1E26B9ECE0FB}" = Microsoft Visual C++ x64-x86 Cross Compilers
"{C3709735-8ADF-4718-9CB7-FBBD5BA45E2A}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - RUS
"{C6194158-B96A-4EB4-A7E9-ED894DD3B989}" = Python Tools 2.0 for Visual Studio 2013
"{C7296315-F111-40CF-873E-22EFD348606E}" = Языковой пакет для общих компонентов Windows Azure для Microsoft Visual Studio 2013 (RUS) - v1.0
"{C923E21A-4505-47A2-96CB-80A397936BF3}" = Microsoft Visual Studio 2013 IntelliTraceLoc
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CDECCD37-EBCE-4AF8-8D1C-5DF13194FEA1}" = Microsoft Advertising Service Extension for Visual Studio
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D42681AA-BC16-3C84-949E-45F05D2AA997}" = Microsoft Visual C++ 2013 Core Libraries
"{D69874BF-D864-4EB2-91C3-2EDD05A64F70}" = Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0
"{DB5600F1-DE83-46DE-B162-5FC4400EAF5B}" = Microsoft Visual C++ 2013 Compilers
"{DD48DCD4-2566-436A-A3D0-FF6526957F21}" = Microsoft Silverlight 5 SDK - RUS
"{dde2682b-961a-41ea-8d44-6005991b7947}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{DE0E8FAF-9758-4BFD-A16E-009DB4B8C912}" = Microsoft Visual C++ x64 Native Compilers
"{E10D1D9A-AD92-4DE1-BECB-7F7F41A2C51A}" = Microsoft Visual Studio 2013 IntelliTrace Front End x86
"{E5C75622-409C-3CB4-A3BA-A11C74A9474C}" = Языковой пакет для Microsoft Visual Studio 2013 Team Explorer - RUS
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EA0FF7A2-5E20-3E14-E947-767CA31D92DA}" = Windows Runtime Intellisense Content - ru-ru
"{EB25848D-AADC-40D7-914E-CB2E25AB5E59}" = Microsoft ASP.NET MVC 4 Runtime
"{EB37C117-9C83-4696-A493-8AFBAC8F9FFC}" = JavaScript Tooling
"{EB430FD1-CA80-4304-B9F9-A399415C7494}" = Надстройка Microsoft Report Viewer для Visual Studio 2013
"{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}" = Blend for Visual Studio 2013
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{ECED71A2-7C17-4B72-B7B2-7685E9E5B004}" = Microsoft Visual C++ x64-x86 Cross Compilers - RUS Resources
"{F0AEFE22-1994-486F-9EDB-BD514AEA14CF}" = Microsoft Web Developer Tools 2013 - Visual Studio 2013 - rus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F28B9906-9737-33FA-B2A7-1AF88486A873}" = Ресурсы оболочки Microsoft Visual Studio 2013 Shell (минимальной)
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F395FD4F-40E5-7B56-2BCB-B3CF52B3B52C}" = Windows App Certification Kit x64
"{F7054166-A06F-4EEF-9C80-93D2A6ECA5F8}" = Mathcad Electrical Engineering Library
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{f92a934b-f266-45a9-b496-4860623abdbf}" = Microsoft Visual Studio Ultimate 2013
"{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}" = Build Tools - x86
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FD45E692-15B5-43A7-9104-43672F00417C}" = Microsoft ASP.NET MVC 4 - Visual Studio 2013 - RUS
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" = TuneUp Utilities 2014
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FF39514D-E2EB-40BA-A23F-C83B8E0ED110}" = Visual Studio Extensions for Windows Library for JavaScript
"{FF6FA0EE-1778-47F1-A3A5-0897BB40E55A}" = Инструменты Windows Azure для LightSwitch для Visual Studio 2013 - $(var.OOBPublishVersion) (RUS)
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"AIDA64 Extreme_is1" = AIDA64 Extreme v4.20
"AIMP3" = AIMP3
"AusLogics BoostSpeed" = AusLogics BoostSpeed
"Avira AntiVir Desktop" = Avira Internet Security
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.1
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{863418CA-620E-440B-B7FB-E7E9EF819843}" = Magic Bullet Suite 64-bit
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware, версия 2.0.1.1004
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Mozilla Firefox 28.0 (x86 ru)" = Mozilla Firefox 28.0 (x86 ru)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed. Rivals_is1" = Need for Speed. Rivals, версия 1.0
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"Origin" = Origin
"RaidCall" = RaidCall
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"R-Studio" = R-Studio
"S.M.A.R.T. Vision 4.1" = S.M.A.R.T. Vision 4.1
"Security Task Manager" = Security Task Manager 1.8g
"SMAC 2.7" = SMAC 2.7
"Stardock WindowBlinds" = Stardock WindowBlinds
"Steam" = Steam
"Steam App 570" = Dota 2
"TeamViewer 9" = TeamViewer 9
"TuneUp Utilities" = TuneUp Utilities 2014
"VMware_Player" = VMware Player
"Warkeys" = Warkeys 1.21.0.0b
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.10.6 (64-bit)
"Your Uninstaller! PRO" = Your Uninstaller! PRO
"Языковой пакет для средства просмотра справки (Microsoft) 2.1 - RUS" = Языковой пакет для средства просмотра справки (Microsoft) 2.1 - RUS

