Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

URL:Mal svchost.exe alerts from avast at startup

Started by Lpk44 , Nov 30 2016 06:22 AM

Please log in to reply

#1
Lpk44

Posted 30 November 2016 - 06:22 AM

New Member

Member
9 posts

Hi everyone,

I've searched around and used several tools which are familiar to me but i keep getting this from avast:

Threat blocked

URL: http://220.181.87.80/t.exe

Infection: URL:Mal

Process: C:\Windows\System32\svchost.exe

I've seen similar threads here about it but the users all got help specifically for their OS.

I hope someone can help me out with this, i keep getting it several times a day.

Thanks in advance

edit: Tools which i've used vary from MBAM with rootkitscan, HitmanPRO, ADWcleaner, JRT.

Edited by Lpk44, 30 November 2016 - 06:40 AM.

#2
zep516

Posted 30 November 2016 - 07:53 AM

Trusted Helper

Malware Removal
8,107 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Do not attach logs, post them directly.

#3
Lpk44

Posted 30 November 2016 - 08:03 AM

New Member

Topic Starter
Member
9 posts

Hi Zep516, thank you for your fast reply.

Here is the FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by Tepanyan (administrator) on TEPANYAN-ПК (30-11-2016 16:59:31)
Running from C:\Users\Tepanyan\Desktop
Loaded Profiles: Tepanyan (Available Profiles: Tepanyan)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
( ) C:\Windows\System32\lxczcoms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TunnelBear) C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
(Flux Software LLC) C:\Users\Tepanyan\AppData\Local\FluxSoftware\Flux\flux.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
(Wondershare) F:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() F:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() F:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.33\deploy\LoLLauncher.exe
() F:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.73\deploy\LoLPatcher.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
() F:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.232\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74672 2007-02-09] (Lexmark International, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [295856 2007-02-09] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1305061964-975540363-169340528-1000\...\Run: [f.lux] => C:\Users\Tepanyan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2016-11-24]
ShortcutTarget: BackupRemind.lnk -> F:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2016-11-24]
ShortcutTarget: MobileGo Service.lnk -> F:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BC3E3A84-236B-4B96-9685-A38806EB19C3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BC3E3A84-236B-4B96-9685-A38806EB19C3}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{DC67027D-FC85-4D04-9F7F-8662C548F80F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{DC67027D-FC85-4D04-9F7F-8662C548F80F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E64332E8-44EB-4DA4-BBA3-BD828A00F963}: [DhcpNameServer] 192.168.42.129
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-1305061964-975540363-169340528-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1305061964-975540363-169340528-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxp://google.com/","hxxps://www.google.com/","hxxp://mail.ru/cnt/10445?gp=811009"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.bankreferatov.ru/referats/1D0ED02B2BBBA01B43256B5F001B1A27/%D0%A7%D0%B0%D1%81%D1%82%D1%8C%203.doc.html&Key=456458
CHR Profile: C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Default [2016-09-27]
CHR Profile: C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-30]
CHR Extension: (Google Переводчик) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-10-05]
CHR Extension: (Google Презентации) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (Документы Google) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Диск Google) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (YouTube) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (uBlock Origin) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-28]
CHR Extension: (Avast Online Security) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-09-27]
CHR Extension: (HTTPS Everywhere) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-11-09]
CHR Extension: (Google Документы офлайн) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]
CHR Extension: (Avast Online Security) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-26]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-11-02]
CHR Extension: (Red Black) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lkdalccnojhegeedgifgmlcggigcgegh [2016-11-06]
CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (Showgoers for Netflix) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pcmaninppdeakmhaonacejmfcgeempfo [2016-10-21]
CHR Extension: (Gmail) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-02-09] ( )
R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-02-09] ( )
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 TeamViewer; f:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [38272 2016-11-04] (TunnelBear)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]
S3 WsDrvInst; f:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115856 2016-10-20] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40720 2016-11-24] (Google Inc)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [93192 2016-11-11] (Intel  Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94440 2016-06-14] (Корпорация Майкрософт)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [122880 2016-07-25] (Realtek Semiconductor Corporation                           ) [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 16:59 - 2016-11-30 16:59 - 00019690 _____ C:\Users\Tepanyan\Desktop\FRST.txt
2016-11-30 16:59 - 2016-11-30 16:59 - 00000000 ____D C:\FRST
2016-11-30 16:59 - 2016-11-30 16:58 - 02411520 _____ (Farbar) C:\Users\Tepanyan\Desktop\FRST64.exe
2016-11-30 16:12 - 2016-11-30 16:21 - 00000000 ____D C:\Users\Tepanyan\Doctor Web
2016-11-30 15:24 - 2016-11-30 15:24 - 00000000 ____D C:\Users\Tepanyan\Desktop\avz4
2016-11-29 22:37 - 2016-11-29 22:43 - 00000000 ____D C:\Users\Все пользователи\HitmanPro
2016-11-29 22:37 - 2016-11-29 22:43 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-29 22:37 - 2016-11-29 22:37 - 00000000 ____D C:\Program Files\HitmanPro
2016-11-29 22:34 - 2016-11-29 22:34 - 00004898 _____ C:\Users\Tepanyan\Desktop\JRT.txt
2016-11-29 22:21 - 2016-11-29 22:26 - 00000000 ___SD C:\ComboFix
2016-11-29 22:21 - 2016-11-29 22:21 - 00000000 ____D C:\Qoobox
2016-11-29 22:21 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-29 22:21 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-29 22:21 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-29 22:21 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-29 22:21 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-29 22:21 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-29 22:21 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-29 22:21 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-29 22:20 - 2016-11-29 22:21 - 00000000 ___SD C:\32788R22FWJFW
2016-11-29 22:20 - 2016-11-29 22:20 - 00000000 ____D C:\Windows\erdnt
2016-11-29 22:18 - 2016-11-29 22:20 - 00207460 _____ C:\TDSSKiller.3.1.0.12_29.11.2016_22.18.52_log.txt
2016-11-29 22:16 - 2016-11-29 22:17 - 00002566 _____ C:\Users\Tepanyan\Desktop\Rkill.txt
2016-11-28 21:25 - 2016-11-17 16:45 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-28 21:25 - 2016-11-17 16:45 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-28 21:25 - 2016-11-17 16:45 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-25 21:17 - 2016-11-25 21:16 - 00000717 _____ C:\adb_keys
2016-11-25 21:00 - 2016-11-25 21:00 - 00000000 ____D C:\key
2016-11-25 20:48 - 2016-11-25 20:48 - 00000000 ____D C:\Program Files\Intel
2016-11-25 20:48 - 2016-11-11 17:10 - 00093192 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelHaxm.sys
2016-11-25 20:43 - 2016-11-25 20:43 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\JetBrains
2016-11-25 20:41 - 2016-11-25 20:42 - 00000000 ____D C:\Users\Tepanyan\.AndroidStudio2.2
2016-11-25 20:41 - 2016-11-25 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2016-11-25 20:34 - 2016-11-25 20:34 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\Android
2016-11-25 20:33 - 2016-11-25 20:33 - 00000000 ____D C:\Program Files\Android
2016-11-25 19:14 - 2016-11-25 19:14 - 00000000 ____D C:\Users\Tepanyan\Desktop\MyPhoneExplorer portable
2016-11-25 15:28 - 2016-11-25 21:09 - 00000000 ____D C:\adb
2016-11-25 13:31 - 2016-11-25 13:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2016-11-25 13:30 - 2016-11-25 13:30 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys
2016-11-25 13:30 - 2016-11-25 13:30 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys
2016-11-25 13:30 - 2016-11-25 13:30 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys
2016-11-25 13:30 - 2016-11-25 13:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wsadb_01009.Wdf
2016-11-24 16:19 - 2016-11-24 16:19 - 00000000 ____D C:\Users\Все пользователи\wsr
2016-11-24 16:19 - 2016-11-24 16:19 - 00000000 ____D C:\ProgramData\wsr
2016-11-24 16:16 - 2016-11-24 16:16 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-11-24 16:16 - 2016-11-24 16:16 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2016-11-24 16:16 - 2016-11-24 16:16 - 00040720 _____ (Google Inc) C:\Windows\system32\Drivers\wsadb.sys
2016-11-24 16:13 - 2016-11-24 16:13 - 00001056 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone for Android.lnk
2016-11-24 16:13 - 2016-11-24 16:13 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp
2016-11-24 16:06 - 2016-11-24 16:06 - 00001159 _____ C:\Users\Public\Desktop\Wondershare MirrorGo.lnk
2016-11-24 16:06 - 2016-11-24 16:06 - 00000000 ____D C:\Users\Tepanyan\Documents\Wondershare
2016-11-24 16:05 - 2016-11-24 16:05 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\HMYGSetting
2016-11-24 16:04 - 2016-11-25 20:48 - 00000000 ____D C:\Users\Tepanyan\.android
2016-11-24 16:04 - 2016-11-25 16:33 - 00000000 ____D C:\Users\Все пользователи\wondershare
2016-11-24 16:04 - 2016-11-25 16:33 - 00000000 ____D C:\ProgramData\wondershare
2016-11-24 16:04 - 2016-11-24 16:13 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\Wondershare
2016-11-24 16:04 - 2016-11-24 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-11-24 16:04 - 2016-11-24 16:06 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-11-24 16:04 - 2016-11-24 16:04 - 01179672 _____ C:\Windows\unins000.exe
2016-11-24 16:04 - 2016-11-24 16:04 - 00022823 _____ C:\Windows\unins000.msg
2016-11-24 16:04 - 2016-11-24 16:04 - 00006769 _____ C:\Windows\unins000.dat
2016-11-24 16:04 - 2016-11-24 16:04 - 00000848 _____ C:\Users\Public\Desktop\Wondershare MobileGo.lnk
2016-11-24 16:04 - 2015-02-27 10:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2016-11-20 20:42 - 2016-11-29 21:56 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\TunnelBear
2016-11-20 20:42 - 2016-11-29 21:56 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2016-11-20 20:42 - 2016-11-20 20:42 - 00001877 _____ C:\Users\Public\Desktop\TunnelBear.lnk
2016-11-20 20:42 - 2016-11-20 20:42 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\IsolatedStorage
2016-11-20 20:42 - 2016-11-20 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2016-11-20 20:28 - 2016-11-20 20:28 - 00000000 ____D C:\Users\Все пользователи\Nexon
2016-11-20 20:28 - 2016-11-20 20:28 - 00000000 ____D C:\ProgramData\Nexon
2016-11-20 19:30 - 2016-11-20 19:30 - 00001089 _____ C:\Users\Tepanyan\Desktop\MapleStory.lnk
2016-11-20 19:07 - 2016-11-20 19:07 - 00000000 ____D C:\Nexon
2016-11-20 18:58 - 2016-11-20 18:58 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\NexonLauncher
2016-11-20 18:58 - 2016-11-20 18:58 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\Crashpad
2016-11-20 18:22 - 2016-11-20 19:07 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\NexonLauncher
2016-11-20 18:22 - 2016-11-20 18:22 - 00001050 _____ C:\Users\Tepanyan\Desktop\Nexon Launcher.lnk
2016-11-17 15:03 - 2016-11-11 01:23 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-17 15:03 - 2016-09-09 21:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-11-17 15:03 - 2016-09-09 21:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-11-17 15:03 - 2016-09-09 21:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-11-17 15:03 - 2016-09-09 21:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-11-17 15:00 - 2016-11-11 02:48 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 35222464 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 34704952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 28140088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 17361976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 14048824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-17 15:00 - 2016-11-11 02:48 - 10912048 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 10795128 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 10346024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 09150888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 08754160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 03645496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 03208248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437586.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437586.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00975928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00943552 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00897080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-17 15:00 - 2016-11-11 02:48 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-16 16:14 - 2016-11-16 16:14 - 00177226 _____ C:\Users\Tepanyan\Desktop\Week1-2_logo.pdf
2016-11-16 16:14 - 2016-11-16 16:14 - 00174083 _____ C:\Users\Tepanyan\Desktop\Week1-1_logo.pdf
2016-11-10 00:20 - 2016-11-02 18:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-10 00:20 - 2016-11-02 18:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-10 00:20 - 2016-10-28 06:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-10 00:20 - 2016-10-28 06:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-10 00:20 - 2016-10-27 21:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-10 00:20 - 2016-10-27 21:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-10 00:20 - 2016-10-27 21:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-10 00:20 - 2016-10-27 21:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-10 00:20 - 2016-10-27 20:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-10 00:20 - 2016-10-27 20:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-10 00:20 - 2016-10-27 20:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-10 00:20 - 2016-10-27 20:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-10 00:20 - 2016-10-27 20:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-10 00:20 - 2016-10-27 20:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-10 00:20 - 2016-10-27 20:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-10 00:20 - 2016-10-27 18:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-10 00:20 - 2016-10-25 18:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-10 00:20 - 2016-10-22 20:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-10 00:20 - 2016-10-22 19:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-10 00:20 - 2016-10-22 19:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-10 00:20 - 2016-10-22 19:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-10 00:20 - 2016-10-22 19:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-10 00:20 - 2016-10-22 19:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-10 00:20 - 2016-10-22 19:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-10 00:20 - 2016-10-15 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-10 00:20 - 2016-10-15 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-10 00:20 - 2016-10-11 18:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-10 00:20 - 2016-10-11 18:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-10 00:20 - 2016-10-11 18:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-10 00:20 - 2016-10-11 18:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-10 00:20 - 2016-10-11 18:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-10 00:20 - 2016-10-11 18:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-10 00:20 - 2016-10-11 18:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-10 00:20 - 2016-10-11 18:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-10 00:20 - 2016-10-11 18:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-10 00:20 - 2016-10-11 18:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-10 00:20 - 2016-10-11 18:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-10 00:20 - 2016-10-11 18:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-10 00:20 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-10 00:20 - 2016-10-11 18:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-10 00:20 - 2016-10-11 16:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-10 00:20 - 2016-10-11 16:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-10 00:20 - 2016-10-10 18:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-10 00:20 - 2016-10-10 18:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-10 00:20 - 2016-10-10 18:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-10 00:20 - 2016-10-10 18:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-10 00:20 - 2016-10-07 18:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-10 00:20 - 2016-10-07 18:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-10 00:20 - 2016-10-07 18:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-10 00:20 - 2016-10-07 18:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-10 00:20 - 2016-10-07 18:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-10 00:20 - 2016-10-07 18:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-10 00:20 - 2016-10-07 18:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-10 00:20 - 2016-10-07 18:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-10 00:20 - 2016-10-07 18:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-10 00:20 - 2016-10-07 18:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-10 00:20 - 2016-10-07 18:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-10 00:20 - 2016-10-05 17:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-10 00:20 - 2016-09-15 17:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-10 00:20 - 2016-09-09 21:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-10 00:20 - 2016-09-09 21:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-10 00:20 - 2016-08-22 19:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-10 00:19 - 2016-11-02 18:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-10 00:19 - 2016-11-02 18:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-10 00:19 - 2016-11-02 18:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-10 00:19 - 2016-11-02 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-10 00:19 - 2016-11-02 18:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-10 00:19 - 2016-11-02 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-10 00:19 - 2016-11-02 18:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-10 00:19 - 2016-11-02 17:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-10 00:19 - 2016-10-27 22:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-10 00:19 - 2016-10-27 22:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-10 00:19 - 2016-10-27 21:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-10 00:19 - 2016-10-27 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-10 00:19 - 2016-10-27 21:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-10 00:19 - 2016-10-27 21:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-10 00:19 - 2016-10-27 21:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-10 00:19 - 2016-10-27 21:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-10 00:19 - 2016-10-27 21:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-10 00:19 - 2016-10-27 21:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-10 00:19 - 2016-10-27 21:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-10 00:19 - 2016-10-27 21:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-10 00:19 - 2016-10-27 21:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-10 00:19 - 2016-10-27 21:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-10 00:19 - 2016-10-27 21:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-10 00:19 - 2016-10-27 21:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-10 00:19 - 2016-10-27 21:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-10 00:19 - 2016-10-27 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-10 00:19 - 2016-10-27 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-10 00:19 - 2016-10-27 21:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-10 00:19 - 2016-10-27 21:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-10 00:19 - 2016-10-27 20:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-10 00:19 - 2016-10-27 19:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-10 00:19 - 2016-10-22 20:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-10 00:19 - 2016-10-22 20:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-10 00:19 - 2016-10-22 20:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-10 00:19 - 2016-10-22 20:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-10 00:19 - 2016-10-22 20:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-10 00:19 - 2016-10-22 20:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-10 00:19 - 2016-10-22 20:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-10 00:19 - 2016-10-22 20:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-10 00:19 - 2016-10-22 20:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-10 00:19 - 2016-10-22 20:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-10 00:19 - 2016-10-22 20:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-10 00:19 - 2016-10-22 20:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-10 00:19 - 2016-10-22 20:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-10 00:19 - 2016-10-22 20:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-10 00:19 - 2016-10-22 20:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-10 00:19 - 2016-10-22 19:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-10 00:19 - 2016-10-22 19:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-10 00:19 - 2016-10-22 19:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-10 00:19 - 2016-10-22 19:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-10 00:19 - 2016-10-22 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-10 00:19 - 2016-10-22 19:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-10 00:19 - 2016-10-22 19:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-10 00:19 - 2016-10-15 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-10 00:19 - 2016-10-15 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-10 00:19 - 2016-10-11 18:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-10 00:19 - 2016-10-11 18:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-10 00:19 - 2016-10-10 18:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-10 00:19 - 2016-10-10 18:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-10 00:19 - 2016-10-10 18:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-10 00:19 - 2016-10-10 18:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-10 00:19 - 2016-10-10 18:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-10 00:19 - 2016-10-10 18:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-10 00:19 - 2016-10-10 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-10 00:19 - 2016-10-10 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-10 00:19 - 2016-10-10 17:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-10 00:19 - 2016-10-10 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-10 00:19 - 2016-10-10 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-10 00:19 - 2016-10-10 17:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-10 00:19 - 2016-10-10 17:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-10 00:19 - 2016-10-10 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 18:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-10 00:19 - 2016-10-07 18:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-10 00:19 - 2016-10-07 18:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-10 00:19 - 2016-10-07 18:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-10 00:19 - 2016-10-07 18:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-10 00:19 - 2016-10-07 17:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-10 00:19 - 2016-10-07 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-10 00:19 - 2016-10-07 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-10 00:19 - 2016-10-07 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-10 00:19 - 2016-10-07 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-10 00:19 - 2016-10-07 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 00:19 - 2016-10-07 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-10 00:19 - 2016-09-13 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-10 00:19 - 2016-09-13 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-09 18:05 - 2016-11-09 18:05 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-11-09 18:05 - 2016-11-09 18:05 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\FluxSoftware
2016-11-06 01:37 - 2016-11-06 12:53 - 00000000 ____D C:\AdwCleaner
2016-11-05 19:43 - 2016-11-05 19:43 - 00000607 _____ C:\Users\Tepanyan\Desktop\кекс.txt
2016-11-01 15:18 - 2016-11-01 15:18 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\OpenDNS Updater

