Chrome.exe infected

TimofeyT · May 31, 2015

Dear experts,

I got infected some time ago and now dozens of Chrome.exe processes eat up to 80% of the memeory. I would be extremely grateful if you could help me solve the problem. Please find below the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01

Ran by Timofey Tyagur (administrator) on TIMOFEY on 31-05-2015 18:23:30

Running from C:\Users\Timofey Tyagur\Downloads

Loaded Profiles: Timofey Tyagur (Available Profiles: Timofey Tyagur)

Platform: Windows 8 Single Language (X64) OS Language: Русский (Россия)

Internet Explorer Version 10 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe

(Microsoft Corporation) C:\Windows\System32\mspaint.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)

Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-11]

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk [2013-08-11]

ShortcutTarget: Вырезка экрана и программа запуска для OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyServer: [s-1-5-21-1532010537-4047090494-72995704-1001] => http=210.211.125.25:3128

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf2

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-20] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default

FF DefaultSearchEngine: Поиск@Mail.Ru

FF SelectedSearchEngine: Поиск@Mail.Ru

FF Homepage: hxxp://mail.ru/cnt/10445?gp=profitraf2

FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=

FF NetworkProxy: "type", 1

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)

FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)

FF Plugin HKU\S-1-5-21-1532010537-4047090494-72995704-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Timofey Tyagur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-31] (Unity Technologies ApS)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()

FF SearchPlugin: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\searchplugins\mailru.xml [2014-10-04]

FF Extension: Визуальные закладки @Mail.Ru - C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2014-10-04]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-12]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:

=======

CHR Profile: C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-28]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-05-28]

CHR Extension: (YouTube) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]

CHR Extension: (Adblock Plus) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-28]

CHR Extension: (Pixlr-o-matic) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-05-28]

CHR Extension: (timeStats) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2015-05-28]

CHR Extension: (Google Calendar) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-28]

CHR Extension: (PanicButton) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-05-28]

CHR Extension: (AdBlock) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]

CHR Extension: (Bookmark Manager) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]

CHR Extension: (Google Forms) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-05-28]

CHR Extension: (StayFocusd) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-05-28]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]

CHR Extension: (Google Wallet) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]

CHR Extension: (Fusion Tables (experimental)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2015-05-28]

CHR HKLM-x32\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [nidmnchoekibbojpkbcojafkodobelld] - C:\Program Files (x86)\Crx\Files\nidmnchoekibbojpkbcojafkodobelld_0.1.4.crx [2013-08-10]

CHR HKLM-x32\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)

R3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-10-01] (Intel Corporation)

R3 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-10-01] (Intel Corporation)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

R3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)

R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-25] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-25] (Intel® Corporation)

S3 updater; C:\Program Files (x86)\mediainformationaccess\updater.exe run options=0000000777000000000000000000000 source=mia [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-05-28] (Emsisoft GmbH)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [112640 2012-10-29] (ASIX Electronics Corp.)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-02] (Motorola Solutions, Inc.)

S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-02] (Motorola Solutions, Inc.)

R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-28] (Emsisoft GmbH)

R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-10-01] (Intel Corporation)

R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-10-01] (Intel Corporation)

R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-10-01] (Intel Corporation)

R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-10-01] (Intel Corporation)

R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-10-01] (Intel Corporation)

R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-10-01] (Intel Corporation)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-08-12] (Disc Soft Ltd)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET)

R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)

R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)

R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2013-01-10] (ESET)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)

S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)

R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-12] (Duplex Secure Ltd.)

S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)

U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 23:51 - 2015-05-28 23:52 - 00037061 _____ () C:\Users\Timofey Tyagur\Downloads\Addition.txt

2015-05-28 23:49 - 2015-05-31 18:23 - 00023468 _____ () C:\Users\Timofey Tyagur\Downloads\FRST.txt

2015-05-28 23:49 - 2015-05-31 18:23 - 00000000 ____D () C:\FRST

2015-05-28 23:49 - 2015-05-28 23:49 - 02108928 _____ (Farbar) C:\Users\Timofey Tyagur\Downloads\FRST64.exe

2015-05-28 21:29 - 2015-05-28 21:42 - 00000000 ____D () C:\EEK

2015-05-28 21:29 - 2015-05-28 21:29 - 00000745 _____ () C:\Users\Timofey Tyagur\Desktop\Start Emsisoft Emergency Kit.lnk

