Jump to content

Chrome.exe infected


Recommended Posts

Dear experts,

 

I got infected some time ago and now dozens of Chrome.exe processes eat up to 80% of the memeory. I would be extremely grateful if you could help me solve the problem. Please find below the logs: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Timofey Tyagur (administrator) on TIMOFEY on 31-05-2015 18:23:30
Running from C:\Users\Timofey Tyagur\Downloads
Loaded Profiles: Timofey Tyagur (Available Profiles: Timofey Tyagur)
Platform: Windows 8 Single Language (X64) OS Language: Русский (Россия)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-11]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk [2013-08-11]
ShortcutTarget: Вырезка экрана и программа запуска для OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [s-1-5-21-1532010537-4047090494-72995704-1001] => http=210.211.125.25:3128
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-20] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://mail.ru/cnt/10445?gp=profitraf2
FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-1532010537-4047090494-72995704-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Timofey Tyagur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-31] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF SearchPlugin: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\searchplugins\mailru.xml [2014-10-04]
FF Extension: Визуальные закладки @Mail.Ru - C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2014-10-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-05-28]
CHR Extension: (YouTube) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Adblock Plus) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-28]
CHR Extension: (Pixlr-o-matic) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-05-28]
CHR Extension: (timeStats) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2015-05-28]
CHR Extension: (Google Calendar) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-28]
CHR Extension: (PanicButton) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-05-28]
CHR Extension: (AdBlock) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]
CHR Extension: (Bookmark Manager) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Google Forms) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-05-28]
CHR Extension: (StayFocusd) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Fusion Tables (experimental)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nidmnchoekibbojpkbcojafkodobelld] - C:\Program Files (x86)\Crx\Files\nidmnchoekibbojpkbcojafkodobelld_0.1.4.crx [2013-08-10]
CHR HKLM-x32\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-10-01] (Intel Corporation)
R3 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-10-01] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-25] (Intel® Corporation)
S3 updater; C:\Program Files (x86)\mediainformationaccess\updater.exe run options=0000000777000000000000000000000 source=mia  [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-05-28] (Emsisoft GmbH)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [112640 2012-10-29] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-02] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-02] (Motorola Solutions, Inc.)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-28] (Emsisoft GmbH)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-10-01] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-10-01] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-10-01] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-10-01] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-10-01] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-10-01] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-08-12] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2013-01-10] (ESET)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-12] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-28 23:51 - 2015-05-28 23:52 - 00037061 _____ () C:\Users\Timofey Tyagur\Downloads\Addition.txt
2015-05-28 23:49 - 2015-05-31 18:23 - 00023468 _____ () C:\Users\Timofey Tyagur\Downloads\FRST.txt
2015-05-28 23:49 - 2015-05-31 18:23 - 00000000 ____D () C:\FRST
2015-05-28 23:49 - 2015-05-28 23:49 - 02108928 _____ (Farbar) C:\Users\Timofey Tyagur\Downloads\FRST64.exe
2015-05-28 21:29 - 2015-05-28 21:42 - 00000000 ____D () C:\EEK
2015-05-28 21:29 - 2015-05-28 21:29 - 00000745 _____ () C:\Users\Timofey Tyagur\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-28 21:27 - 2015-05-28 21:28 - 20781656 _____ () C:\Users\Timofey Tyagur\Downloads\RogueKillerX64.exe
2015-05-28 21:24 - 2015-05-28 21:28 - 155048408 _____ () C:\Users\Timofey Tyagur\Downloads\EmsisoftEmergencyKit.exe
2015-05-28 21:09 - 2015-05-28 21:09 - 00283258 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.log
2015-05-28 21:09 - 2015-05-28 21:09 - 00000022 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.zip
2015-05-28 20:31 - 2015-05-28 20:31 - 00001294 _____ () C:\Windows\system32\.crusader
2015-05-28 20:02 - 2015-05-28 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-28 20:01 - 2015-05-28 20:01 - 11024496 _____ (SurfRight B.V.) C:\Users\Timofey Tyagur\Downloads\HitmanPro_x64.exe
2015-05-28 08:19 - 2015-05-28 08:19 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ParetoLogic
2015-05-28 08:18 - 2015-05-28 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-05-28 08:18 - 2015-05-28 08:18 - 00000000 _____ () C:\autoexec.bat