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.05.2014 21:09:19 | Computer Name = mycomp | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
Description =

Error - 04.05.2014 6:52:47 | Computer Name = mycomp | Source = NvStreamSvc | ID = 131073
Description =

Error - 04.05.2014 6:52:47 | Computer Name = mycomp | Source = NvStreamSvc | ID = 131073
Description =

Error - 04.05.2014 6:52:50 | Computer Name = mycomp | Source = WinMgmt | ID = 10
Description =

Error - 04.05.2014 12:01:29 | Computer Name = mycomp | Source = WinMgmt | ID = 10
Description =

Error - 04.05.2014 12:01:32 | Computer Name = mycomp | Source = NvStreamSvc | ID = 131073
Description =

Error - 04.05.2014 12:01:32 | Computer Name = mycomp | Source = NvStreamSvc | ID = 131073
Description =

Error - 04.05.2014 14:35:51 | Computer Name = mycomp | Source = SideBySide | ID = 16842785
Description = Ошибка при создании контекста активации для "C:\Program Files\Autodesk\AutoCAD
2011\FaroImporter.exe". Не найдена зависимая сборка "FARO.LS,processorArchitecture="x86",publicKeyToken="1d23f5635ba800ab",type="win32",version="1.1.406.58"".
Используйте
sxstrace.exe для подробной диагностики.

Error - 04.05.2014 17:00:56 | Computer Name = mycomp | Source = SideBySide | ID = 16842832
Description = Ошибка создания контекста архивации для "D:\Desktop\Programs\Cure\esetsmartinstaller_enu.exe".
Ошибка в файле манифеста или политики "" в строке . Версия компонента, требуемая
для приложения, конфликтует с другой, уже активной версией. Конфликтующие компоненты:
Компонент
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Компонент
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 04.05.2014 17:14:28 | Computer Name = mycomp | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте
"Системный модуль записи". Details: TraverseDir : Unable to push subdirectory. System
Error: Неопознанная ошибка .

[ System Events ]
Error - 26.04.2014 21:12:38 | Computer Name = mycomp | Source = cdrom | ID = 262155
Description = Драйвер обнаружил ошибку контроллера \Device\CdRom0.

Error - 26.04.2014 21:12:38 | Computer Name = mycomp | Source = cdrom | ID = 262155
Description = Драйвер обнаружил ошибку контроллера \Device\CdRom0.

Error - 27.04.2014 10:34:36 | Computer Name = mycomp | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Проверка тома с шифрованием: не удается прочитать информацию о томе
.

Error - 28.04.2014 2:15:45 | Computer Name = mycomp | Source = bowser | ID = 8003
Description =

Error - 28.04.2014 2:51:53 | Computer Name = mycomp | Source = NetBT | ID = 4321
Description = Имя "WORKGROUP :1d" не удалось зарегистрировать на интерфейсе
с IP-адресом 10.18.173.145. Компьютер с IP-адресом 10.18.173.64 не разрешил использовать
имя, запрошенное этим компьютером.

Error - 28.04.2014 3:09:57 | Computer Name = mycomp | Source = BROWSER | ID = 8020
Description =

Error - 30.04.2014 2:47:39 | Computer Name = mycomp | Source = Service Control Manager | ID = 7011
Description = Превышение времени ожидания (30000 мс) при ожидании ответа транзакции
от службы "afcdpsrv".

Error - 01.05.2014 17:52:35 | Computer Name = mycomp | Source = Service Control Manager | ID = 7000
Description = Сбой при запуске службы "TuneUp Theme Extension" из-за ошибки %%1083

Error - 01.05.2014 19:21:14 | Computer Name = mycomp | Source = DCOM | ID = 10010
Description =

Error - 03.05.2014 15:10:23 | Computer Name = mycomp | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = При попытке чтения файла локальных узлов произошла ошибка.

< End of report >

some infos are in Russian, tell me if i need to redone log in english (cuz i dont know how) or translate them, thank you...

#8
Machiavelli

Posted 04 May 2014 - 11:18 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey,
there are still some things to do.

Step 1: Side Bar Advice

In your logs I see that Windows SideBar is running! At the moment Windows SideBar has a security vulnerability and so I recommend you to disable it for a while. More information is here so far I noticed.