2015-05-28 21:27 - 2015-05-28 21:28 - 20781656 _____ () C:\Users\Timofey Tyagur\Downloads\RogueKillerX64.exe

2015-05-28 21:24 - 2015-05-28 21:28 - 155048408 _____ () C:\Users\Timofey Tyagur\Downloads\EmsisoftEmergencyKit.exe

2015-05-28 21:09 - 2015-05-28 21:09 - 00283258 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.log

2015-05-28 21:09 - 2015-05-28 21:09 - 00000022 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.zip

2015-05-28 20:31 - 2015-05-28 20:31 - 00001294 _____ () C:\Windows\system32\.crusader

2015-05-28 20:02 - 2015-05-28 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-05-28 20:01 - 2015-05-28 20:01 - 11024496 _____ (SurfRight B.V.) C:\Users\Timofey Tyagur\Downloads\HitmanPro_x64.exe

2015-05-28 08:19 - 2015-05-28 08:19 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ParetoLogic

2015-05-28 08:18 - 2015-05-28 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic

2015-05-28 08:18 - 2015-05-28 08:18 - 00000000 _____ () C:\autoexec.bat

2015-05-27 23:43 - 2015-05-27 23:55 - 00014996 _____ () C:\Users\Timofey Tyagur\Downloads\Travel plans 2015 .xlsm

2015-05-27 23:43 - 2015-05-27 23:43 - 00000165 ____H () C:\Users\Timofey Tyagur\Downloads\~$Travel plans 2015 .xlsm

2015-05-27 23:26 - 2015-05-28 09:26 - 00085356 _____ () C:\Windows\PFRO.log

2015-05-27 23:20 - 2015-05-31 17:35 - 00463814 _____ () C:\Windows\WindowsUpdate.log

2015-05-27 23:02 - 2015-05-31 14:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-05-27 23:02 - 2015-05-27 23:02 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-05-27 23:02 - 2015-05-27 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-05-27 23:01 - 2015-05-27 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-05-27 23:01 - 2015-05-27 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-05-27 23:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-05-27 23:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-05-27 23:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-05-27 22:59 - 2015-05-27 23:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Timofey Tyagur\Downloads\mbam-setup-2.1.6.1022.exe

2015-05-27 22:58 - 2015-05-27 22:58 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner (1).exe

2015-05-27 22:56 - 2015-05-27 22:56 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe

2015-05-02 10:54 - 2015-04-18 11:18 - 00000080 _____ () C:\Users\Timofey Tyagur\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦

2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files\Rockstar Games

2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2015-05-01 19:11 - 2015-05-01 19:11 - 00002840 _____ () C:\Users\Timofey Tyagur\Downloads\latest.edemo.jnlp

2015-05-01 19:11 - 2015-05-01 19:11 - 00000008 ___RH () C:\Users\Timofey Tyagur\hwid

2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Saxo Bank

2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Saxo Bank

2015-05-01 16:41 - 2015-05-01 16:41 - 00002070 _____ () C:\Users\Timofey Tyagur\Desktop\SaxoTrader.lnk

2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saxo Bank

2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Program Files (x86)\Saxo Bank

2015-05-01 16:38 - 2015-05-01 16:38 - 00301352 _____ (Saxo Bank) C:\Users\Timofey Tyagur\Downloads\SaxoTrader2_webdeploy.exe

2015-05-01 10:21 - 2015-05-01 10:21 - 00018608 _____ () C:\Users\Timofey Tyagur\Downloads\[rutor.org]3DMGAME-Grand.Theft.Auto.V.Update.2.and.Crack.v.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 18:22 - 2014-08-15 15:05 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-31 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2015-05-28 22:41 - 2013-08-10 09:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1532010537-4047090494-72995704-1001

2015-05-28 21:57 - 2014-10-18 15:53 - 00000000 ____D () C:\Program Files (x86)\F1 2014

2015-05-28 21:50 - 2012-09-27 13:49 - 00797086 _____ () C:\Windows\system32\perfh019.dat

2015-05-28 21:50 - 2012-09-27 13:49 - 00167944 _____ () C:\Windows\system32\perfc019.dat

2015-05-28 21:50 - 2012-07-26 09:28 - 01774770 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-28 21:42 - 2015-01-18 18:25 - 00003264 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-1001