2015-05-27 23:43 - 2015-05-27 23:55 - 00014996 _____ () C:\Users\Timofey Tyagur\Downloads\Travel plans 2015 .xlsm
2015-05-27 23:43 - 2015-05-27 23:43 - 00000165 ____H () C:\Users\Timofey Tyagur\Downloads\~$Travel plans 2015 .xlsm
2015-05-27 23:26 - 2015-05-28 09:26 - 00085356 _____ () C:\Windows\PFRO.log
2015-05-27 23:20 - 2015-05-31 17:35 - 00463814 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 23:02 - 2015-05-31 14:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 23:02 - 2015-05-27 23:02 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-27 23:02 - 2015-05-27 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-27 23:01 - 2015-05-27 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-27 23:01 - 2015-05-27 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-27 23:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-27 23:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-27 23:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-27 22:59 - 2015-05-27 23:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Timofey Tyagur\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-27 22:58 - 2015-05-27 22:58 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner (1).exe
2015-05-27 22:56 - 2015-05-27 22:56 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe
2015-05-02 10:54 - 2015-04-18 11:18 - 00000080 _____ () C:\Users\Timofey Tyagur\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-05-01 19:11 - 2015-05-01 19:11 - 00002840 _____ () C:\Users\Timofey Tyagur\Downloads\latest.edemo.jnlp
2015-05-01 19:11 - 2015-05-01 19:11 - 00000008 ___RH () C:\Users\Timofey Tyagur\hwid
2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Saxo Bank
2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Saxo Bank
2015-05-01 16:41 - 2015-05-01 16:41 - 00002070 _____ () C:\Users\Timofey Tyagur\Desktop\SaxoTrader.lnk
2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saxo Bank
2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Program Files (x86)\Saxo Bank
2015-05-01 16:38 - 2015-05-01 16:38 - 00301352 _____ (Saxo Bank) C:\Users\Timofey Tyagur\Downloads\SaxoTrader2_webdeploy.exe
2015-05-01 10:21 - 2015-05-01 10:21 - 00018608 _____ () C:\Users\Timofey Tyagur\Downloads\[rutor.org]3DMGAME-Grand.Theft.Auto.V.Update.2.and.Crack.v.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-31 18:22 - 2014-08-15 15:05 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-05-28 22:41 - 2013-08-10 09:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1532010537-4047090494-72995704-1001
2015-05-28 21:57 - 2014-10-18 15:53 - 00000000 ____D () C:\Program Files (x86)\F1 2014
2015-05-28 21:50 - 2012-09-27 13:49 - 00797086 _____ () C:\Windows\system32\perfh019.dat
2015-05-28 21:50 - 2012-09-27 13:49 - 00167944 _____ () C:\Windows\system32\perfc019.dat
2015-05-28 21:50 - 2012-07-26 09:28 - 01774770 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 21:42 - 2015-01-18 18:25 - 00003264 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-1001
2015-05-28 21:42 - 2014-01-03 13:01 - 00003384 _____ () C:\Windows\System32\Tasks\Update Checker
2015-05-28 21:42 - 2013-10-09 18:45 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-05-28 21:42 - 2013-02-01 13:42 - 00003052 _____ () C:\Windows\System32\Tasks\ASUS P4G
2015-05-28 21:42 - 2013-02-01 13:42 - 00003024 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2015-05-28 21:42 - 2013-02-01 13:38 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-05-28 21:41 - 2013-08-10 08:54 - 00000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys
2015-05-28 21:41 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 20:55 - 2015-01-18 18:25 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-1001
2015-05-28 20:51 - 2014-05-11 13:32 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\.ACEStream
2015-05-28 20:51 - 2014-05-11 13:31 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream
2015-05-28 20:42 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-28 20:34 - 2013-02-01 13:48 - 00004280 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-28 20:31 - 2013-08-10 11:54 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent
2015-05-28 08:17 - 2013-08-10 08:54 - 00000000 ____D () C:\Users\Timofey Tyagur
2015-05-27 23:26 - 2014-10-06 23:05 - 00000000 ____D () C:\Program Files\biforder
2015-05-27 23:05 - 2014-03-23 21:15 - 00000000 ____D () C:\temp
2015-05-27 22:41 - 2013-09-05 13:05 - 02318336 ___SH () C:\Users\Timofey Tyagur\Desktop\Thumbs.db
2015-05-27 22:25 - 2013-08-24 11:34 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Skype
2015-05-24 18:45 - 2013-10-09 18:45 - 00000250 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-05-21 20:44 - 2013-08-21 20:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\vlc
2015-05-18 08:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-05-05 21:02 - 2014-01-16 18:29 - 00575488 ___SH () C:\Users\Timofey Tyagur\Downloads\Thumbs.db
2015-05-02 12:57 - 2013-08-09 21:36 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\DAEMON Tools Lite
2015-05-02 10:51 - 2014-04-29 23:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Rockstar Games
2015-05-02 04:21 - 2013-11-19 14:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-01 00:41 - 2014-11-09 21:05 - 00000000 ____D () C:\Users\Timofey Tyagur\Downloads\Cities XL
 