To disable Windows SideBar please follow the instructions below:

Download the FixIt from here to your Desktop
Double click on MicrosoftFixit50906.msi and follow the prompts to disable Windows SideBar and gadgets. Once finished, reboot your computer if not advised to do so.

Step 2: Registry Cleaner Warning

You have following Registry Cleaners installed: TuneUp

These programs are called Registry Cleaners. This kind of programs aren't good for your PC! A registry cleaner will not increase your system's speed or performance and can damage your Registry, which lead to an unbootable PC. At Geeks to Go we strongly advise that users don't use this kind of sketchy programs.

Here is some reading stuff for you:

Registry Junk: A Windows Fact of Life

Step 3: OTL Fix

Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnLvn: C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll File not found
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnRdp: C:\Program Files\COMODO\Unite\NpRdpView.dll File not found
FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnVnc: C:\Program Files\COMODO\Unite\NpVncView.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O7 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\Shell - "" = AutoRun
O33 - MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\Shell - "" = AutoRun
O33 - MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\Shell\AutoRun\command - "" = G:\Launcher.exe
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:1CE11B51

:Commands
[RESETHOSTS]
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, post the Fixlog into your next reply.

Step 4: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
Click Scan and let the scan run.
When it finishes, click Clean, following the on screen prompts
After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Step 5: JRT

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 6: OTL Scan

Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
Click Quick Scan to start OTL.
When OTL finishes scanning, a logs, OTL.txt will open.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Step 7: Question

How is your PC running?

#9
n1K.

Posted 05 May 2014 - 10:56 AM

New Member

Topic Starter
Member
8 posts

Step 1: Side Bar Advice

Completed.

Step 2: Registry Cleaner Warning

Thank you for information. I read about Registry Cleaners and from now i'll be more careful with them.

But, i have installed TuneUp Utilities not only for Registry Cleaner, those Utilities really speeded up my PC, i checked PCs performance with them and without them many times.

Step 3: OTL Fix

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

Prefs.js: "" removed from network.proxy.no_proxies_on

Prefs.js: 0 removed from network.proxy.type

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@comodo.com/EasyvpnLvn\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@comodo.com/EasyvpnRdp\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@comodo.com/EasyvpnVnc\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1840229726-3532094159-670291700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a58427e-b4ca-11e3-abe4-c47cd8fdf2b6}\ not found.

File G:\Launcher.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2582e0c1-37b1-11e3-ade6-1c75087bee81}\ not found.

File G:\Launcher.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54956448-4129-11e3-aa43-1c75087bee81}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54956448-4129-11e3-aa43-1c75087bee81}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54956448-4129-11e3-aa43-1c75087bee81}\ not found.

File G:\Launcher.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8043052f-609b-11e3-b0c9-1c75087bee81}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8043052f-609b-11e3-b0c9-1c75087bee81}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8043052f-609b-11e3-b0c9-1c75087bee81}\ not found.

File G:\Launcher.exe not found.

ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.

========== COMMANDS ==========

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: n1K

->Temp folder emptied: 35985736 bytes

->Temporary Internet Files folder emptied: 4400280 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 23385423 bytes

->Google Chrome cache emptied: 368678501 bytes

->Flash cache emptied: 1149 bytes

User: Public

User: Все пользователи

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 26830 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 67503515 bytes

Total Files Cleaned = 477,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05052014_172611

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

C:\Users\n1K\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\n1K\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\vmware-система\vmauthd.log scheduled to be moved on reboot.

C:\Windows\temp\vmware-система\vmware-usbarb-3348.log moved successfully.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Step 4: Adwarecleaner

Sorry, some Infos are again in Russian language, tell me if i need to redone them in english and how to do so...

# AdwCleaner v3.207 - Отчёт создан 05/05/2014 at 17:39:46

# Обновлено 05/05/2014 by Xplode

# Операционная система : Windows 7 Ultimate Service Pack 1 (64 bits)

# Имя пользователя : n1K - MYCOMP

# Запущено из : D:\Desktop\AdwCleaner.exe

# Настройки : Очистить

***** [ Службы ] *****

***** [ Файлы / Папки ] *****

Папка Удалена : C:\ProgramData\Media Get LLC

Папка Удалена : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru

Папка Удалена : C:\Users\n1K\AppData\Local\Media Get LLC

Папка Удалена : C:\Users\n1K\AppData\Local\MediaGet2

Папка Удалена : C:\Users\n1K\AppData\Roaming\Media Get LLC

Папка Удалена : C:\Users\n1K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2

Папка Удалена : C:\Users\n1K\AppData\Local\Software

Файл Удалена : C:\Users\n1K\AppData\Roaming\Mozilla\Firefox\Profiles\ilyzy6le.default\user.js