2015-05-28 21:42 - 2014-01-03 13:01 - 00003384 _____ () C:\Windows\System32\Tasks\Update Checker

2015-05-28 21:42 - 2013-10-09 18:45 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS

2015-05-28 21:42 - 2013-02-01 13:42 - 00003052 _____ () C:\Windows\System32\Tasks\ASUS P4G

2015-05-28 21:42 - 2013-02-01 13:42 - 00003024 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus

2015-05-28 21:42 - 2013-02-01 13:38 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)

2015-05-28 21:41 - 2013-08-10 08:54 - 00000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys

2015-05-28 21:41 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-28 20:55 - 2015-01-18 18:25 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-1001

2015-05-28 20:51 - 2014-05-11 13:32 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\.ACEStream

2015-05-28 20:51 - 2014-05-11 13:31 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream

2015-05-28 20:42 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI

2015-05-28 20:34 - 2013-02-01 13:48 - 00004280 _____ () C:\Windows\system32\ServiceFilter.ini

2015-05-28 20:31 - 2013-08-10 11:54 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent

2015-05-28 08:17 - 2013-08-10 08:54 - 00000000 ____D () C:\Users\Timofey Tyagur

2015-05-27 23:26 - 2014-10-06 23:05 - 00000000 ____D () C:\Program Files\biforder

2015-05-27 23:05 - 2014-03-23 21:15 - 00000000 ____D () C:\temp

2015-05-27 22:41 - 2013-09-05 13:05 - 02318336 ___SH () C:\Users\Timofey Tyagur\Desktop\Thumbs.db

2015-05-27 22:25 - 2013-08-24 11:34 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Skype

2015-05-24 18:45 - 2013-10-09 18:45 - 00000250 _____ () C:\Windows\Tasks\AutoKMSDaily.job

2015-05-21 20:44 - 2013-08-21 20:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\vlc

2015-05-18 08:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2015-05-05 21:02 - 2014-01-16 18:29 - 00575488 ___SH () C:\Users\Timofey Tyagur\Downloads\Thumbs.db

2015-05-02 12:57 - 2013-08-09 21:36 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\DAEMON Tools Lite

2015-05-02 10:51 - 2014-04-29 23:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Rockstar Games

2015-05-02 04:21 - 2013-11-19 14:21 - 00000000 ____D () C:\ProgramData\Package Cache

2015-05-01 00:41 - 2014-11-09 21:05 - 00000000 ____D () C:\Users\Timofey Tyagur\Downloads\Cities XL

==================== Files in the root of some directories =======

2015-05-28 08:19 - 2015-05-28 20:37 - 0000115 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\LogFile.txt

2013-09-29 19:55 - 2013-09-29 19:55 - 0000021 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\my_intel.sys

2014-09-03 00:18 - 2014-09-03 00:18 - 0611500 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\Scorch_Install.log

2013-08-10 08:54 - 2015-05-28 21:41 - 0000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys

2015-04-08 20:46 - 2015-04-08 21:24 - 0004608 _____ () C:\Users\Timofey Tyagur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-12-07 18:53 - 2014-12-11 00:30 - 0000112 _____ () C:\ProgramData\j75O8Et0M.dat

2012-11-24 03:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd

2012-11-24 03:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

2012-11-24 03:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:

====================

C:\ProgramData\j75O8Et0M.dat

C:\ProgramData\SetStretch.exe

C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-23 10:47

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01

Ran by Timofey Tyagur at 2015-05-28 23:51:20

Running from C:\Users\Timofey Tyagur\Downloads

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

HomeGroupUser$ (S-1-5-21-1532010537-4047090494-72995704-1003 - Limited - Enabled)

Timofey Tyagur (S-1-5-21-1532010537-4047090494-72995704-1001 - Administrator - Enabled) => C:\Users\Timofey Tyagur

zsgeuelxd (S-1-5-21-1532010537-4047090494-72995704-1004 - Limited - Disabled)

Администратор (S-1-5-21-1532010537-4047090494-72995704-500 - Administrator - Disabled)

Гость (S-1-5-21-1532010537-4047090494-72995704-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 6.0 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET Smart Security 6.0 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Персональный файервол ESET (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)

ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)

ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)

ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)

ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)

Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)

AX88772B_AX88772A_AX88772 Windows 8 Drivers (HKLM-x32\...\InstallShield_{534E1993-A9FE-4DFC-8C5B-A173A419EDF4}) (Version: 1.0.1.0 - ASIX Electronics Corporation)

AX88772B_AX88772A_AX88772 Windows 8 Drivers (x32 Version: 1.0.1.0 - ASIX Electronics Corporation) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)

Cities XL (HKLM-x32\...\Cities XL_is1) (Version: - Martin)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)

ESET Smart Security (HKLM\...\{98F3D38A-1A0A-4333-992A-A1F5EED31747}) (Version: 6.0.308.2 - ESET, spol s r. o.)