==================== Files in the root of some directories =======
 
2015-05-28 08:19 - 2015-05-28 20:37 - 0000115 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\LogFile.txt
2013-09-29 19:55 - 2013-09-29 19:55 - 0000021 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\my_intel.sys
2014-09-03 00:18 - 2014-09-03 00:18 - 0611500 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\Scorch_Install.log
2013-08-10 08:54 - 2015-05-28 21:41 - 0000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys
2015-04-08 20:46 - 2015-04-08 21:24 - 0004608 _____ () C:\Users\Timofey Tyagur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 18:53 - 2014-12-11 00:30 - 0000112 _____ () C:\ProgramData\j75O8Et0M.dat
2012-11-24 03:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-24 03:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-24 03:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\j75O8Et0M.dat
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-23 10:47
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Timofey Tyagur at 2015-05-28 23:51:20
Running from C:\Users\Timofey Tyagur\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
HomeGroupUser$ (S-1-5-21-1532010537-4047090494-72995704-1003 - Limited - Enabled)
Timofey Tyagur (S-1-5-21-1532010537-4047090494-72995704-1001 - Administrator - Enabled) => C:\Users\Timofey Tyagur
zsgeuelxd (S-1-5-21-1532010537-4047090494-72995704-1004 - Limited - Disabled)
Администратор (S-1-5-21-1532010537-4047090494-72995704-500 - Administrator - Disabled)
Гость (S-1-5-21-1532010537-4047090494-72995704-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 6.0 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 6.0 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Персональный файервол ESET (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AX88772B_AX88772A_AX88772 Windows 8 Drivers (HKLM-x32\...\InstallShield_{534E1993-A9FE-4DFC-8C5B-A173A419EDF4}) (Version: 1.0.1.0 - ASIX Electronics Corporation)
AX88772B_AX88772A_AX88772 Windows 8 Drivers (x32 Version: 1.0.1.0 - ASIX Electronics Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cities XL (HKLM-x32\...\Cities XL_is1) (Version:  - Martin)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
ESET Smart Security (HKLM\...\{98F3D38A-1A0A-4333-992A-A1F5EED31747}) (Version: 6.0.308.2 - ESET, spol s r. o.)
F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google Планета Земля (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1657 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office, для дома и бизнеса 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.2 - Minitab, Inc.)
Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)
Minitab16 (x32 Version: 16.2.2.0 - Minitab Inc) Hidden
Minitab16 (x32 Version: 16.2.2.0 - Minitab, Inc.) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
MyLogoMaker 2.0 (HKLM-x32\...\MyLogoMaker_is1) (Version:  - Avanquest USA, Inc.)
Punto Switcher 3.2.9 (HKLM-x32\...\{EE680C8E-23FE-4717-A2B8-E99878A7C0AE}) (Version: 3.2.9.240 - Яндекс)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
SaxoTrader (HKLM-x32\...\{49C14B93-58AD-4178-B52C-750D54CE618D}) (Version: 2.129.46.0 - Saxo Bank)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden
Transcribe! 8.10 (HKLM-x32\...\Transcribe!_is1) (Version: 8.10 - Seventh String Software)
Unity Web Player (HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Vegas Pro 10.0 (HKLM-x32\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XLNation User Interface Mod (HKLM-x32\...\{641DDF2F-066D-441C-B10E-2FC579DF1B14}) (Version: 1.79.7 - Altiris)
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Поддержка программ Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
19-05-2015 21:06:23 Запланированная контрольная точка
28-05-2015 20:07:14 Restore Point процесса HitmanPro
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {062E6207-7289-4E31-A703-A666BF2F9E86} - System32\Tasks\{A0806D8D-3829-4C8B-BFC9-11D0433CEDEE} => pcalua.exe -a "C:\Users\Timofey Tyagur\Downloads\InstallPlus500.exe" -d "C:\Users\Timofey Tyagur\Downloads"
Task: {13E33CCE-55BB-4EF1-B120-347AC34BC0D5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {1EE4E780-389E-456F-AC59-22E6DED44A1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {3467A0BC-2521-44D2-A47D-E68CAAEE5DDB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-05-28] ()
Task: {5924E230-EFFC-47C6-97F1-90F4C0EFF778} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {5C64857C-D3E3-4F47-8ACB-02F4E7032E1B} - System32\Tasks\{0D28D651-8A98-443A-B37E-63DDA5560DED} => pcalua.exe -a "C:\Program Files (x86)\Ski Resort Extreme\SREStart.exe" -d "C:\Program Files (x86)\Ski Resort Extreme\"
Task: {5D0CB043-7183-45BD-A091-0A6C49E97F03} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)
Task: {76805D5C-DDAB-423A-971A-9A10441E466E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {7E147F76-41D9-4889-B209-5FC5EE1F3FF9} - System32\Tasks\{B7639EA2-05B7-4150-B1C8-4845A5CCAE8F} => pcalua.exe -a E:\autostart.exe -d E:\