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 16:54 - 2009-07-14 07:45 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-30 16:54 - 2009-07-14 07:45 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-30 16:46 - 2016-07-25 17:31 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\Skype
2016-11-30 16:12 - 2016-07-25 13:44 - 00000000 ____D C:\Users\Tepanyan
2016-11-30 16:04 - 2016-07-25 16:53 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-30 15:26 - 2016-10-08 02:53 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\CrashDumps
2016-11-30 12:59 - 2011-04-12 16:26 - 00723936 _____ C:\Windows\system32\perfh019.dat
2016-11-30 12:59 - 2011-04-12 16:26 - 00150252 _____ C:\Windows\system32\perfc019.dat
2016-11-30 12:59 - 2009-07-14 08:13 - 01647438 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-30 12:59 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-11-30 12:54 - 2016-07-25 18:16 - 00000000 ____D C:\Users\Все пользователи\NVIDIA
2016-11-30 12:54 - 2016-07-25 18:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-30 12:54 - 2016-07-25 16:53 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-30 12:54 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-30 10:38 - 2016-07-26 18:16 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\vlc
2016-11-29 22:59 - 2016-09-28 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-28 21:26 - 2016-10-03 12:20 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-28 21:26 - 2016-09-26 00:55 - 00003794 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 21:26 - 2016-09-26 00:54 - 00003844 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 21:26 - 2016-09-26 00:54 - 00003606 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 21:26 - 2016-07-25 18:10 - 00000000 ____D C:\Users\Все пользователи\NVIDIA Corporation
2016-11-28 21:26 - 2016-07-25 18:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-28 21:26 - 2016-07-25 18:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-28 21:26 - 2016-07-25 17:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-28 21:25 - 2016-09-26 00:54 - 00003844 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 21:25 - 2016-09-26 00:54 - 00003782 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-28 21:25 - 2016-09-26 00:54 - 00003546 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 01:32 - 2016-08-14 21:49 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\uTorrent
2016-11-23 21:27 - 2016-09-09 14:00 - 00000000 ____D C:\Users\Tepanyan\AppData\LocalLow\uTorrent
2016-11-23 12:16 - 2016-07-25 17:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-23 12:16 - 2016-07-25 17:30 - 00000000 ____D C:\Users\Все пользователи\Skype
2016-11-23 12:16 - 2016-07-25 17:30 - 00000000 ____D C:\ProgramData\Skype
2016-11-20 20:42 - 2016-07-25 18:10 - 00000000 ____D C:\Users\Все пользователи\Package Cache
2016-11-20 20:42 - 2016-07-25 18:10 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-20 15:25 - 2016-10-16 11:20 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\ElevatedDiagnostics
2016-11-17 16:45 - 2016-10-03 12:20 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-11-17 16:45 - 2016-10-03 12:20 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-11-17 16:45 - 2016-10-03 12:20 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-11-17 16:45 - 2016-10-03 12:20 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-11-17 16:45 - 2016-10-03 12:20 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-11-17 15:04 - 2016-09-23 16:33 - 00000000 ____D C:\temp
2016-11-17 15:04 - 2016-07-25 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-17 15:03 - 2016-07-25 18:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-16 19:42 - 2016-09-26 00:54 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-11-15 12:05 - 2016-07-25 16:54 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 12:05 - 2016-07-25 16:54 - 00002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-12 19:20 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-11-11 02:48 - 2016-10-29 00:16 - 00491720 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-11 02:48 - 2016-08-29 00:03 - 19936464 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-11 02:48 - 2016-08-29 00:03 - 17440744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-11 02:48 - 2016-08-29 00:03 - 14409936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-11 02:48 - 2016-08-29 00:03 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-11 02:48 - 2016-08-29 00:03 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-11 02:48 - 2016-08-29 00:03 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-11-11 01:38 - 2016-09-26 23:29 - 07511235 _____ C:\Windows\system32\nvcoproc.bin
2016-11-11 01:38 - 2016-09-26 23:29 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-11-11 01:38 - 2016-09-26 23:29 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-11-11 01:38 - 2016-09-26 23:29 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-11-11 01:38 - 2016-09-26 23:29 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-11-11 01:38 - 2016-09-26 23:29 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-11-11 01:38 - 2016-09-26 23:29 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-11-11 01:38 - 2016-09-26 23:29 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-10 12:40 - 2009-07-14 07:45 - 00409440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-10 03:04 - 2016-07-31 16:51 - 00000000 ____D C:\Windows\system32\MRT
2016-11-10 03:01 - 2016-07-31 16:50 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-07 20:00 - 2016-09-27 22:33 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-04 19:58 - 2016-09-27 22:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 15:32 - 2016-07-25 15:07 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-01 15:22 - 2016-07-25 15:09 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\Google
2016-10-31 14:05 - 2016-07-25 15:08 - 00000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2016-07-25 15:22 - 2016-07-25 15:22 - 0004927 _____ () C:\ProgramData\mtbjfghn.xbe