F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )

Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Google Планета Земля (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)

Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1657 - Intel Corporation)

iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)

Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office, для дома и бизнеса 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)

Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - )

Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.2 - Minitab, Inc.)

Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)

Minitab16 (x32 Version: 16.2.2.0 - Minitab Inc) Hidden

Minitab16 (x32 Version: 16.2.2.0 - Minitab, Inc.) Hidden

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)

MyLogoMaker 2.0 (HKLM-x32\...\MyLogoMaker_is1) (Version: - Avanquest USA, Inc.)

Punto Switcher 3.2.9 (HKLM-x32\...\{EE680C8E-23FE-4717-A2B8-E99878A7C0AE}) (Version: 3.2.9.240 - Яндекс)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

SaxoTrader (HKLM-x32\...\{49C14B93-58AD-4178-B52C-750D54CE618D}) (Version: 2.129.46.0 - Saxo Bank)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden

Transcribe! 8.10 (HKLM-x32\...\Transcribe!_is1) (Version: 8.10 - Seventh String Software)

Unity Web Player (HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Vegas Pro 10.0 (HKLM-x32\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)

VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)

Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

XLNation User Interface Mod (HKLM-x32\...\{641DDF2F-066D-441C-B10E-2FC579DF1B14}) (Version: 1.79.7 - Altiris)

Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Поддержка программ Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-05-2015 21:06:23 Запланированная контрольная точка

28-05-2015 20:07:14 Restore Point процесса HitmanPro

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {062E6207-7289-4E31-A703-A666BF2F9E86} - System32\Tasks\{A0806D8D-3829-4C8B-BFC9-11D0433CEDEE} => pcalua.exe -a "C:\Users\Timofey Tyagur\Downloads\InstallPlus500.exe" -d "C:\Users\Timofey Tyagur\Downloads"

Task: {13E33CCE-55BB-4EF1-B120-347AC34BC0D5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

Task: {1EE4E780-389E-456F-AC59-22E6DED44A1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)

Task: {3467A0BC-2521-44D2-A47D-E68CAAEE5DDB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-05-28] ()

Task: {5924E230-EFFC-47C6-97F1-90F4C0EFF778} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: {5C64857C-D3E3-4F47-8ACB-02F4E7032E1B} - System32\Tasks\{0D28D651-8A98-443A-B37E-63DDA5560DED} => pcalua.exe -a "C:\Program Files (x86)\Ski Resort Extreme\SREStart.exe" -d "C:\Program Files (x86)\Ski Resort Extreme\"

Task: {5D0CB043-7183-45BD-A091-0A6C49E97F03} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)

Task: {76805D5C-DDAB-423A-971A-9A10441E466E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: {7E147F76-41D9-4889-B209-5FC5EE1F3FF9} - System32\Tasks\{B7639EA2-05B7-4150-B1C8-4845A5CCAE8F} => pcalua.exe -a E:\autostart.exe -d E:\

Task: {8F8B0A0E-4AB0-4451-A15A-878B85C33751} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: {926E0FB0-2BC4-4992-A061-5530EB25818D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)

Task: {A4030BAE-32D1-4EF9-B349-875BC0F52335} - System32\Tasks\{8B4C2AA8-DF64-4615-8C40-8EB1E0156E5E} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}

Task: {AB1B6462-0C8D-441F-820A-D30EABD4C3BB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-05-28] ()

Task: {B15655F1-FE29-4819-BD87-D602130BAECE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)

Task: {C1E555ED-CEF8-4372-BD9C-036A01EBB7BC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()

Task: {DD5EF834-C216-43C8-A00D-851FC93B89AF} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (Whitelisted) ==============

2012-08-25 03:26 - 2012-08-25 03:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll

2013-04-21 19:44 - 2013-04-21 19:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 19:44 - 2013-04-21 19:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-08-25 03:17 - 2012-08-25 03:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

2011-10-07 10:46 - 2011-10-07 10:46 - 00561664 _____ () C:\Program Files (x86)\Yandex\Punto Switcher\Updater\yupdate.dll

2013-02-01 13:36 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2015-05-25 22:51 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll

2015-05-25 22:51 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

2010-11-16 07:02 - 2010-11-16 07:02 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Timofey Tyagur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Punto Switcher.lnk => C:\Windows\pss\Punto Switcher.lnk.Startup

MSCONFIG\startupreg: AceStream => C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream\engine\ace_engine.exe

MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S

MSCONFIG\startupreg: ATLauncher => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1

MSCONFIG\startupreg: ATUninstallIcon => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1

MSCONFIG\startupreg: C8zIej4uuC5g => C:\Users\Timofey Tyagur\AppData\Local\Mail.ru\Sputnik\ptls\C8zIej4uuC5g.exe -ptls

MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd

MSCONFIG\startupreg: Google Update => "C:\Users\Timofey Tyagur\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: GoogleChromeAutoLaunch_9A92FE142A4E4800D91FBF93F601F8F8 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui

MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

MSCONFIG\startupreg: pmems => C:\Program Files (x86)\PMEM\pmems.exe /STARTUP

MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: uTorrent => "C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "ATLauncher"

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\StartupFolder: => "Вырезка экрана и программа запуска для OneNote 2010.lnk"

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A92FE142A4E4800D91FBF93F601F8F8"

HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{35B24805-95D3-4D50-BB04-01A66905838A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{443EF453-E0D4-470E-B248-5472F0737B4F}] => (Allow) LPort=2869

FirewallRules: [{20D1C1DF-2454-4BC7-8ADF-1E5DC86E36C7}] => (Allow) LPort=1900

FirewallRules: [{0114B387-196F-4C2C-9525-999039986A38}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{52E6EBD1-45E5-4311-9270-51332A1386AA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe

FirewallRules: [{4A5E0439-BD02-40B6-9C44-EB2271B99657}] => (Allow) C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{3903BBF7-1082-414A-9E31-47C580011ECA}] => (Allow) C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{27D67465-3A07-4677-85DA-13869679E662}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{2B87FB25-9735-47DD-98E2-F4B1B1345B92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{5EFE9A00-692A-4D44-994D-6E64F845BD21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A7594FB2-73D2-4F13-A7BB-4A1786DA0FD9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{210126D5-61E1-4E28-ABA3-1FDF1C018A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{337F1AF8-E044-450C-8FEA-5079B838C4FC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{0CEC7D98-60BB-4DA6-BA04-444719489AB8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{FB67D287-0813-4534-91DC-9FA67AA3E928}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{4EDB2886-5828-4C40-AD0A-5586F0958F31}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{2D285A1B-00B6-47AD-8C99-E4B1EB87531C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{1D4A6923-1E38-4591-9A90-FB3E46104CA1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{28B20B48-EAD0-4D03-8A50-176AF0A73C4F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{2D992BB3-6B70-400C-A1A7-B49B3267B127}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{E0CAD9E8-629E-4CC5-BD39-8D26D04FAA6B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{0497471C-7FFD-4A2E-B229-4B7066E874C0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{35CDF6A5-4D98-4464-AC22-F19BAA58CC61}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{7583EDD8-739F-4BA0-AEDB-98332F1060B7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe

FirewallRules: [{1051FAF6-F80B-477E-8D5C-68286F2D498E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter

Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter

Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Manufacturer: Intel Corporation

Service: BTHUSB

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface

Description: Туннельный адаптер Microsoft Teredo

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/28/2015 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Имя сбойного приложения: chrome.exe, версия: 43.0.2357.81, метка времени: 0x555f6160

Имя сбойного модуля: chrome.dll, версия: 43.0.2357.81, метка времени: 0x555f5db3

Код исключения: 0x80000003

Смещение ошибки: 0x00518fea

Идентификатор сбойного процесса: 0x48

Время запуска сбойного приложения: 0xchrome.exe0

Путь сбойного приложения: chrome.exe1

Путь сбойного модуля: chrome.exe2

Идентификатор отчета: chrome.exe3

Полное имя сбойного пакета: chrome.exe4

Код приложения, связанного со сбойным пакетом: chrome.exe5

Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15219

Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15219

Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 08:31:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