Task: {8F8B0A0E-4AB0-4451-A15A-878B85C33751} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {926E0FB0-2BC4-4992-A061-5530EB25818D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {A4030BAE-32D1-4EF9-B349-875BC0F52335} - System32\Tasks\{8B4C2AA8-DF64-4615-8C40-8EB1E0156E5E} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Task: {AB1B6462-0C8D-441F-820A-D30EABD4C3BB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-05-28] ()
Task: {B15655F1-FE29-4819-BD87-D602130BAECE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {C1E555ED-CEF8-4372-BD9C-036A01EBB7BC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {DD5EF834-C216-43C8-A00D-851FC93B89AF} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-25 03:26 - 2012-08-25 03:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-04-21 19:44 - 2013-04-21 19:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 19:44 - 2013-04-21 19:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-25 03:17 - 2012-08-25 03:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-10-07 10:46 - 2011-10-07 10:46 - 00561664 _____ () C:\Program Files (x86)\Yandex\Punto Switcher\Updater\yupdate.dll
2013-02-01 13:36 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-05-25 22:51 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 22:51 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2010-11-16 07:02 - 2010-11-16 07:02 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Timofey Tyagur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Punto Switcher.lnk => C:\Windows\pss\Punto Switcher.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATLauncher => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
MSCONFIG\startupreg: ATUninstallIcon => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
MSCONFIG\startupreg: C8zIej4uuC5g => C:\Users\Timofey Tyagur\AppData\Local\Mail.ru\Sputnik\ptls\C8zIej4uuC5g.exe -ptls
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: Google Update => "C:\Users\Timofey Tyagur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9A92FE142A4E4800D91FBF93F601F8F8 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: pmems => C:\Program Files (x86)\PMEM\pmems.exe /STARTUP
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ATLauncher"
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\StartupFolder: => "Вырезка экрана и программа запуска для OneNote 2010.lnk"
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A92FE142A4E4800D91FBF93F601F8F8"
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "uTorrent"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{35B24805-95D3-4D50-BB04-01A66905838A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{443EF453-E0D4-470E-B248-5472F0737B4F}] => (Allow) LPort=2869
FirewallRules: [{20D1C1DF-2454-4BC7-8ADF-1E5DC86E36C7}] => (Allow) LPort=1900
FirewallRules: [{0114B387-196F-4C2C-9525-999039986A38}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{52E6EBD1-45E5-4311-9270-51332A1386AA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{4A5E0439-BD02-40B6-9C44-EB2271B99657}] => (Allow) C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3903BBF7-1082-414A-9E31-47C580011ECA}] => (Allow) C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27D67465-3A07-4677-85DA-13869679E662}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2B87FB25-9735-47DD-98E2-F4B1B1345B92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5EFE9A00-692A-4D44-994D-6E64F845BD21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7594FB2-73D2-4F13-A7BB-4A1786DA0FD9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{210126D5-61E1-4E28-ABA3-1FDF1C018A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{337F1AF8-E044-450C-8FEA-5079B838C4FC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0CEC7D98-60BB-4DA6-BA04-444719489AB8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{FB67D287-0813-4534-91DC-9FA67AA3E928}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4EDB2886-5828-4C40-AD0A-5586F0958F31}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2D285A1B-00B6-47AD-8C99-E4B1EB87531C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1D4A6923-1E38-4591-9A90-FB3E46104CA1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{28B20B48-EAD0-4D03-8A50-176AF0A73C4F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2D992BB3-6B70-400C-A1A7-B49B3267B127}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E0CAD9E8-629E-4CC5-BD39-8D26D04FAA6B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0497471C-7FFD-4A2E-B229-4B7066E874C0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{35CDF6A5-4D98-4464-AC22-F19BAA58CC61}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7583EDD8-739F-4BA0-AEDB-98332F1060B7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1051FAF6-F80B-477E-8D5C-68286F2D498E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Туннельный адаптер Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/28/2015 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: chrome.exe, версия: 43.0.2357.81, метка времени: 0x555f6160
Имя сбойного модуля: chrome.dll, версия: 43.0.2357.81, метка времени: 0x555f5db3
Код исключения: 0x80000003
Смещение ошибки: 0x00518fea
Идентификатор сбойного процесса: 0x48
Время запуска сбойного приложения: 0xchrome.exe0
Путь сбойного приложения: chrome.exe1
Путь сбойного модуля: chrome.exe2
Идентификатор отчета: chrome.exe3
Полное имя сбойного пакета: chrome.exe4
Код приложения, связанного со сбойным пакетом: chrome.exe5
 
Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15219
 
Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15219
 
Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/28/2015 08:31:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/27/2015 10:11:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c
Имя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c
Код исключения: 0xc000000d
Смещение ошибки: 0x00063a5b
Идентификатор сбойного процесса: 0x13dc
Время запуска сбойного приложения: 0xinspasio.exe0
Путь сбойного приложения: inspasio.exe1
Путь сбойного модуля: inspasio.exe2
Идентификатор отчета: inspasio.exe3
Полное имя сбойного пакета: inspasio.exe4
Код приложения, связанного со сбойным пакетом: inspasio.exe5
 
Error: (05/27/2015 09:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c
Имя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c
Код исключения: 0xc000000d
Смещение ошибки: 0x00063a5b
Идентификатор сбойного процесса: 0x196c
Время запуска сбойного приложения: 0xinspasio.exe0
Путь сбойного приложения: inspasio.exe1
Путь сбойного модуля: inspasio.exe2
Идентификатор отчета: inspasio.exe3
Полное имя сбойного пакета: inspasio.exe4
Код приложения, связанного со сбойным пакетом: inspasio.exe5
 
Error: (05/27/2015 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c
Имя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235c
Код исключения: 0xc000000d
Смещение ошибки: 0x00063a5b
Идентификатор сбойного процесса: 0x408
Время запуска сбойного приложения: 0xinspasio.exe0
Путь сбойного приложения: inspasio.exe1
Путь сбойного модуля: inspasio.exe2
Идентификатор отчета: inspasio.exe3
Полное имя сбойного пакета: inspasio.exe4
Код приложения, связанного со сбойным пакетом: inspasio.exe5
 
Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18579
 
Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18579
 
 
System errors:
=============
Error: (05/28/2015 09:42:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки 
%%5
 
Error: (05/28/2015 09:42:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки 
%%5
 
Error: (05/28/2015 09:41:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Предыдущее завершение работы системы в 21:24:04 на ‎28.‎05.‎2015 было неожиданным.
 