***** [ Ярлыки ] *****

***** [ Реестр ] *****

Ключ Удалён : HKCU\Software\Media Get LLC

Ключ Удалён : HKCU\Software\MediaGet

***** [ Браузеры ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (ru)

[ Файл : C:\Users\n1K\AppData\Roaming\Mozilla\Firefox\Profiles\ilyzy6le.default\prefs.js ]

-\\ Google Chrome v33.0.1750.154

[ Файл : C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Удалён [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [1667 octets] - [05/05/2014 17:31:28]

AdwCleaner[S0].txt - [1486 octets] - [05/05/2014 17:39:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1546 octets] ##########

Step 5: JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by n1K on 05.05.2014 at 19:15:27,09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 05.05.2014 at 19:23:59,06

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 6: OTL Scan

OTL logfile created on: 05.05.2014 19:33:48 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop\Programs\Cure

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000422 | Country: Україна | Language: UKR | Date Format: dd.MM.yyyy

5,91 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 45,05% Memory free

11,82 Gb Paging File | 7,93 Gb Available in Paging File | 67,09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 299,49 Gb Total Space | 157,77 Gb Free Space | 52,68% Space Free | Partition Type: NTFS

Drive D: | 151,80 Gb Total Space | 8,23 Gb Free Space | 5,42% Space Free | Partition Type: NTFS

Computer Name: MYCOMP | User Name: n1K | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.04.29 13:09:08 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2014.04.29 13:08:42 | 001,040,464 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2014.04.29 13:08:33 | 000,737,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2014.04.29 13:08:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2014.04.29 13:08:32 | 001,044,048 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

PRC - [2014.04.16 23:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\Programs\Cure\OTL.exe

PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014.03.28 21:57:29 | 001,702,856 | ---- | M] (AIMP DevTeam) -- C:\Program Files (x86)\AIMP3\AIMP3.exe

PRC - [2014.03.15 03:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013.12.10 05:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

PRC - [2013.12.10 05:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

PRC - [2013.11.08 23:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

PRC - [2013.10.21 01:15:27 | 003,886,072 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2013.10.18 13:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2013.10.18 13:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2013.10.18 12:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

PRC - [2013.05.09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2013.01.10 14:12:22 | 001,105,656 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

PRC - [2010.02.24 01:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

PRC - [2009.12.25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

PRC - [2009.07.21 11:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe

========== Modules (No Company Name) ==========

MOD - [2014.03.28 21:57:29 | 001,733,120 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll

MOD - [2014.03.28 21:57:29 | 000,505,344 | ---- | M] () -- C:\Program Files (x86)\AIMP3\sqlite3.dll

MOD - [2014.03.28 21:57:29 | 000,294,400 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll

MOD - [2014.03.28 21:57:29 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll

MOD - [2014.03.28 21:57:29 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Modules\MACDll.dll

MOD - [2014.03.28 21:57:29 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\AIMP3\libsoxr.dll

MOD - [2014.03.28 21:57:29 | 000,141,768 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll

MOD - [2014.03.28 21:57:29 | 000,072,136 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll

MOD - [2014.03.28 21:57:29 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp

MOD - [2014.03.15 03:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

MOD - [2014.03.15 03:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll

MOD - [2014.03.15 03:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

MOD - [2014.03.15 03:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll

MOD - [2014.03.15 03:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll

MOD - [2014.03.15 03:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

MOD - [2014.03.15 03:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

MOD - [2013.12.19 23:33:31 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

MOD - [2013.01.10 13:43:34 | 000,014,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014.04.15 16:59:16 | 000,043,320 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2014.03.06 11:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014.01.17 22:01:08 | 000,187,592 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2013.12.10 05:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)

SRV:64bit: - [2013.10.21 10:40:16 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2013.10.05 00:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)

SRV:64bit: - [2013.08.22 16:25:08 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV:64bit: - [2013.05.27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2013.02.13 12:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®

SRV:64bit: - [2013.02.13 12:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2012.02.28 19:00:32 | 000,342,464 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2010.02.03 02:03:05 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)

SRV:64bit: - [2010.01.19 17:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010.01.19 17:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010.01.19 17:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009.11.05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009.10.21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2014.04.29 19:54:14 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014.04.29 13:09:08 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2014.04.29 13:08:42 | 001,040,464 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2014.04.29 13:08:35 | 000,800,848 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2014.04.29 13:08:33 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2014.04.29 13:08:32 | 001,044,048 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)

SRV - [2014.04.15 16:59:20 | 002,140,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2014.04.15 16:59:16 | 000,036,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014.03.29 23:40:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014.03.20 13:32:50 | 004,971,840 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)

SRV - [2014.02.26 00:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.12.10 05:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)

SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013.10.21 01:15:27 | 003,886,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2013.10.18 13:45:50 | 000,437,328 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2013.10.18 13:45:46 | 000,358,480 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2013.10.18 12:52:30 | 000,086,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2013.10.09 09:04:16 | 000,905,272 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013.09.02 19:22:28 | 009,742,888 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)

SRV - [2013.08.22 05:21:36 | 000,119,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)

SRV - [2013.08.22 04:55:00 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)

SRV - [2013.08.21 18:18:08 | 001,144,704 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2013.08.09 16:26:10 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013.05.16 18:13:25 | 000,089,600 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe -- (WindowBlinds)

SRV - [2013.05.09 04:23:40 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2013.03.01 04:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010.04.27 18:50:52 | 000,222,208 | ---- | M] (ACE Lab) [Disabled | Stopped] -- C:\Program Files (x86)\ACE Lab\SMART Vision\SMARTSrv.exe -- (srvSMART)

SRV - [2010.01.28 16:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

SRV - [2009.07.14 04:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)

SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.05.05 19:11:11 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014.04.29 13:08:34 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2014.04.29 13:08:33 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014.01.17 22:01:06 | 000,202,600 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV:64bit: - [2013.12.19 23:33:31 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2013.12.09 01:11:54 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2013.12.05 11:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)

DRV:64bit: - [2013.11.12 14:06:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2013.10.21 13:54:09 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2013.10.21 01:15:29 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)

DRV:64bit: - [2013.10.21 01:15:24 | 001,464,096 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)

DRV:64bit: - [2013.10.21 01:15:23 | 000,183,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)

DRV:64bit: - [2013.10.21 01:15:22 | 001,120,032 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)

DRV:64bit: - [2013.10.21 01:15:11 | 000,161,568 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)

DRV:64bit: - [2013.10.21 01:15:03 | 000,117,024 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)

DRV:64bit: - [2013.10.21 01:15:01 | 000,269,600 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2013.10.21 01:14:57 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)

DRV:64bit: - [2013.10.18 13:46:18 | 000,064,080 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2013.10.18 13:45:12 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2013.10.18 13:44:58 | 000,046,160 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2013.10.18 13:44:58 | 000,020,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2013.10.18 13:44:54 | 000,032,848 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2013.10.15 12:38:24 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2013.10.09 09:04:06 | 000,053,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2013.10.09 09:03:42 | 000,038,456 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2013.10.08 19:21:10 | 000,073,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2013.10.08 19:21:06 | 000,085,584 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2013.08.22 14:42:06 | 000,528,112 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2013.08.22 14:42:06 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2013.07.25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2013.07.01 13:51:36 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2013.06.27 08:07:42 | 005,361,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2013.05.09 04:23:38 | 000,099,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)

DRV:64bit: - [2013.03.01 04:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2013.01.22 11:53:13 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)

DRV:64bit: - [2013.01.22 11:53:05 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)

DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011.10.25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011.04.14 12:01:46 | 000,020,888 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdatp.sys -- (ATP)

DRV:64bit: - [2010.11.21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.11.21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010.11.21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010.11.21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010.11.21 06:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 06:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.21 06:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.08.03 17:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)

DRV:64bit: - [2010.07.01 20:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV:64bit: - [2010.06.11 05:47:08 | 000,154,240 | ---- | M] (WeTelecom Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wmdusbser.sys -- (wmdusbser)

DRV:64bit: - [2010.05.18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2010.04.09 15:49:20 | 000,330,856 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.01.13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)

DRV:64bit: - [2009.06.29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008.04.29 01:56:40 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)

DRV:64bit: - [2008.04.29 01:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2008.04.25 09:16:30 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)

DRV - [2014.02.10 12:06:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 7C 05 28 AD CA CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.8.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.type: ""

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\n1K\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

[2014.02.06 10:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Extensions

[2014.02.06 10:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Extensions\net.openvpn.client

[2014.04.27 13:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\Firefox\Profiles\ilyzy6le.default\extensions

[2014.04.02 01:26:40 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\n1K\AppData\Roaming\mozilla\Firefox\Profiles\ilyzy6le.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2014.04.27 13:47:04 | 000,124,721 | ---- | M] () (No name found) -- C:\Users\n1K\AppData\Roaming\mozilla\firefox\profiles\ilyzy6le.default\extensions\[email protected]

[2013.11.23 23:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014.03.29 23:40:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

CHR - plugin: iMacros Plugin (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npiopus.dll

CHR - plugin: iMacros Scripting Interface (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npsi.dll

CHR - plugin: iMacros Image Recognition Plugin (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0\npimr.dll

CHR - plugin: РЈРґР°Р»РµРЅРЅС‹Р№ СЂР°Р±РѕС‡РёР№ СЃС‚РѕР» Chrome (Enabled) = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\32.0.1700.98_0\remoting_host_plugin.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Raidcall plugin (Enabled) = C:\Users\n1K\AppData\Roaming\raidcall\plugins\nprcplugin.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