Some files in TEMP:
====================
C:\Users\Tepanyan\AppData\Local\Temp\1Q8GXtsGnIDS.exe
C:\Users\Tepanyan\AppData\Local\Temp\3g8LcT6DltLx.exe
C:\Users\Tepanyan\AppData\Local\Temp\4kVMvAt9SU73.exe
C:\Users\Tepanyan\AppData\Local\Temp\a2zvW36zPbCy.exe
C:\Users\Tepanyan\AppData\Local\Temp\coi1634.exe
C:\Users\Tepanyan\AppData\Local\Temp\EZjnJ9Ob1uw2.exe
C:\Users\Tepanyan\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Tepanyan\AppData\Local\Temp\libeay32.dll
C:\Users\Tepanyan\AppData\Local\Temp\msvcr120.dll
C:\Users\Tepanyan\AppData\Local\Temp\namebench.exe
C:\Users\Tepanyan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Tepanyan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Tepanyan\AppData\Local\Temp\nvStInst.exe
C:\Users\Tepanyan\AppData\Local\Temp\python27.dll
C:\Users\Tepanyan\AppData\Local\Temp\q39EDgiKaGVw.exe
C:\Users\Tepanyan\AppData\Local\Temp\QbzTRQTGbnSH.exe
C:\Users\Tepanyan\AppData\Local\Temp\rtdrvmon.exe
C:\Users\Tepanyan\AppData\Local\Temp\sCoYcv3yWMMc.exe
C:\Users\Tepanyan\AppData\Local\Temp\sqlite3.dll
C:\Users\Tepanyan\AppData\Local\Temp\tcl85.dll
C:\Users\Tepanyan\AppData\Local\Temp\tk85.dll
C:\Users\Tepanyan\AppData\Local\Temp\Windows10Upgrade.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-24 13:23

==================== End of FRST.txt ============================

and here is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Tepanyan (30-11-2016 17:00:06)
Running from C:\Users\Tepanyan\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-07-25 10:44:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Tepanyan (S-1-5-21-1305061964-975540363-169340528-1000 - Administrator - Enabled) => C:\Users\Tepanyan
Администратор (S-1-5-21-1305061964-975540363-169340528-500 - Administrator - Disabled)
Гость (S-1-5-21-1305061964-975540363-169340528-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1305061964-975540363-169340528-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1926.41617 - ABBYY Software House)
Adobe Acrobat Reader DC - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Android Debug Bridge (ADB) 1.0.35 (HKLM-x32\...\Android Debug Bridge (ADB) 1.0.35) (Version: 1.0.35 - Google)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (Version: 375.86 - NVIDIA Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
CrystalDiskInfo 7.0.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.2 - Crystal Dew World)
Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
f.lux (HKU\S-1-5-21-1305061964-975540363-169340528-1000\...\Flux) (Version:  - )
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{27276DC1-66AA-4B16-918D-5AB1EEDF09C6}) (Version: 6.0.5 - Intel Corporation)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 fix Version 1.0.0.1 (HKLM-x32\...\{C12304D8-48C3-46C9-A62F-82FFAFC04170}_is1) (Version: 1.0.0.1 - Wondershare, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.6.01055 - Корпорация Майкрософт)
Microsoft Office 2007, версия null (HKLM-x32\...\{F11C12A8-55E1-4438-85E2-C745E886DF77}_is1) (Version: null - )
Microsoft Office профессиональный плюс 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Аудиодрайвер HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Графический драйвер 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.86 - NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TunnelBear (HKLM-x32\...\{1cc2998e-1582-4641-a524-47d725ce1ba7}) (Version: 3.0.29.0 - TunnelBear)
TunnelBear (x32 Version: 3.0.29.0 - TunnelBear) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.31 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Dr.Fone for Android(Build 6.5.0.12) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.5.0.12 - Wondershare Software Co.,Ltd.)
Wondershare MirrorGo(Version 1.7.0) (HKLM-x32\...\{EE843B49-D9BC-4A9E-A8A7-B9F14C0381C7}_is1) (Version: 1.7.0 - Wondershare)
Wondershare MobileGo(Version 8.2.3) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.2.3 - Wondershare)
Обновления NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Панель управления NVIDIA 375.86 (Version: 375.86 - NVIDIA Corporation) Hidden
Помощник по обновлению до Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Решения факса Lexmark (HKLM\...\Lexmark Fax Solutions) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {253CC718-3D6F-4DC5-B02B-8A160BB3C3C8} - System32\Tasks\SafeZone scheduled Autoupdate 1469448589 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {2B522802-5300-44C0-92DF-9D0E1395A55A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {3D5C139C-7BAB-49CF-AD50-ED480C10EDF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {47D6F1E8-F494-424C-B61A-A97581668FD6} - System32\Tasks\{557A5A5D-5E2A-4399-8241-193AEC63F10F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {55E05367-09BB-4465-8442-824C8B271F62} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {5F252A33-AF4B-436C-9D85-602641CD84B7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {8B0609F4-68E1-4916-A844-2BC66C8F0EAA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {8DC20C5A-E88B-44E3-8C54-BE89AA712DE7} - System32\Tasks\{517CFD63-CD21-4CDC-875F-5E27F85DF88E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.6.0.105&amp;LastError=404
Task: {AAFF02B9-9890-412E-B8E6-FD330F2A6E9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {B5B884FC-CABE-450B-9C50-034FF3D5D257} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-25] (AVAST Software)
Task: {D164EB23-764E-4667-A357-37FAAB8AF7EF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {E40F5157-6A6B-45BA-999B-ACA998F38213} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {E542E5F4-7CFC-495C-A176-9A209349A818} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {E9EF558E-FBC4-4168-A3FD-8E9885B27CBC} - System32\Tasks\{4158F142-8204-4591-84B7-167880542249} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {FD54BDEB-08CA-4D6C-9EEB-8166825BE03D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-09] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Tepanyan\Desktop\Компьютер - Ярлык.lnk -> 0x4C0000000114020000000000C0000000000000468100080000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000FF000000090000A0720000003153505330F125B7EF471A10A5F102608C9EEBAC250000000A000000001F0000000A0000001A043E043C043F044C044E0442043504400400003100000004000000001F00000010000000210438044104420435043C043D0430044F0420003F0430043F043A0430040000000000008100000031535053A66A63283D95D211B5D600C04FD918D0650000001E000000001F000000290000003A003A007B00320030004400300034004600450030002D0033004100450041002D0031003000360039002D0041003200440038002D003000380030003000320042003300300033003000390044007D0000000000000000000000000000000000 <===== Cyrillic
Shortcut: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <===== Cyrillic
Shortcut: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <===== Cyrillic
Shortcut: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <===== Cyrillic

ShortcutWithArgument: C:\Users\Tepanyan\Desktop\Помощник по обновлению до Windows 10.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10China:VNL:EOMODAL:{}" <===== Cyrillic
ShortcutWithArgument: C:\Users\Tepanyan\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://rigneda.ru/?utm_source=startlink03&utm_content=adbf052057e305ed7ecce74202676864&utm_term=036B8C061FFABA00B6629A9CEFF0B197&utm_d=20160927"
ShortcutWithArgument: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --disable-quic
ShortcutWithArgument: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> F:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Tepanyan\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Помощник по обновлению до Windows 10.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10China:VNL:EOMODAL:{}" <===== Cyrillic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-09-26 20:54 - 2006-11-22 17:21 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL
2016-09-26 20:54 - 2006-11-22 17:05 - 00012288 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\FxCtrStr.dll
2016-09-26 20:54 - 2006-11-22 17:19 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2016-09-26 00:54 - 2016-11-17 16:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-26 00:54 - 2016-11-17 16:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-26 00:55 - 2016-11-17 16:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2006-01-11 01:11 - 2006-01-11 01:11 - 00054784 _____ () C:\Windows\system32\lxczcnv4.dll
2016-09-26 23:29 - 2016-11-11 01:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-11-15 12:05 - 2016-11-09 00:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 12:05 - 2016-11-09 00:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2014-01-21 16:54 - 2015-07-13 22:49 - 01294336 _____ () F:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-11-22 18:54 - 2016-11-22 18:54 - 02753016 _____ () F:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.33\deploy\LoLLauncher.exe
2016-11-22 18:54 - 2016-11-22 18:54 - 04738040 _____ () F:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.73\deploy\LoLPatcher.exe
2015-07-14 00:22 - 2015-07-14 00:22 - 00074752 _____ () F:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.232\deploy\LolClient.exe
2016-09-09 11:07 - 2016-09-09 11:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-30 12:54 - 2016-11-30 12:54 - 03133960 _____ () C:\Program Files\AVAST Software\Avast\defs\16113000\algo.dll
2016-09-09 11:07 - 2016-09-09 11:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-26 00:54 - 2016-11-17 13:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-26 00:54 - 2016-11-17 13:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-26 00:54 - 2016-11-17 13:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-26 00:54 - 2016-11-17 16:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-26 00:54 - 2016-11-17 16:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-26 00:54 - 2016-11-17 13:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-26 00:54 - 2016-11-17 13:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-26 00:54 - 2016-11-17 13:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-26 00:54 - 2016-11-17 13:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-10-03 12:19 - 2016-11-17 16:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-25 15:06 - 2016-07-25 15:06 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-11-22 18:54 - 2016-11-22 18:54 - 00586744 _____ () F:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.73\deploy\RiotLauncher.dll
2016-04-20 11:49 - 2016-04-20 11:49 - 04887216 _____ () F:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.232\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2016-04-20 11:49 - 2016-04-20 11:49 - 19397808 _____ () F:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.232\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2016-11-29 22:45 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1305061964-975540363-169340528-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD466F2E-C562-4B43-8234-05F9489B1D1F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C41CB37-68FF-40F9-8C5D-1C1C0C14C644}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DB1C95BD-E448-4022-A5C0-A5BD4AD1411F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9280DF4C-D8B3-4913-8147-5ABB507C4628}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{20F0DCAF-3F97-4456-B01E-63B70F585D13}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4C416979-61EB-48B7-B9F5-EB162C26F0D6}] => (Allow) F:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{9A2499B0-2A19-4CF9-8545-953E1CE8CEF1}] => (Allow) F:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{0D0F1786-9DA8-4024-BB88-8B91E0250C9D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{AC071DC0-3658-48E4-BB24-234C95293DBA}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{CABBD2F3-C6E5-468F-BCFE-AC558AE0CAAD}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BEAF5D26-8739-498E-9267-99AA11CF3748}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6B1E973-9F19-4595-8EB0-3E32A3CCF077}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE9301D6-AA02-40CC-B54D-746488AB9C22}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40134435-4D67-47AB-93A9-4EF12F7945BA}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1754EF0B-0A71-4928-BEE7-CE648480DDBA}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE0AAED8-7FDE-4966-A681-49DBCD4D2773}] => (Allow) C:\Windows\SysWOW64\lxczcoms.exe
FirewallRules: [{59973335-112B-4D0F-A50E-7715BC532810}] => (Allow) C:\Windows\SysWOW64\lxczcoms.exe
FirewallRules: [{807C0906-12C7-49DF-89D5-67C2D944B30F}] => (Allow) C:\Program Files\UBar\ubar.exe
FirewallRules: [{94923CAA-114D-4A2F-8A2B-E3552736B55F}] => (Allow) C:\Users\Tepanyan\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{95D9797B-1486-4F18-BC96-4FC5EA03EB3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D80CF78B-968A-455B-89A7-F2882B55F38D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{317A6AEE-019B-410F-B860-6CCE9A8CD4D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77E090E5-8CD3-4F12-899B-0A85E6087A3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EED28FA7-AE78-49C4-95DA-BA4DF4534C96}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6D1150DE-3086-4F46-AFD5-EA19A5A0A0D6}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0BB827B2-D650-42E7-8E0C-49374E0AB930}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2FC003B0-415E-4449-AA5C-BAF99B38C8C5}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{29377259-8EEB-4CCA-9874-3570A5A3E20D}] => (Allow) C:\Windows\System32\lxczcoms.exe
FirewallRules: [{68B8C15D-29AB-47D0-9B9B-CFA80A492C2F}] => (Allow) C:\Windows\System32\lxczcoms.exe
FirewallRules: [{7A44E695-4394-4244-8E45-B9A50B51D03C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe
FirewallRules: [{BE13511F-694D-4DA5-AB04-85BDF29A94F0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe
FirewallRules: [{8A880D70-C85B-4D35-8231-1EF8CB6958F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{1BBB981C-13FA-4A25-AD4B-48E36591E752}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
FirewallRules: [{3FB61A08-1669-4A62-B577-B473455DF891}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{4EBD229B-18F1-4083-AFD6-B873FBFFB159}F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [UDP Query User{B735D363-9F15-4238-8FC6-BF830A84C873}F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{3E8DF579-79EA-4C8F-BC78-CFB631E09D3C}] => (Block) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [{23956FFA-C3A4-4B63-AAF4-C2EA35C56043}] => (Block) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [TCP Query User{29A6D61F-3C68-471A-AC41-5EECAC709541}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe
FirewallRules: [UDP Query User{0094C0EF-BC89-4641-863F-D5F15F615D5F}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe
FirewallRules: [TCP Query User{F0A02772-78F8-41E9-9A6B-0C7AD922977A}F:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilego.exe
FirewallRules: [UDP Query User{ED404D8D-50D5-41C0-9050-C03CDC1A0C93}F:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilego.exe
FirewallRules: [TCP Query User{92C7860F-277C-43EF-9716-A339035D12B1}C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe] => (Allow) C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe
FirewallRules: [UDP Query User{7396C095-8959-4306-8C9A-CACDA11B8412}C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe] => (Allow) C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe

==================== Restore Points =========================

24-11-2016 16:16:22 Установить пакет драйверов устройств: Google, Inc. SAMSUNG Android Phone
24-11-2016 16:16:48 Установить пакет драйверов устройств: Google Corporation
29-11-2016 22:21:45 ComboFix created restore point
29-11-2016 22:32:24 JRT Pre-Junkware Removal
29-11-2016 22:43:01 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2016 03:26:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: avz.exe, версия: 4.45.0.104, отметка времени: 0x2a425e19
Имя сбойного модуля: unknown, версия: 0.0.0.0, отметка времени 0x00000000
Код исключения: 0xc0000005
Смещение ошибки: 0x10f6ac3c
Идентификатор сбойного процесса: 0x1390
Время запуска сбойного приложения: 0x01d24b04ab76dfaa
Путь сбойного приложения: C:\Users\Tepanyan\Desktop\avz4\avz.exe
Путь сбойного модуля: unknown
Код отчета: 34a5ce7d-b6f8-11e6-9007-50e54952befa

Error: (11/30/2016 03:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: avz.exe, версия: 4.45.0.104, отметка времени: 0x2a425e19
Имя сбойного модуля: unknown, версия: 0.0.0.0, отметка времени 0x00000000
Код исключения: 0xc0000005
Смещение ошибки: 0x10f6ac3c
Идентификатор сбойного процесса: 0xe30
Время запуска сбойного приложения: 0x01d24b0442cd5958
Путь сбойного приложения: C:\Users\Tepanyan\AppData\Local\Temp\Rar$EXa0.938\avz4\avz.exe
Путь сбойного модуля: unknown
Код отчета: d835bbbe-b6f7-11e6-9007-50e54952befa

Error: (11/30/2016 03:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: avz.exe, версия: 4.45.0.104, отметка времени: 0x2a425e19
Имя сбойного модуля: unknown, версия: 0.0.0.0, отметка времени 0x00000000
Код исключения: 0xc0000005
Смещение ошибки: 0x10f6ac3c
Идентификатор сбойного процесса: 0x1648
Время запуска сбойного приложения: 0x01d24b0366fb12bb
Путь сбойного приложения: C:\Users\Tepanyan\AppData\Local\Temp\Rar$EXa0.130\avz4\avz.exe
Путь сбойного модуля: unknown
Код отчета: 6e53b0d8-b6f7-11e6-9007-50e54952befa

Error: (11/30/2016 12:54:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/30/2016 10:37:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/30/2016 01:11:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа League of Legends.exe версии 6.23.166.3007 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.

ИД процесса: 99c

Время запуска: 01d24a8d523aab15

Время завершения: 18

Путь приложения: F:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.153\deploy\League of Legends.exe

ИД отчета:

Error: (11/29/2016 10:49:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/29/2016 10:28:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/29/2016 06:21:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/28/2016 06:35:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа lxczaiox.exe версии 1.50.0.0 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.

ИД процесса: ae8

Время запуска: 01d2498ce9ef8d6e

Время завершения: 2

Путь приложения: C:\Program Files (x86)\Lexmark 1200 Series\lxczaiox.exe

ИД отчета: 37fe1f21-b580-11e6-aa9a-50e54952befa


System errors:
=============
Error: (11/30/2016 03:06:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Возникло следующее неустранимое предупреждение: 10. Внутреннее состояние ошибки: 10.

Error: (11/30/2016 03:04:26 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Возникло следующее неустранимое предупреждение: 10. Внутреннее состояние ошибки: 10.

Error: (11/30/2016 03:30:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Регистрация сервера {F9717507-6651-4EDB-BFF7-AE615179BCCF} DCOM не прошла за отведенное время ожидания.

Error: (11/29/2016 10:47:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Регистрация сервера {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} DCOM не прошла за отведенное время ожидания.

Error: (11/29/2016 10:47:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Регистрация сервера {F9717507-6651-4EDB-BFF7-AE615179BCCF} DCOM не прошла за отведенное время ожидания.

Error: (11/29/2016 10:47:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Регистрация сервера {3EB3C877-1F16-487C-9050-104DBCD66683} DCOM не прошла за отведенное время ожидания.

Error: (11/29/2016 10:32:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба NVIDIA LocalSystem Container была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 1000 мсек: Перезапуск службы.

Error: (11/29/2016 10:26:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Регистрация сервера {F9717507-6651-4EDB-BFF7-AE615179BCCF} DCOM не прошла за отведенное время ожидания.

Error: (11/28/2016 11:47:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Получено следующее предупреждение о неустранимой ошибке: 20.

Error: (11/27/2016 01:24:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Регистрация сервера {F9717507-6651-4EDB-BFF7-AE615179BCCF} DCOM не прошла за отведенное время ожидания.


CodeIntegrity:
===================================
  Date: 2016-09-09 08:28:59.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 08:27:59.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 08:27:59.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 20:25:00.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 20:24:11.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 20:24:11.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 14:20:38.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 14:19:28.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 14:19:28.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 08:23:10.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 46%
Total physical RAM: 8109.13 MB
Available physical RAM: 4340.98 MB
Total Virtual: 16216.43 MB
Available Virtual: 10217.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:152.34 GB) (Free:83.44 GB) NTFS
Drive d: (Work) (Fixed) (Total:247.66 GB) (Free:168.58 GB) NTFS
Drive e: (Home) (Fixed) (Total:217.8 GB) (Free:160.11 GB) NTFS
Drive f: (Programm) (Fixed) (Total:313.42 GB) (Free:102.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 828F2E34)
Partition 1: (Active) - (Size=306 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=247.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=217.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2720A764)
Partition 1: (Not Active) - (Size=152.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=313.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Thanks in advance

#4
zep516

Posted 30 November 2016 - 08:29 AM

Trusted Helper

Malware Removal
8,107 posts

Hello,

Please do not put logs in code boxes it makes them very difficult to read. Copy an paste the logs directly in.
Please post the combofix log. It should be at C:/ Combofix.txt

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKU\S-1-5-21-1305061964-975540363-169340528-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
Toolbar: HKU\S-1-5-21-1305061964-975540363-169340528-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-07-25 15:22 - 2016-07-25 15:22 - 0004927 _____ () C:\ProgramData\mtbjfghn.xbe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next
Run the Chrome clean up tool.
https://www.google.c...e/cleanup-tool/

In your next reply post fixlog.txt
Re- Run Farber and post 2 new logs from that as well. Additons.txt and frst.txt

#5
Lpk44

Posted 30 November 2016 - 09:16 AM

New Member

Topic Starter
Member
9 posts

Hello, sorry about the codebox, thought it'd make it easier for you.

Unfortunately the combofix.txt is nowhere to be found in C:\.

Here is the Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016

Ran by Tepanyan (30-11-2016 18:04:15) Run:1

Running from C:\Users\Tepanyan\Desktop

Loaded Profiles: Tepanyan (Available Profiles: Tepanyan)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CloseProcesses:

CreateRestorePoint:

GroupPolicy: Restriction <======= ATTENTION

GroupPolicy\User: Restriction <======= ATTENTION

HKU\S-1-5-21-1305061964-975540363-169340528-1000\Software\Microsoft\Internet Explorer\Main,Start Page =

Toolbar: HKU\S-1-5-21-1305061964-975540363-169340528-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2016-07-25 15:22 - 2016-07-25 15:22 - 0004927 _____ () C:\ProgramData\mtbjfghn.xbe

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

RemoveProxy:

hosts:

Emptytemp:

*****************

Processes closed successfully.

Restore point was successfully created.

C:\Windows\system32\GroupPolicy\Machine => moved successfully

C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully

C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully

C:\Windows\system32\GroupPolicy\User => moved successfully

HKU\S-1-5-21-1305061964-975540363-169340528-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\S-1-5-21-1305061964-975540363-169340528-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully

HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.

VGPU => service removed successfully

C:\ProgramData\mtbjfghn.xbe => moved successfully

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart" => key removed successfully

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys" => key removed successfully

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart" => key removed successfully

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys" => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{B1C16084-FB69-4668-BA13-32299A7530AA} canceled.

Unable to cancel {C56D0208-841E-4F6A-B5D6-02C91D680DA9}.

{E9367826-495B-4223-8989-0D36BBBF228F} canceled.

Unable to cancel {B4618BC4-6A5A-4CC5-830B-A9719D0F1F35}.

{26CA8F18-D3DA-4D26-AD6D-26486406CBA6} canceled.

{6517F836-5534-41D9-99C8-A0459CA5448A} canceled.

{7DD02A4B-E581-4518-A76C-DAE5F8A72EBF} canceled.

{B5A2D673-62FE-4A85-BE32-C4BDFD716AEF} canceled.