Error: (05/27/2015 10:11:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c

Имя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c

Код исключения: 0xc000000d

Смещение ошибки: 0x00063a5b

Идентификатор сбойного процесса: 0x13dc

Время запуска сбойного приложения: 0xinspasio.exe0

Путь сбойного приложения: inspasio.exe1

Путь сбойного модуля: inspasio.exe2

Идентификатор отчета: inspasio.exe3

Полное имя сбойного пакета: inspasio.exe4

Код приложения, связанного со сбойным пакетом: inspasio.exe5

Error: (05/27/2015 09:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c

Имя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c

Код исключения: 0xc000000d

Смещение ошибки: 0x00063a5b

Идентификатор сбойного процесса: 0x196c

Время запуска сбойного приложения: 0xinspasio.exe0

Путь сбойного приложения: inspasio.exe1

Путь сбойного модуля: inspasio.exe2

Идентификатор отчета: inspasio.exe3

Полное имя сбойного пакета: inspasio.exe4

Код приложения, связанного со сбойным пакетом: inspasio.exe5

Error: (05/27/2015 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c

Имя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c

Код исключения: 0xc000000d

Смещение ошибки: 0x00063a5b

Идентификатор сбойного процесса: 0x408

Время запуска сбойного приложения: 0xinspasio.exe0

Путь сбойного приложения: inspasio.exe1

Путь сбойного модуля: inspasio.exe2

Идентификатор отчета: inspasio.exe3

Полное имя сбойного пакета: inspasio.exe4

Код приложения, связанного со сбойным пакетом: inspasio.exe5

Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 18579

Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 18579

System errors:

=============

Error: (05/28/2015 09:42:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки

%%5

Error: (05/28/2015 09:42:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки

%%5

Error: (05/28/2015 09:41:42 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Предыдущее завершение работы системы в 21:24:04 на ‎28.‎05.‎2015 было неожиданным.

Error: (05/28/2015 09:15:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1.

Error: (05/28/2015 08:44:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки

%%5

Error: (05/28/2015 08:44:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки

%%5

Error: (05/28/2015 08:34:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки

%%5

Error: (05/28/2015 08:34:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки

%%5

Error: (05/28/2015 08:33:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Служба "HitmanPro 3.7 Crusader (Boot)" завершена из-за следующей внутренней ошибки:

%%0

Error: (05/28/2015 08:11:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1.

Microsoft Office:

=========================

Error: (05/28/2015 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: chrome.exe43.0.2357.81555f6160chrome.dll43.0.2357.81555f5db38000000300518fea4801d099718fbc7c56C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome.dll016df3fb-0567-11e5-bf0f-bf684857142c

Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15219

Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15219

Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2015 08:31:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

Error: (05/27/2015 10:11:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b13dc01d098b948f0e98cC:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe87dc208d-04ac-11e5-bf0c-f6e1ea7b3075

Error: (05/27/2015 09:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b196c01d098b0e25a2bffC:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe237113d4-04a4-11e5-bf0c-f6e1ea7b3075

Error: (05/27/2015 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b40801d098a8004fc055C:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe3ee6bcc9-049b-11e5-bf0c-f6e1ea7b3075

Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 18579

Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 18579

==================== Memory info ===========================

Processor: Intel® Core i7-3517U CPU @ 1.90GHz

Percentage of memory in use: 67%

Total physical RAM: 3981.92 MB

Available physical RAM: 1278.34 MB

Total Pagefile: 11661.92 MB

Available Pagefile: 8133.13 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:35.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:117.78 GB) (Free:83.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: E2DFEDE9)

Partition: GPT Partition Type.

==================== End of log ============================

Thank you very much for your help.

Kind regards,

Timofey

kevinf80 · May 31, 2015

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Unfortunately there is evidence of illegal software installed and running on your system, that action is a direct breach of forum protocol. We cannot offer any help or advice.

Thank you,

Kevin.

TimofeyT · May 31, 2015

Dear Kevin,

I read the instructions before posting and uninstalled the torrent before posting here, as it was asked. I rechecked - There should be no P2P files now , as well I uninstalled the illegal software. Could you please let me know if its fine or not:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01

Ran by Timofey Tyagur (administrator) on TIMOFEY on 31-05-2015 21:55:13