CHR - Extension: Magic Actions for YouTubeв„ў = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.6_0\

CHR - Extension: Р”РѕРєСѓРјРµРЅС‚С‹ Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Р”РёСЃРє Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\

CHR - Extension: Dota 2 Stream Browser = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhfhjlfbaehncgjfnleejhehimhleip\1.2.0.6_0\

CHR - Extension: РџРѕРёСЃРє Google = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Tampermonkey = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.7.13_0\

CHR - Extension: РЈРґР°Р»РµРЅРЅС‹Р№ СЂР°Р±РѕС‡РёР№ СЃС‚РѕР» Chrome = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.37_0\

CHR - Extension: VkOpt = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoboppgpbgclpfnjfdidokiilachfcbb\2.2.1.3_0\

CHR - Extension: SaveFrom.net РїРѕРјРѕС‰РЅРёРє = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpljndcmbeikfnlflcggaipgnhiedbl\2.41_0\

CHR - Extension: DotA 2 Match Ticker = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nejdjlaibiicicciokonbbkecjleilon\1.6.3_0\

CHR - Extension: TMS - РџРѕРёСЃРє С‚РѕСЂСЂРµРЅС‚РѕРІ, СЂР°СЃС€РёСЂРµРЅРёРµ = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcldkkokhibdmeamidppdknbhegmhdh\1.0.1_0\

CHR - Extension: Google РљРѕС€РµР»РµРє = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Modern New Tab Page = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogllliimbhgmclkgjldeffhjbhaenapo\2014.4.4_0\

CHR - Extension: Gmail = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: uCoz - Р‘РµР·РѕРїР°СЃРЅС‹Р№ РІС…РѕРґ = C:\Users\n1K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldhclmeakjgffefknnkjoeomfjeclmm\0.9.5_0\

O1 HOSTS File: ([2014.04.16 00:48:53 | 000,518,519 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost #[IPv6]

O1 - Hosts: 0.0.0.0 fr.a2dfp.net

O1 - Hosts: 0.0.0.0 m.fr.a2dfp.net

O1 - Hosts: 0.0.0.0 mfr.a2dfp.net

O1 - Hosts: 0.0.0.0 ad.a8.net

O1 - Hosts: 0.0.0.0 asy.a8ww.net

O1 - Hosts: 0.0.0.0 static.a-ads.com

O1 - Hosts: 0.0.0.0 abcstats.com

O1 - Hosts: 0.0.0.0 ad4.abradio.cz

O1 - Hosts: 0.0.0.0 a.abv.bg

O1 - Hosts: 0.0.0.0 adserver.abv.bg

O1 - Hosts: 0.0.0.0 adv.abv.bg

O1 - Hosts: 0.0.0.0 bimg.abv.bg

O1 - Hosts: 0.0.0.0 ca.abv.bg

O1 - Hosts: 0.0.0.0 www2.a-counter.kiev.ua

O1 - Hosts: 0.0.0.0 track.acclaimnetwork.com

O1 - Hosts: 0.0.0.0 accuserveadsystem.com

O1 - Hosts: 0.0.0.0 www.accuserveadsystem.com

O1 - Hosts: 0.0.0.0 achmedia.com

O1 - Hosts: 0.0.0.0 csh.actiondesk.com

O1 - Hosts: 0.0.0.0 ads.activepower.net

O1 - Hosts: 0.0.0.0 app.activetrail.com

O1 - Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 0.0.0.0 traffic.acwebconnecting.com

O1 - Hosts: 15487 more lines...

O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [Rainmeter] D:\Rainmeter\Rainmeter.exe ()

O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.160.128.3 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DABED8F0-9A64-48AD-9A75-026D04E93683}: DhcpNameServer = 213.160.128.3 192.168.0.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll) - File not found

O27:64bit: - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\cfaddgadgets.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\cfmain.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\cfprofile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\ndstray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.05.05 17:32:22 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll

[2014.05.05 17:31:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014.05.03 21:33:02 | 000,000,000 | ---D | C] -- C:\Users\n1K\AppData\Roaming\OmniCoin

[2014.05.02 00:52:37 | 000,029,496 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2014.05.02 00:52:37 | 000,025,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2014.05.02 00:52:28 | 000,043,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2014.05.02 00:52:28 | 000,036,152 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2014.04.25 23:30:29 | 000,182,464 | ---- | C] (Stardock Software, Inc) -- C:\Windows\SysNative\wbload.dll