6 out of 8 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-1305061964-975540363-169340528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-1305061964-975540363-169340528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully

Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13951872 B

Java, Flash, Steam htmlcache => 31373290 B

Windows/system/drivers => 46023692 B

Edge => 0 B

Chrome => 835562219 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 66228 B

Public => 0 B

ProgramData => 0 B

systemprofile => 58558412 B

systemprofile32 => 65960 B

LocalService => 107188 B

NetworkService => 0 B

Tepanyan => 267262803 B

RecycleBin => 8594492 B

EmptyTemp: => 1.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:05:42 ====

Here is the new frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016

Ran by Tepanyan (administrator) on TEPANYAN-ПК (30-11-2016 18:14:01)

Running from C:\Users\Tepanyan\Desktop

Loaded Profiles: Tepanyan (Available Profiles: Tepanyan)

Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

( ) C:\Windows\System32\lxczcoms.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(TunnelBear) C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe

(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe

(Flux Software LLC) C:\Users\Tepanyan\AppData\Local\FluxSoftware\Flux\flux.exe

(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe

(Wondershare) F:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe

(Wondershare) F:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\tv_x64.exe

(TeamViewer GmbH) F:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74672 2007-02-09] (Lexmark International, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [295856 2007-02-09] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1305061964-975540363-169340528-1000\...\Run: [f.lux] => C:\Users\Tepanyan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-09] (AVAST Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2016-11-24]

ShortcutTarget: BackupRemind.lnk -> F:\Program Files (x86)\Wondershare\Dr.Fone for Android\BackupRemind.exe (Wondershare)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2016-11-24]

ShortcutTarget: MobileGo Service.lnk -> F:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{BC3E3A84-236B-4B96-9685-A38806EB19C3}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{BC3E3A84-236B-4B96-9685-A38806EB19C3}: [DhcpNameServer] 172.18.13.1

Tcpip\..\Interfaces\{DC67027D-FC85-4D04-9F7F-8662C548F80F}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{DC67027D-FC85-4D04-9F7F-8662C548F80F}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{E64332E8-44EB-4DA4-BBA3-BD828A00F963}: [DhcpNameServer] 192.168.42.129

Internet Explorer:

==================

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-29] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-29] (Oracle Corporation)

FireFox:

========

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-29] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-29] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-11] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-11] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:

=======

CHR DefaultProfile: Profile 1

CHR StartupUrls: Profile 1 -> "hxxp://google.com/","hxxps://www.google.com/","hxxp://mail.ru/cnt/10445?gp=811009"

CHR DefaultSearchURL: Profile 1 -> hxxp://www.bankreferatov.ru/referats/1D0ED02B2BBBA01B43256B5F001B1A27/%D0%A7%D0%B0%D1%81%D1%82%D1%8C%203.doc.html&Key=456458

CHR Profile: C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Default [2016-11-30]

CHR Profile: C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-30]

CHR Extension: (Google Переводчик) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-10-05]

CHR Extension: (Google Презентации) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]

CHR Extension: (Документы Google) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]

CHR Extension: (Диск Google) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]

CHR Extension: (YouTube) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]

CHR Extension: (uBlock Origin) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-28]

CHR Extension: (Avast Online Security) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-09-27]

CHR Extension: (HTTPS Everywhere) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-11-09]

CHR Extension: (Google Документы офлайн) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-27]

CHR Extension: (Avast Online Security) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-26]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-11-02]

CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]

CHR Extension: (Showgoers for Netflix) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pcmaninppdeakmhaonacejmfcgeempfo [2016-10-21]

CHR Extension: (Gmail) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]

CHR Extension: (Chrome Media Router) - C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]

CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)

S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)

S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)

R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-02-09] ( )

R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-02-09] ( )

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-11] (NVIDIA Corporation)

R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)

R2 TeamViewer; f:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)

R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [38272 2016-11-04] (TunnelBear)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)

S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)

R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]

S3 WsDrvInst; f:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [115856 2016-10-20] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40720 2016-11-24] (Google Inc)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-09] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-09] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-09] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-09] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-09] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)

R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [93192 2016-11-11] (Intel Corporation)

R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94440 2016-06-14] (Корпорация Майкрософт)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)

S3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [122880 2016-07-25] (Realtek Semiconductor Corporation ) [File not signed]

S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)

R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 18:14 - 2016-11-30 18:14 - 00018042 _____ C:\Users\Tepanyan\Desktop\FRST.txt

2016-11-30 18:13 - 2016-11-30 18:13 - 00000000 ____D C:\Users\Tepanyan\Desktop\old

2016-11-30 18:04 - 2016-11-30 18:05 - 00005078 _____ C:\Users\Tepanyan\Desktop\Fixlog.txt

2016-11-30 16:59 - 2016-11-30 18:14 - 00000000 ____D C:\FRST

2016-11-30 16:59 - 2016-11-30 16:58 - 02411520 _____ (Farbar) C:\Users\Tepanyan\Desktop\FRST64.exe

2016-11-30 16:12 - 2016-11-30 16:21 - 00000000 ____D C:\Users\Tepanyan\Doctor Web

2016-11-30 15:24 - 2016-11-30 15:24 - 00000000 ____D C:\Users\Tepanyan\Desktop\avz4

2016-11-29 22:37 - 2016-11-29 22:43 - 00000000 ____D C:\Users\Все пользователи\HitmanPro

2016-11-29 22:37 - 2016-11-29 22:43 - 00000000 ____D C:\ProgramData\HitmanPro

2016-11-29 22:37 - 2016-11-29 22:37 - 00000000 ____D C:\Program Files\HitmanPro

2016-11-29 22:34 - 2016-11-29 22:34 - 00004898 _____ C:\Users\Tepanyan\Desktop\JRT.txt

2016-11-29 22:21 - 2016-11-29 22:26 - 00000000 ___SD C:\ComboFix

2016-11-29 22:21 - 2016-11-29 22:21 - 00000000 ____D C:\Qoobox

2016-11-29 22:21 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe

2016-11-29 22:21 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe

2016-11-29 22:21 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2016-11-29 22:21 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2016-11-29 22:21 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2016-11-29 22:21 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe

2016-11-29 22:21 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe

2016-11-29 22:21 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe

2016-11-29 22:20 - 2016-11-29 22:21 - 00000000 ___SD C:\32788R22FWJFW

2016-11-29 22:20 - 2016-11-29 22:20 - 00000000 ____D C:\Windows\erdnt

2016-11-29 22:18 - 2016-11-29 22:20 - 00207460 _____ C:\TDSSKiller.3.1.0.12_29.11.2016_22.18.52_log.txt

2016-11-29 22:16 - 2016-11-29 22:17 - 00002566 _____ C:\Users\Tepanyan\Desktop\Rkill.txt

2016-11-28 21:25 - 2016-11-17 16:45 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2016-11-28 21:25 - 2016-11-17 16:45 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2016-11-28 21:25 - 2016-11-17 16:45 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2016-11-25 21:17 - 2016-11-25 21:16 - 00000717 _____ C:\adb_keys

2016-11-25 21:00 - 2016-11-25 21:00 - 00000000 ____D C:\key

2016-11-25 20:48 - 2016-11-25 20:48 - 00000000 ____D C:\Program Files\Intel

2016-11-25 20:48 - 2016-11-11 17:10 - 00093192 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelHaxm.sys

2016-11-25 20:43 - 2016-11-25 20:43 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\JetBrains

2016-11-25 20:41 - 2016-11-25 20:42 - 00000000 ____D C:\Users\Tepanyan\.AndroidStudio2.2

2016-11-25 20:41 - 2016-11-25 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio

2016-11-25 20:34 - 2016-11-25 20:34 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\Android

2016-11-25 20:33 - 2016-11-25 20:33 - 00000000 ____D C:\Program Files\Android

2016-11-25 19:14 - 2016-11-25 19:14 - 00000000 ____D C:\Users\Tepanyan\Desktop\MyPhoneExplorer portable

2016-11-25 15:28 - 2016-11-25 21:09 - 00000000 ____D C:\adb

2016-11-25 13:31 - 2016-11-25 13:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf

2016-11-25 13:30 - 2016-11-25 13:30 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys

2016-11-25 13:30 - 2016-11-25 13:30 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys

2016-11-25 13:30 - 2016-11-25 13:30 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwh.sys

2016-11-25 13:30 - 2016-11-25 13:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wsadb_01009.Wdf

2016-11-24 16:19 - 2016-11-24 16:19 - 00000000 ____D C:\Users\Все пользователи\wsr

2016-11-24 16:19 - 2016-11-24 16:19 - 00000000 ____D C:\ProgramData\wsr

2016-11-24 16:16 - 2016-11-24 16:16 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll

2016-11-24 16:16 - 2016-11-24 16:16 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll

2016-11-24 16:16 - 2016-11-24 16:16 - 00040720 _____ (Google Inc) C:\Windows\system32\Drivers\wsadb.sys

2016-11-24 16:13 - 2016-11-24 16:13 - 00001056 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone for Android.lnk

2016-11-24 16:13 - 2016-11-24 16:13 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp

2016-11-24 16:06 - 2016-11-24 16:06 - 00001159 _____ C:\Users\Public\Desktop\Wondershare MirrorGo.lnk

2016-11-24 16:06 - 2016-11-24 16:06 - 00000000 ____D C:\Users\Tepanyan\Documents\Wondershare

2016-11-24 16:05 - 2016-11-24 16:05 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\HMYGSetting

2016-11-24 16:04 - 2016-11-25 20:48 - 00000000 ____D C:\Users\Tepanyan\.android

2016-11-24 16:04 - 2016-11-25 16:33 - 00000000 ____D C:\Users\Все пользователи\wondershare

2016-11-24 16:04 - 2016-11-25 16:33 - 00000000 ____D C:\ProgramData\wondershare

2016-11-24 16:04 - 2016-11-24 16:13 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\Wondershare

2016-11-24 16:04 - 2016-11-24 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

2016-11-24 16:04 - 2016-11-24 16:06 - 00000000 ____D C:\Program Files (x86)\Wondershare

2016-11-24 16:04 - 2016-11-24 16:04 - 01179672 _____ C:\Windows\unins000.exe

2016-11-24 16:04 - 2016-11-24 16:04 - 00022823 _____ C:\Windows\unins000.msg

2016-11-24 16:04 - 2016-11-24 16:04 - 00006769 _____ C:\Windows\unins000.dat

2016-11-24 16:04 - 2016-11-24 16:04 - 00000848 _____ C:\Users\Public\Desktop\Wondershare MobileGo.lnk

2016-11-24 16:04 - 2015-02-27 10:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config

2016-11-20 20:42 - 2016-11-29 21:56 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\TunnelBear

2016-11-20 20:42 - 2016-11-29 21:56 - 00000000 ____D C:\Program Files (x86)\TunnelBear

2016-11-20 20:42 - 2016-11-20 20:42 - 00001877 _____ C:\Users\Public\Desktop\TunnelBear.lnk

2016-11-20 20:42 - 2016-11-20 20:42 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\IsolatedStorage

2016-11-20 20:42 - 2016-11-20 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear

2016-11-20 20:28 - 2016-11-20 20:28 - 00000000 ____D C:\Users\Все пользователи\Nexon

2016-11-20 20:28 - 2016-11-20 20:28 - 00000000 ____D C:\ProgramData\Nexon

2016-11-20 19:30 - 2016-11-20 19:30 - 00001089 _____ C:\Users\Tepanyan\Desktop\MapleStory.lnk

2016-11-20 19:07 - 2016-11-20 19:07 - 00000000 ____D C:\Nexon

2016-11-20 18:58 - 2016-11-20 18:58 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\NexonLauncher

2016-11-20 18:58 - 2016-11-20 18:58 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\Crashpad

2016-11-20 18:22 - 2016-11-20 19:07 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\NexonLauncher

2016-11-20 18:22 - 2016-11-20 18:22 - 00001050 _____ C:\Users\Tepanyan\Desktop\Nexon Launcher.lnk

2016-11-17 15:03 - 2016-11-11 01:23 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2016-11-17 15:03 - 2016-09-09 21:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll

2016-11-17 15:03 - 2016-09-09 21:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll

2016-11-17 15:03 - 2016-09-09 21:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe

2016-11-17 15:03 - 2016-09-09 21:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe

2016-11-17 15:00 - 2016-11-11 02:48 - 40123840 _____ C:\Windows\system32\nvcompiler.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 35222464 _____ C:\Windows\SysWOW64\nvcompiler.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 34704952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 28140088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 17361976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 14048824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2016-11-17 15:00 - 2016-11-11 02:48 - 10912048 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 10795128 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 10346024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 09150888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 08754160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 03645496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 03208248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437586.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437586.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00975928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00943552 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00897080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2016-11-17 15:00 - 2016-11-11 02:48 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2016-11-16 16:14 - 2016-11-16 16:14 - 00177226 _____ C:\Users\Tepanyan\Desktop\Week1-2_logo.pdf

2016-11-16 16:14 - 2016-11-16 16:14 - 00174083 _____ C:\Users\Tepanyan\Desktop\Week1-1_logo.pdf