[2014.04.25 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock

[2014.04.25 23:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock

[2014.04.25 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock

[2014.04.25 23:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock

[2014.04.24 16:21:24 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014.04.24 16:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014.04.24 16:19:59 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014.04.24 16:19:59 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014.04.24 16:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014.04.21 13:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014.04.20 18:43:46 | 000,040,760 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2014.04.20 18:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014

[2014.04.20 18:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2014

[2014.04.16 00:54:45 | 000,000,000 | ---D | C] -- C:\Users\n1K\AppData\Local\TuneUp Software

[2014.04.14 01:04:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2014.04.12 10:03:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014.04.12 01:17:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows

[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows

[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN

[2014.04.09 22:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN

========== Files - Modified Within 30 Days ==========

[2014.05.05 19:11:11 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014.05.05 18:53:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014.05.05 17:49:27 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014.05.05 17:49:27 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014.05.05 17:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014.05.05 17:41:23 | 463,491,071 | -HS- | M] () -- C:\hiberfil.sys

[2014.05.05 16:25:16 | 001,316,991 | ---- | M] () -- D:\Desktop\AdwCleaner.exe

[2014.05.05 15:03:29 | 001,658,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014.05.05 15:03:29 | 000,727,636 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat

[2014.05.05 15:03:29 | 000,657,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014.05.05 15:03:29 | 000,152,446 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat

[2014.05.05 15:03:29 | 000,123,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014.05.04 13:53:58 | 000,001,608 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2014.05.04 00:23:15 | 003,880,515 | ---- | M] () -- D:\Desktop\ebook giveaway.rar

[2014.05.03 02:39:19 | 002,177,412 | ---- | M] () -- D:\Desktop\Макс Корж - Жить в кайф.mp3

[2014.04.30 18:42:55 | 000,079,233 | ---- | M] () -- D:\Desktop\Безымяннsdfsdfый.png

[2014.04.29 13:08:34 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys

[2014.04.29 13:08:33 | 000,112,080 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2014.04.27 19:51:09 | 000,069,837 | ---- | M] () -- D:\Desktop\Снимок.JPG

[2014.04.16 14:45:35 | 000,011,488 | ---- | M] () -- D:\Desktop\xi2_F7_WD.jpg

[2014.04.16 00:48:53 | 000,518,519 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS

[2014.04.15 16:59:24 | 000,040,760 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2014.04.15 16:59:16 | 000,043,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2014.04.15 16:59:16 | 000,036,152 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2014.04.15 16:59:16 | 000,029,496 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2014.04.15 16:59:16 | 000,025,400 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2014.04.10 01:22:21 | 000,094,594 | ---- | M] () -- D:\Desktop\stock-illustration-21533572-abstract-icons-for-letter-n.psd

[2014.04.10 01:21:10 | 000,013,615 | ---- | M] () -- D:\Desktop\n2.png

[2014.04.10 01:21:10 | 000,000,132 | ---- | M] () -- C:\Users\n1K\AppData\Roaming\Adobe PNG Format CS6 Prefs

[2014.04.10 00:58:17 | 000,013,634 | ---- | M] () -- D:\Desktop\n.png

[2014.04.08 11:03:41 | 000,426,379 | ---- | M] () -- D:\Desktop\google_chrome_icon_by_auriel2k4-d4y9tjc.png

========== Files Created - No Company Name ==========

[2014.05.05 17:05:23 | 001,316,991 | ---- | C] () -- D:\Desktop\AdwCleaner.exe

[2014.05.04 00:22:37 | 003,880,515 | ---- | C] () -- D:\Desktop\ebook giveaway.rar

[2014.05.03 02:38:47 | 002,177,412 | ---- | C] () -- D:\Desktop\Макс Корж - Жить в кайф.mp3

[2014.04.30 18:42:51 | 000,079,233 | ---- | C] () -- D:\Desktop\Безымяннsdfsdfый.png

[2014.04.28 23:29:56 | 000,095,021 | ---- | C] () -- D:\Desktop\181737.rtf

[2014.04.27 13:53:23 | 000,069,837 | ---- | C] () -- D:\Desktop\Снимок.JPG

[2014.04.20 18:43:38 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk

[2014.04.16 14:45:35 | 000,011,488 | ---- | C] () -- D:\Desktop\xi2_F7_WD.jpg

[2014.04.10 01:09:56 | 000,013,615 | ---- | C] () -- D:\Desktop\n2.png

[2014.04.10 00:39:48 | 000,013,634 | ---- | C] () -- D:\Desktop\n.png

[2014.04.08 13:16:27 | 000,094,594 | ---- | C] () -- D:\Desktop\stock-illustration-21533572-abstract-icons-for-letter-n.psd

[2014.04.08 11:03:41 | 000,426,379 | ---- | C] () -- D:\Desktop\google_chrome_icon_by_auriel2k4-d4y9tjc.png