2016-11-10 00:20 - 2016-11-02 18:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2016-11-10 00:20 - 2016-11-02 18:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2016-11-10 00:20 - 2016-10-28 06:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2016-11-10 00:20 - 2016-10-28 06:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2016-11-10 00:20 - 2016-10-27 21:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-11-10 00:20 - 2016-10-27 21:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-11-10 00:20 - 2016-10-27 21:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2016-11-10 00:20 - 2016-10-27 21:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-11-10 00:20 - 2016-10-27 20:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-11-10 00:20 - 2016-10-27 20:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2016-11-10 00:20 - 2016-10-27 20:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-11-10 00:20 - 2016-10-27 20:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2016-11-10 00:20 - 2016-10-27 20:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-11-10 00:20 - 2016-10-27 20:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-11-10 00:20 - 2016-10-27 20:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-11-10 00:20 - 2016-10-27 18:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-11-10 00:20 - 2016-10-25 18:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-11-10 00:20 - 2016-10-22 20:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-11-10 00:20 - 2016-10-22 19:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-11-10 00:20 - 2016-10-22 19:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2016-11-10 00:20 - 2016-10-22 19:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2016-11-10 00:20 - 2016-10-22 19:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-11-10 00:20 - 2016-10-22 19:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-11-10 00:20 - 2016-10-22 19:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-11-10 00:20 - 2016-10-15 18:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2016-11-10 00:20 - 2016-10-15 18:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2016-11-10 00:20 - 2016-10-11 18:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2016-11-10 00:20 - 2016-10-11 18:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME

2016-11-10 00:20 - 2016-10-11 18:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2016-11-10 00:20 - 2016-10-11 18:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2016-11-10 00:20 - 2016-10-11 18:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime

2016-11-10 00:20 - 2016-10-11 18:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll

2016-11-10 00:20 - 2016-10-11 18:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime

2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime

2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime

2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime

2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime

2016-11-10 00:20 - 2016-10-11 18:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime

2016-11-10 00:20 - 2016-10-11 18:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime

2016-11-10 00:20 - 2016-10-11 18:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME

2016-11-10 00:20 - 2016-10-11 18:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

2016-11-10 00:20 - 2016-10-11 18:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll

2016-11-10 00:20 - 2016-10-11 18:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime

2016-11-10 00:20 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime

2016-11-10 00:20 - 2016-10-11 18:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime

2016-11-10 00:20 - 2016-10-11 16:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2016-11-10 00:20 - 2016-10-11 16:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll

2016-11-10 00:20 - 2016-10-10 18:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-11-10 00:20 - 2016-10-10 18:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-11-10 00:20 - 2016-10-10 18:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-11-10 00:20 - 2016-10-10 18:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2016-11-10 00:20 - 2016-10-07 18:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2016-11-10 00:20 - 2016-10-07 18:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-11-10 00:20 - 2016-10-07 18:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2016-11-10 00:20 - 2016-10-07 18:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-11-10 00:20 - 2016-10-07 18:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll

2016-11-10 00:20 - 2016-10-07 18:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2016-11-10 00:20 - 2016-10-07 18:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll

2016-11-10 00:20 - 2016-10-07 18:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2016-11-10 00:20 - 2016-10-07 18:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2016-11-10 00:20 - 2016-10-07 18:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-11-10 00:20 - 2016-10-07 18:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll

2016-11-10 00:20 - 2016-10-05 17:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys

2016-11-10 00:20 - 2016-09-15 17:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2016-11-10 00:20 - 2016-09-09 21:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2016-11-10 00:20 - 2016-09-09 21:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2016-11-10 00:20 - 2016-08-22 19:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2016-11-10 00:19 - 2016-11-02 18:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2016-11-10 00:19 - 2016-11-02 18:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2016-11-10 00:19 - 2016-11-02 18:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2016-11-10 00:19 - 2016-11-02 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2016-11-10 00:19 - 2016-11-02 18:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2016-11-10 00:19 - 2016-11-02 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2016-11-10 00:19 - 2016-11-02 18:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2016-11-10 00:19 - 2016-11-02 17:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2016-11-10 00:19 - 2016-10-27 22:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-11-10 00:19 - 2016-10-27 22:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2016-11-10 00:19 - 2016-10-27 21:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2016-11-10 00:19 - 2016-10-27 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-11-10 00:19 - 2016-10-27 21:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2016-11-10 00:19 - 2016-10-27 21:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-11-10 00:19 - 2016-10-27 21:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2016-11-10 00:19 - 2016-10-27 21:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-11-10 00:19 - 2016-10-27 21:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2016-11-10 00:19 - 2016-10-27 21:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-11-10 00:19 - 2016-10-27 21:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-11-10 00:19 - 2016-10-27 21:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2016-11-10 00:19 - 2016-10-27 21:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-11-10 00:19 - 2016-10-27 21:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2016-11-10 00:19 - 2016-10-27 21:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-11-10 00:19 - 2016-10-27 21:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2016-11-10 00:19 - 2016-10-27 21:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2016-11-10 00:19 - 2016-10-27 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2016-11-10 00:19 - 2016-10-27 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-11-10 00:19 - 2016-10-27 21:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-11-10 00:19 - 2016-10-27 21:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2016-11-10 00:19 - 2016-10-27 20:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2016-11-10 00:19 - 2016-10-27 19:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-11-10 00:19 - 2016-10-22 20:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2016-11-10 00:19 - 2016-10-22 20:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2016-11-10 00:19 - 2016-10-22 20:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2016-11-10 00:19 - 2016-10-22 20:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-11-10 00:19 - 2016-10-22 20:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2016-11-10 00:19 - 2016-10-22 20:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2016-11-10 00:19 - 2016-10-22 20:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2016-11-10 00:19 - 2016-10-22 20:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2016-11-10 00:19 - 2016-10-22 20:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2016-11-10 00:19 - 2016-10-22 20:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-11-10 00:19 - 2016-10-22 20:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2016-11-10 00:19 - 2016-10-22 20:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2016-11-10 00:19 - 2016-10-22 20:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2016-11-10 00:19 - 2016-10-22 20:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2016-11-10 00:19 - 2016-10-22 20:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2016-11-10 00:19 - 2016-10-22 19:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2016-11-10 00:19 - 2016-10-22 19:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2016-11-10 00:19 - 2016-10-22 19:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2016-11-10 00:19 - 2016-10-22 19:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2016-11-10 00:19 - 2016-10-22 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2016-11-10 00:19 - 2016-10-22 19:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-11-10 00:19 - 2016-10-22 19:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-11-10 00:19 - 2016-10-15 18:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2016-11-10 00:19 - 2016-10-15 18:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2016-11-10 00:19 - 2016-10-11 18:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2016-11-10 00:19 - 2016-10-11 18:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime

2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime

2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime

2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime

2016-11-10 00:19 - 2016-10-11 18:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime

2016-11-10 00:19 - 2016-10-10 18:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-11-10 00:19 - 2016-10-10 18:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-11-10 00:19 - 2016-10-10 18:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-11-10 00:19 - 2016-10-10 18:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-11-10 00:19 - 2016-10-10 18:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-11-10 00:19 - 2016-10-10 18:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2016-11-10 00:19 - 2016-10-10 18:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2016-11-10 00:19 - 2016-10-10 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-11-10 00:19 - 2016-10-10 17:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-11-10 00:19 - 2016-10-10 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-11-10 00:19 - 2016-10-10 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-11-10 00:19 - 2016-10-10 17:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-11-10 00:19 - 2016-10-10 17:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2016-11-10 00:19 - 2016-10-10 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 18:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2016-11-10 00:19 - 2016-10-07 18:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2016-11-10 00:19 - 2016-10-07 18:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2016-11-10 00:19 - 2016-10-07 18:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2016-11-10 00:19 - 2016-10-07 18:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2016-11-10 00:19 - 2016-10-07 17:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-11-10 00:19 - 2016-10-07 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2016-11-10 00:19 - 2016-10-07 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2016-11-10 00:19 - 2016-10-07 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2016-11-10 00:19 - 2016-10-07 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2016-11-10 00:19 - 2016-10-07 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2016-11-10 00:19 - 2016-10-07 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2016-11-10 00:19 - 2016-09-13 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2016-11-10 00:19 - 2016-09-13 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2016-11-09 18:05 - 2016-11-09 18:05 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux

2016-11-09 18:05 - 2016-11-09 18:05 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\FluxSoftware

2016-11-06 01:37 - 2016-11-06 12:53 - 00000000 ____D C:\AdwCleaner

2016-11-05 19:43 - 2016-11-05 19:43 - 00000607 _____ C:\Users\Tepanyan\Desktop\кекс.txt

2016-11-01 15:18 - 2016-11-01 15:18 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\OpenDNS Updater

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 18:13 - 2011-04-12 16:26 - 00723936 _____ C:\Windows\system32\perfh019.dat

2016-11-30 18:13 - 2011-04-12 16:26 - 00150252 _____ C:\Windows\system32\perfc019.dat

2016-11-30 18:13 - 2009-07-14 08:13 - 01647438 _____ C:\Windows\system32\PerfStringBackup.INI

2016-11-30 18:13 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf

2016-11-30 18:10 - 2016-07-25 17:31 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\Skype

2016-11-30 18:08 - 2016-07-25 18:16 - 00000000 ____D C:\Users\Все пользователи\NVIDIA

2016-11-30 18:08 - 2016-07-25 18:16 - 00000000 ____D C:\ProgramData\NVIDIA

2016-11-30 18:07 - 2016-07-25 16:53 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-11-30 18:07 - 2016-07-25 13:44 - 00000000 ____D C:\Users\Tepanyan

2016-11-30 18:07 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-11-30 18:04 - 2016-07-25 16:53 - 00000970 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-11-30 18:04 - 2009-07-14 07:45 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-11-30 18:04 - 2009-07-14 07:45 - 00016864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-11-30 18:04 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2016-11-30 18:04 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2016-11-30 15:26 - 2016-10-08 02:53 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\CrashDumps

2016-11-30 10:38 - 2016-07-26 18:16 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\vlc

2016-11-29 22:59 - 2016-09-28 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-11-28 21:26 - 2016-10-03 12:20 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2016-11-28 21:26 - 2016-09-26 00:55 - 00003794 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-11-28 21:26 - 2016-09-26 00:54 - 00003844 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-11-28 21:26 - 2016-09-26 00:54 - 00003606 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-11-28 21:26 - 2016-07-25 18:10 - 00000000 ____D C:\Users\Все пользователи\NVIDIA Corporation

2016-11-28 21:26 - 2016-07-25 18:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-11-28 21:26 - 2016-07-25 18:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2016-11-28 21:26 - 2016-07-25 17:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2016-11-28 21:25 - 2016-09-26 00:54 - 00003844 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-11-28 21:25 - 2016-09-26 00:54 - 00003782 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-11-28 21:25 - 2016-09-26 00:54 - 00003546 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-11-24 01:32 - 2016-08-14 21:49 - 00000000 ____D C:\Users\Tepanyan\AppData\Roaming\uTorrent

2016-11-23 21:27 - 2016-09-09 14:00 - 00000000 ____D C:\Users\Tepanyan\AppData\LocalLow\uTorrent

2016-11-23 12:16 - 2016-07-25 17:31 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-11-23 12:16 - 2016-07-25 17:30 - 00000000 ____D C:\Users\Все пользователи\Skype

2016-11-23 12:16 - 2016-07-25 17:30 - 00000000 ____D C:\ProgramData\Skype

2016-11-20 20:42 - 2016-07-25 18:10 - 00000000 ____D C:\Users\Все пользователи\Package Cache

2016-11-20 20:42 - 2016-07-25 18:10 - 00000000 ____D C:\ProgramData\Package Cache

2016-11-20 15:25 - 2016-10-16 11:20 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\ElevatedDiagnostics

2016-11-17 16:45 - 2016-10-03 12:20 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2016-11-17 16:45 - 2016-10-03 12:20 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2016-11-17 16:45 - 2016-10-03 12:20 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2016-11-17 16:45 - 2016-10-03 12:20 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2016-11-17 16:45 - 2016-10-03 12:20 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll

2016-11-17 15:04 - 2016-09-23 16:33 - 00000000 ____D C:\temp

2016-11-17 15:04 - 2016-07-25 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2016-11-17 15:03 - 2016-07-25 18:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2016-11-16 19:42 - 2016-09-26 00:54 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