[2014.02.25 02:37:16 | 000,000,000 | -HS- | C] () -- C:\Users\n1K\AppData\Local\LumaEmu

[2013.12.04 20:47:54 | 000,000,132 | ---- | C] () -- C:\Users\n1K\AppData\Roaming\Adobe BMP Format CS6 Prefs

[2013.10.25 15:41:41 | 000,000,132 | ---- | C] () -- C:\Users\n1K\AppData\Roaming\Adobe PNG Format CS6 Prefs

[2013.10.25 01:56:25 | 000,007,606 | ---- | C] () -- C:\Users\n1K\AppData\Local\Resmon.ResmonCfg

[2013.10.21 13:47:44 | 000,166,752 | ---- | C] () -- C:\Windows\Mathcad 14 Russian Pack Uninstaller.exe

[2013.10.17 22:50:58 | 000,001,608 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2013.10.17 20:19:31 | 001,676,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013.06.27 08:07:38 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2013.06.27 07:56:12 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin

[2013.06.27 07:56:12 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

[2013.03.01 04:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2013.02.13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.10.21 01:26:00 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\ACD Systems

[2013.10.26 22:14:03 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Acronis

[2014.05.05 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\AIMP3

[2013.10.21 12:31:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Autodesk

[2013.12.13 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Bitcasa

[2013.10.21 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\DAEMON Tools Lite

[2013.10.16 23:41:16 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\driveridentifier

[2013.11.03 01:13:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\FileZilla

[2014.03.11 17:34:56 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Foxit Software

[2013.11.15 10:36:09 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mask Surf

[2013.10.20 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mathsoft

[2013.11.27 13:20:53 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Mumble

[2013.11.03 01:14:31 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Nico Mak Computing

[2014.04.26 01:23:14 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Notepad++

[2014.02.06 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\NuGet

[2014.05.04 00:11:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\OmniCoin

[2014.02.06 10:50:43 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\OpenVPN Technologies

[2013.11.22 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Origin

[2014.04.04 00:43:12 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Process Hacker 2

[2013.10.18 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Publish Providers

[2013.10.17 23:05:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\R-TT

[2013.11.27 13:29:22 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\raidcall

[2014.03.28 09:37:15 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Rainmeter

[2013.10.21 23:45:43 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Red Giant Link

[2013.12.18 20:29:26 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SanDisk

[2013.12.05 00:55:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SanDisk SecureAccess

[2013.10.22 01:32:17 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Sony

[2013.10.17 17:52:52 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\SystemRequirementsLab

[2014.03.25 00:01:14 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\TeamViewer

[2013.10.16 23:00:04 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\toshiba

[2013.10.17 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\TuneUp Software

[2013.10.17 22:22:23 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\URSoft

[2013.10.16 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\WinBatch

[2014.04.04 00:43:08 | 000,000,000 | ---D | M] -- C:\Users\n1K\AppData\Roaming\Wireshark

========== Purity Check ==========

< End of report >

Step 7: Question

i haven't seen any lags yet, but some times before i did those steps, it took me 20 seconds to open my computer shortcut....and after closing Google Chrome it caused such a huge lags that computer freezed for a while sometimes cursor is slowly moving like in a slideshow, sorry...i cant explain it more clearly

Edited by n1K., 05 May 2014 - 10:58 AM.

#10
Machiavelli

Posted 05 May 2014 - 11:09 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey,
well done so far!

Do you use MVPS Host File?

Step 1: OTL Fix

Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: ""
FF - user.js - File not found
O1364bit: - gopher Prefix: missing
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll) -  File not found

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: ESET

Please disable your AntiVirus before doing these steps!

If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
This will only work for Internet Explorer or FireFox
Please download ESET Online Scanner from here

How to do this?

Visit this website here
You will see a screen like this:
- Click Run ESET Online Scanner
- A Window will open (see above) - please click on the link
- A window will pop up - please download the file to your Desktop
- When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)
- Tick the box next to YES, I accept the Terms of Use then click on: Start
- You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
- Make sure that the option Remove found threats is NOT checked.
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
- Then click on Start
- virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- After the scan is finished please click on Finish
Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

Step 4: Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 5: Question

How is your PC running?

#11
n1K.

Posted 05 May 2014 - 05:35 PM

New Member

Topic Starter
Member
8 posts

Thank you for quick response:)
Yes , i'm using MVPS Host file

Step 1: OTL Fix

OTL logfile created on: 05.05.2014 21:04:03 - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop\Programs\Cure

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000422 | Country: Україна | Language: UKR | Date Format: dd.MM.yyyy

5,91 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 44,01% Memory free

11,82 Gb Paging File | 7,96 Gb Available in Paging File | 67,39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 299,49 Gb Total Space | 163,36 Gb Free Space | 54,54% Space Free | Partition Type: NTFS