2016-11-15 12:05 - 2016-07-25 16:54 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-11-15 12:05 - 2016-07-25 16:54 - 00002209 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-11-12 19:20 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache

2016-11-11 02:48 - 2016-10-29 00:16 - 00491720 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2016-11-11 02:48 - 2016-08-29 00:03 - 19936464 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2016-11-11 02:48 - 2016-08-29 00:03 - 17440744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2016-11-11 02:48 - 2016-08-29 00:03 - 14409936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2016-11-11 02:48 - 2016-08-29 00:03 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2016-11-11 02:48 - 2016-08-29 00:03 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2016-11-11 02:48 - 2016-08-29 00:03 - 00041344 _____ C:\Windows\system32\nvinfo.pb

2016-11-11 01:38 - 2016-09-26 23:29 - 07511235 _____ C:\Windows\system32\nvcoproc.bin

2016-11-11 01:38 - 2016-09-26 23:29 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2016-11-11 01:38 - 2016-09-26 23:29 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2016-11-11 01:38 - 2016-09-26 23:29 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2016-11-11 01:38 - 2016-09-26 23:29 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2016-11-11 01:38 - 2016-09-26 23:29 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2016-11-11 01:38 - 2016-09-26 23:29 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2016-11-11 01:38 - 2016-09-26 23:29 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2016-11-10 12:40 - 2009-07-14 07:45 - 00409440 _____ C:\Windows\system32\FNTCACHE.DAT

2016-11-10 03:04 - 2016-07-31 16:51 - 00000000 ____D C:\Windows\system32\MRT

2016-11-10 03:01 - 2016-07-31 16:50 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-11-07 20:00 - 2016-09-27 22:33 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2016-11-04 19:58 - 2016-09-27 22:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-11-03 15:32 - 2016-07-25 15:07 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-11-01 15:22 - 2016-07-25 15:09 - 00000000 ____D C:\Users\Tepanyan\AppData\Local\Google

2016-10-31 14:05 - 2016-07-25 15:08 - 00000000 ____D C:\Program Files (x86)\Google

Some files in TEMP:

====================

C:\Users\Tepanyan\AppData\Local\Temp\rtdrvmon.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-24 13:23

==================== End of FRST.txt ============================

here is the new additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016

Ran by Tepanyan (30-11-2016 18:14:54)

Running from C:\Users\Tepanyan\Desktop

Windows 7 Ultimate Service Pack 1 (X64) (2016-07-25 10:44:16)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Tepanyan (S-1-5-21-1305061964-975540363-169340528-1000 - Administrator - Enabled) => C:\Users\Tepanyan

Администратор (S-1-5-21-1305061964-975540363-169340528-500 - Administrator - Disabled)

Гость (S-1-5-21-1305061964-975540363-169340528-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1305061964-975540363-169340528-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1926.41617 - ABBYY Software House)

Adobe Acrobat Reader DC - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)

Android Debug Bridge (ADB) 1.0.35 (HKLM-x32\...\Android Debug Bridge (ADB) 1.0.35) (Version: 1.0.35 - Google)

Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)

Ansel (Version: 375.86 - NVIDIA Corporation) Hidden

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)

CrystalDiskInfo 7.0.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.2 - Crystal Dew World)

Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)

f.lux (HKU\S-1-5-21-1305061964-975540363-169340528-1000\...\Flux) (Version: - )

Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)

Intel® Hardware Accelerated Execution Manager (HKLM\...\{27276DC1-66AA-4B16-918D-5AB1EEDF09C6}) (Version: 6.0.5 - Intel Corporation)

Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.)

Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 2.0 fix Version 1.0.0.1 (HKLM-x32\...\{C12304D8-48C3-46C9-A62F-82FFAFC04170}_is1) (Version: 1.0.0.1 - Wondershare, Inc.)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.6.01055 - Корпорация Майкрософт)

Microsoft Office 2007, версия null (HKLM-x32\...\{F11C12A8-55E1-4438-85E2-C745E886DF77}_is1) (Version: null - )

Microsoft Office профессиональный плюс 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)

NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)

NVIDIA Аудиодрайвер HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)

NVIDIA Графический драйвер 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation)

NVIDIA Драйвер 3D Vision 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.86 - NVIDIA Corporation)

NVIDIA Драйвер контроллера 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA Системное программное обеспечение PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden

Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)

Portal 2 (HKLM\...\Steam App 620) (Version: - Valve)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)

SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden

SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden

Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)

TunnelBear (HKLM-x32\...\{1cc2998e-1582-4641-a524-47d725ce1ba7}) (Version: 3.0.29.0 - TunnelBear)

TunnelBear (x32 Version: 3.0.29.0 - TunnelBear) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.)

Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

WinRAR 5.31 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

Wondershare Dr.Fone for Android(Build 6.5.0.12) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 6.5.0.12 - Wondershare Software Co.,Ltd.)

Wondershare MirrorGo(Version 1.7.0) (HKLM-x32\...\{EE843B49-D9BC-4A9E-A8A7-B9F14C0381C7}_is1) (Version: 1.7.0 - Wondershare)

Wondershare MobileGo(Version 8.2.3) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.2.3 - Wondershare)

Обновления NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden

Панель управления NVIDIA 375.86 (Version: 375.86 - NVIDIA Corporation) Hidden

Помощник по обновлению до Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)

Решения факса Lexmark (HKLM\...\Lexmark Fax Solutions) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {253CC718-3D6F-4DC5-B02B-8A160BB3C3C8} - System32\Tasks\SafeZone scheduled Autoupdate 1469448589 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)

Task: {2B522802-5300-44C0-92DF-9D0E1395A55A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)

Task: {3D5C139C-7BAB-49CF-AD50-ED480C10EDF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)

Task: {47D6F1E8-F494-424C-B61A-A97581668FD6} - System32\Tasks\{557A5A5D-5E2A-4399-8241-193AEC63F10F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?source=lightinstaller&page=tsBing

Task: {55E05367-09BB-4465-8442-824C8B271F62} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)

Task: {5F252A33-AF4B-436C-9D85-602641CD84B7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)

Task: {8B0609F4-68E1-4916-A844-2BC66C8F0EAA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)

Task: {8DC20C5A-E88B-44E3-8C54-BE89AA712DE7} - System32\Tasks\{517CFD63-CD21-4CDC-875F-5E27F85DF88E} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.6.0.105&LastError=404

Task: {AAFF02B9-9890-412E-B8E6-FD330F2A6E9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))

Task: {B5B884FC-CABE-450B-9C50-034FF3D5D257} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-25] (AVAST Software)

Task: {D164EB23-764E-4667-A357-37FAAB8AF7EF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)

Task: {E40F5157-6A6B-45BA-999B-ACA998F38213} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)

Task: {E542E5F4-7CFC-495C-A176-9A209349A818} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)

Task: {E9EF558E-FBC4-4168-A3FD-8E9885B27CBC} - System32\Tasks\{4158F142-8204-4591-84B7-167880542249} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?source=lightinstaller&page=tsBing

Task: {FD54BDEB-08CA-4D6C-9EEB-8166825BE03D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-09] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Tepanyan\Desktop\Компьютер - Ярлык.lnk -> 0x4C0000000114020000000000C0000000000000468100080000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000FF000000090000A0720000003153505330F125B7EF471A10A5F102608C9EEBAC250000000A000000001F0000000A0000001A043E043C043F044C044E0442043504400400003100000004000000001F00000010000000210438044104420435043C043D0430044F0420003F0430043F043A0430040000000000008100000031535053A66A63283D95D211B5D600C04FD918D0650000001E000000001F000000290000003A003A007B00320030004400300034004600450030002D0033004100450041002D0031003000360039002D0041003200440038002D003000380030003000320042003300300033003000390044007D0000000000000000000000000000000000 <===== Cyrillic

Shortcut: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <===== Cyrillic

Shortcut: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <===== Cyrillic

Shortcut: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <===== Cyrillic

ShortcutWithArgument: C:\Users\Tepanyan\Desktop\Помощник по обновлению до Windows 10.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10China:VNL:EOMODAL:{}" <===== Cyrillic

ShortcutWithArgument: C:\Users\Tepanyan\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://rigneda.ru/?utm_source=startlink03&utm_content=adbf052057e305ed7ecce74202676864&utm_term=036B8C061FFABA00B6629A9CEFF0B197&utm_d=20160927"

ShortcutWithArgument: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --disable-quic

ShortcutWithArgument: C:\Users\Tepanyan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2fae1f4995fc9e7f\NexonLauncher.lnk -> F:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\nexon_client.exe (The NWJS Community) -> --user-data-dir="C:\Users\Tepanyan\AppData\Local\NexonLauncher\User Data" --profile-directory=Default --app-id=dobbaijafcbikgimjpakclacfgeagffm

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Помощник по обновлению до Windows 10.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation) -> /ClientID "Win10China:VNL:EOMODAL:{}" <===== Cyrillic

ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-09-26 20:54 - 2006-11-22 17:21 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL

2016-09-26 20:54 - 2006-11-22 17:05 - 00012288 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\FxCtrStr.dll

2016-09-26 20:54 - 2006-11-22 17:19 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll

2016-09-26 00:54 - 2016-11-17 16:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2016-09-26 00:54 - 2016-11-17 16:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll

2016-09-26 00:55 - 2016-11-17 16:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll

2006-01-11 01:11 - 2006-01-11 01:11 - 00054784 _____ () C:\Windows\system32\lxczcnv4.dll

2016-09-26 23:29 - 2016-11-11 01:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll

2016-11-15 12:05 - 2016-11-09 00:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll

2016-11-15 12:05 - 2016-11-09 00:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

2016-11-09 00:53 - 2016-11-09 00:53 - 31067840 _____ () C:\Users\Tepanyan\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll

2016-09-09 11:07 - 2016-09-09 11:07 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-11-30 12:54 - 2016-11-30 12:54 - 03133960 _____ () C:\Program Files\AVAST Software\Avast\defs\16113000\algo.dll

2016-09-09 11:07 - 2016-09-09 11:07 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-09-26 00:54 - 2016-11-17 13:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node

2016-09-26 00:54 - 2016-11-17 13:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node

2016-09-26 00:54 - 2016-11-17 13:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node

2016-09-26 00:54 - 2016-11-17 16:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2016-09-26 00:54 - 2016-11-17 16:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

2016-09-26 00:54 - 2016-11-17 13:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node

2016-09-26 00:54 - 2016-11-17 13:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

2016-09-26 00:54 - 2016-11-17 13:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node

2016-09-26 00:54 - 2016-11-17 13:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node

2016-10-03 12:19 - 2016-11-17 16:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-07-25 15:06 - 2016-07-25 15:06 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2016-11-30 18:04 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1305061964-975540363-169340528-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FD466F2E-C562-4B43-8234-05F9489B1D1F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{4C41CB37-68FF-40F9-8C5D-1C1C0C14C644}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{DB1C95BD-E448-4022-A5C0-A5BD4AD1411F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{9280DF4C-D8B3-4913-8147-5ABB507C4628}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{20F0DCAF-3F97-4456-B01E-63B70F585D13}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{4C416979-61EB-48B7-B9F5-EB162C26F0D6}] => (Allow) F:\SteamLibrary\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{9A2499B0-2A19-4CF9-8545-953E1CE8CEF1}] => (Allow) F:\SteamLibrary\steamapps\common\Portal 2\portal2.exe

FirewallRules: [TCP Query User{0D0F1786-9DA8-4024-BB88-8B91E0250C9D}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [UDP Query User{AC071DC0-3658-48E4-BB24-234C95293DBA}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe

FirewallRules: [{CABBD2F3-C6E5-468F-BCFE-AC558AE0CAAD}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{BEAF5D26-8739-498E-9267-99AA11CF3748}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A6B1E973-9F19-4595-8EB0-3E32A3CCF077}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{DE9301D6-AA02-40CC-B54D-746488AB9C22}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{40134435-4D67-47AB-93A9-4EF12F7945BA}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{1754EF0B-0A71-4928-BEE7-CE648480DDBA}] => (Allow) C:\Users\Tepanyan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{AE0AAED8-7FDE-4966-A681-49DBCD4D2773}] => (Allow) C:\Windows\SysWOW64\lxczcoms.exe

FirewallRules: [{59973335-112B-4D0F-A50E-7715BC532810}] => (Allow) C:\Windows\SysWOW64\lxczcoms.exe

FirewallRules: [{807C0906-12C7-49DF-89D5-67C2D944B30F}] => (Allow) C:\Program Files\UBar\ubar.exe

FirewallRules: [{94923CAA-114D-4A2F-8A2B-E3552736B55F}] => (Allow) C:\Users\Tepanyan\AppData\Local\Amigo\Application\amigo.exe

FirewallRules: [{95D9797B-1486-4F18-BC96-4FC5EA03EB3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{D80CF78B-968A-455B-89A7-F2882B55F38D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{317A6AEE-019B-410F-B860-6CCE9A8CD4D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{77E090E5-8CD3-4F12-899B-0A85E6087A3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{EED28FA7-AE78-49C4-95DA-BA4DF4534C96}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{6D1150DE-3086-4F46-AFD5-EA19A5A0A0D6}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{0BB827B2-D650-42E7-8E0C-49374E0AB930}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{2FC003B0-415E-4449-AA5C-BAF99B38C8C5}] => (Allow) F:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{29377259-8EEB-4CCA-9874-3570A5A3E20D}] => (Allow) C:\Windows\System32\lxczcoms.exe

FirewallRules: [{68B8C15D-29AB-47D0-9B9B-CFA80A492C2F}] => (Allow) C:\Windows\System32\lxczcoms.exe

FirewallRules: [{7A44E695-4394-4244-8E45-B9A50B51D03C}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe

FirewallRules: [{BE13511F-694D-4DA5-AB04-85BDF29A94F0}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe

FirewallRules: [{8A880D70-C85B-4D35-8231-1EF8CB6958F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{1BBB981C-13FA-4A25-AD4B-48E36591E752}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe

FirewallRules: [{3FB61A08-1669-4A62-B577-B473455DF891}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{4EBD229B-18F1-4083-AFD6-B873FBFFB159}F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe

FirewallRules: [UDP Query User{B735D363-9F15-4238-8FC6-BF830A84C873}F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe

FirewallRules: [{3E8DF579-79EA-4C8F-BC78-CFB631E09D3C}] => (Block) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe

FirewallRules: [{23956FFA-C3A4-4B63-AAF4-C2EA35C56043}] => (Block) F:\program files (x86)\wondershare\mobilego\mobilegoservice.exe

FirewallRules: [TCP Query User{29A6D61F-3C68-471A-AC41-5EECAC709541}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe

FirewallRules: [UDP Query User{0094C0EF-BC89-4641-863F-D5F15F615D5F}C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe] => (Allow) C:\program files (x86)\wondershare\mirrorgo\mirrorgo.exe

FirewallRules: [TCP Query User{F0A02772-78F8-41E9-9A6B-0C7AD922977A}F:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilego.exe

FirewallRules: [UDP Query User{ED404D8D-50D5-41C0-9050-C03CDC1A0C93}F:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) F:\program files (x86)\wondershare\mobilego\mobilego.exe

FirewallRules: [TCP Query User{92C7860F-277C-43EF-9716-A339035D12B1}C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe] => (Allow) C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe

FirewallRules: [UDP Query User{7396C095-8959-4306-8C9A-CACDA11B8412}C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe] => (Allow) C:\users\tepanyan\desktop\myphoneexplorer portable\myphoneexplorer portable.exe

==================== Restore Points =========================

24-11-2016 16:16:22 Установить пакет драйверов устройств: Google, Inc. SAMSUNG Android Phone

24-11-2016 16:16:48 Установить пакет драйверов устройств: Google Corporation

29-11-2016 22:21:45 ComboFix created restore point

29-11-2016 22:32:24 JRT Pre-Junkware Removal

29-11-2016 22:43:01 Checkpoint by HitmanPro

30-11-2016 18:04:20 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/30/2016 06:08:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/30/2016 06:04:18 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Ошибка теневого копирования тома: непредвиденная ошибка при запросе интерфейса IVssWriterCallback. hr = 0x80070005, Отказано в доступе.

Наиболее вероятная причина - неправильные параметры безопасности запрашивающего процесса или записывающего процесса.

Операция:

Сбор данных модуля записи

Контекст:

Код класса модуля записи: {e8132975-6f93-4464-a53e-1050253ae220}

Имя модуля записи: System Writer

Код экземпляра модуля записи: {87ef797e-bb96-4578-b237-f2693591250c}

Error: (11/30/2016 03:26:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Имя сбойного приложения: avz.exe, версия: 4.45.0.104, отметка времени: 0x2a425e19

Имя сбойного модуля: unknown, версия: 0.0.0.0, отметка времени 0x00000000

Код исключения: 0xc0000005

Смещение ошибки: 0x10f6ac3c

Идентификатор сбойного процесса: 0x1390

Время запуска сбойного приложения: 0x01d24b04ab76dfaa

Путь сбойного приложения: C:\Users\Tepanyan\Desktop\avz4\avz.exe

Путь сбойного модуля: unknown

Код отчета: 34a5ce7d-b6f8-11e6-9007-50e54952befa

Error: (11/30/2016 03:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Имя сбойного приложения: avz.exe, версия: 4.45.0.104, отметка времени: 0x2a425e19

Имя сбойного модуля: unknown, версия: 0.0.0.0, отметка времени 0x00000000

Код исключения: 0xc0000005

Смещение ошибки: 0x10f6ac3c

Идентификатор сбойного процесса: 0xe30

Время запуска сбойного приложения: 0x01d24b0442cd5958

Путь сбойного приложения: C:\Users\Tepanyan\AppData\Local\Temp\Rar$EXa0.938\avz4\avz.exe

Путь сбойного модуля: unknown

Код отчета: d835bbbe-b6f7-11e6-9007-50e54952befa

Error: (11/30/2016 03:20:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Имя сбойного приложения: avz.exe, версия: 4.45.0.104, отметка времени: 0x2a425e19

Имя сбойного модуля: unknown, версия: 0.0.0.0, отметка времени 0x00000000

Код исключения: 0xc0000005

Смещение ошибки: 0x10f6ac3c

Идентификатор сбойного процесса: 0x1648

Время запуска сбойного приложения: 0x01d24b0366fb12bb

Путь сбойного приложения: C:\Users\Tepanyan\AppData\Local\Temp\Rar$EXa0.130\avz4\avz.exe

Путь сбойного модуля: unknown

Код отчета: 6e53b0d8-b6f7-11e6-9007-50e54952befa

Error: (11/30/2016 12:54:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (11/30/2016 10:37:46 AM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (11/30/2016 01:11:15 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Программа League of Legends.exe версии 6.23.166.3007 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.

ИД процесса: 99c

Время запуска: 01d24a8d523aab15

Время завершения: 18

Путь приложения: F:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.153\deploy\League of Legends.exe

ИД отчета:

Error: (11/29/2016 10:49:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Error: (11/29/2016 10:28:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

System errors:

=============

Error: (11/30/2016 06:06:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Сбой при запуске службы "Защита программного обеспечения" из-за ошибки

Служба не запущена из-за ошибки входа в систему.

Error: (11/30/2016 06:06:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: Службе "sppsvc" не удалось войти в систему с именем "NT AUTHORITY\NetworkService" и текущим паролем, поскольку произошла ошибка:

Такой запрос не поддерживается.

Чтобы правильно настроить эту службу, используйте оснастку "Службы" в Консоли управления (MMC).

Error: (11/30/2016 06:05:56 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: Регистрация сервера {F9717507-6651-4EDB-BFF7-AE615179BCCF} DCOM не прошла за отведенное время ожидания.

Error: (11/30/2016 06:05:55 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: Регистрация сервера {3EB3C877-1F16-487C-9050-104DBCD66683} DCOM не прошла за отведенное время ожидания.

Error: (11/30/2016 06:04:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Диспетчер управления службами пытался выполнить исправляющее действие (Перезапуск службы) после непредвиденного завершения службы Windows Search, но при этом произошла следующая ошибка:

Одна копия службы уже запущена.

Error: (11/30/2016 06:04:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Служба "TunnelBear Maintenance" неожиданно прервана. Это произошло (раз): 1.

Error: (11/30/2016 06:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Служба Windows Search была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы.

Error: (11/30/2016 06:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Служба Защита программного обеспечения была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 120000 мсек: Перезапуск службы.

Error: (11/30/2016 06:04:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Служба "Wondershare Application Framework Service" неожиданно прервана. Это произошло (раз): 1.

Error: (11/30/2016 06:04:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Служба NVIDIA LocalSystem Container была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 1000 мсек: Перезапуск службы.

CodeIntegrity:

===================================

Date: 2016-09-09 08:28:59.667

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 08:27:59.866

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-09 08:27:59.741

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-08 20:25:00.585

Date: 2016-09-08 20:24:11.882

Date: 2016-09-08 20:24:11.726

Date: 2016-09-08 14:20:38.513

Date: 2016-09-08 14:19:28.960

Date: 2016-09-08 14:19:28.913

Date: 2016-09-08 08:23:10.626

==================== Memory info ===========================

Processor: Intel® Core™ i5-2310 CPU @ 2.90GHz

Percentage of memory in use: 33%

Total physical RAM: 8109.13 MB

Available physical RAM: 5392.14 MB

Total Virtual: 16216.43 MB

Available Virtual: 13214.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:152.34 GB) (Free:84.54 GB) NTFS

Drive d: (Work) (Fixed) (Total:247.66 GB) (Free:168.58 GB) NTFS

Drive e: (Home) (Fixed) (Total:217.8 GB) (Free:160.11 GB) NTFS

Drive f: (Programm) (Fixed) (Total:313.42 GB) (Free:102.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 828F2E34)

Partition 1: (Active) - (Size=306 MB) - (Type=0B)

Partition 2: (Not Active) - (Size=247.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=217.8 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2720A764)

Partition 1: (Not Active) - (Size=152.3 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=313.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

thanks in advance

#6
zep516

Posted 30 November 2016 - 09:28 AM

Trusted Helper

Malware Removal
8,107 posts

Reset your Chrome browser settings
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.

Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Are we still getting the URL Message after this is done.

Thanks
Joe

#7
Lpk44

Posted 30 November 2016 - 09:35 AM

New Member

Topic Starter
Member
9 posts

I already ran the cleanup tool. is it necessary for me to reset the settings still?
So far so good, no problems yet. I'll reply back in an hour or so if it's still like that.

Thanks a lot for your help so far

Also, did you just invest time into reading such logs at the beginning and learn from there or did you start to learn such things from a c ertain place?
I am just curious because i am willing to learn how to do these things myself.
Perhaps not an appropriate place to ask but it's the easiest way.

Edited by Lpk44, 30 November 2016 - 09:40 AM.

#8
zep516

Posted 30 November 2016 - 10:25 AM

Trusted Helper

Malware Removal
8,107 posts

Learned from here

http://www.geekstogo...-fight-malware/

#9
Lpk44

Posted 30 November 2016 - 12:14 PM

New Member

Topic Starter
Member
9 posts

Hey zep516,

I haven't had any popups from avast after running your fix, thanks a lot for helping me out.

Alex

#10
zep516

Posted 30 November 2016 - 01:06 PM

Trusted Helper

Malware Removal
8,107 posts

:Uninstall ComboFix: <=====Important !

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

#11
Lpk44

Posted 30 November 2016 - 01:18 PM

New Member

Topic Starter
Member
9 posts

Hey, it says Windows cannot find it. what to do now?

#12
zep516

Posted 30 November 2016 - 01:21 PM

Trusted Helper

Malware Removal
8,107 posts

Lets do this,

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report.
Paste it for my review.