Error: (05/28/2015 09:15:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1.
 
Error: (05/28/2015 08:44:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки 
%%5
 
Error: (05/28/2015 08:44:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки 
%%5
 
Error: (05/28/2015 08:34:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки 
%%5
 
Error: (05/28/2015 08:34:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки 
%%5
 
Error: (05/28/2015 08:33:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Служба "HitmanPro 3.7 Crusader (Boot)" завершена из-за следующей внутренней ошибки: 
%%0
 
Error: (05/28/2015 08:11:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1.
 
 
Microsoft Office:
=========================
Error: (05/28/2015 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.81555f6160chrome.dll43.0.2357.81555f5db38000000300518fea4801d099718fbc7c56C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome.dll016df3fb-0567-11e5-bf0f-bf684857142c
 
Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15219
 
Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15219
 
Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/28/2015 08:31:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/27/2015 10:11:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b13dc01d098b948f0e98cC:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe87dc208d-04ac-11e5-bf0c-f6e1ea7b3075
 
Error: (05/27/2015 09:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b196c01d098b0e25a2bffC:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe237113d4-04a4-11e5-bf0c-f6e1ea7b3075
 
Error: (05/27/2015 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b40801d098a8004fc055C:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe3ee6bcc9-049b-11e5-bf0c-f6e1ea7b3075
 
Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18579
 
Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18579
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 67%
Total physical RAM: 3981.92 MB
Available physical RAM: 1278.34 MB
Total Pagefile: 11661.92 MB
Available Pagefile: 8133.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:35.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:117.78 GB) (Free:83.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: E2DFEDE9)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 

Thank you very much for your help.

 

Kind regards,

Timofey

Link to post
Share on other sites

Hello and welcome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Unfortunately there is evidence of illegal software installed and running on your system, that action is a direct breach of forum protocol. We cannot offer any help or advice.

 

Thank you,

 

Kevin.

Link to post
Share on other sites

Dear Kevin, 

 

I read the instructions before posting and uninstalled the torrent before posting here, as it was asked. I rechecked - There should be no P2P files now , as well I uninstalled the illegal software. Could you please let me know if its fine or not: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Timofey Tyagur (administrator) on TIMOFEY on 31-05-2015 21:55:13
Running from C:\Users\Timofey Tyagur\Downloads
Loaded Profiles: Timofey Tyagur (Available Profiles: Timofey Tyagur)
Platform: Windows 8 Single Language (X64) OS Language: Русский (Россия)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-11]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk [2013-08-11]
ShortcutTarget: Вырезка экрана и программа запуска для OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [s-1-5-21-1532010537-4047090494-72995704-1001] => http=210.211.125.25:3128
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/
HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-20] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://mail.ru/cnt/10445?gp=profitraf2
FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin HKU\S-1-5-21-1532010537-4047090494-72995704-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Timofey Tyagur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-31] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF SearchPlugin: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\searchplugins\mailru.xml [2014-10-04]
FF Extension: Визуальные закладки @Mail.Ru - C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2014-10-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-05-28]
CHR Extension: (YouTube) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Adblock Plus) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-28]
CHR Extension: (Pixlr-o-matic) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-05-28]
CHR Extension: (timeStats) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2015-05-28]
CHR Extension: (Google Calendar) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-28]
CHR Extension: (PanicButton) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-05-28]
CHR Extension: (AdBlock) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]
CHR Extension: (Bookmark Manager) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Google Forms) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-05-28]
CHR Extension: (StayFocusd) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Fusion Tables (experimental)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nidmnchoekibbojpkbcojafkodobelld] - C:\Program Files (x86)\Crx\Files\nidmnchoekibbojpkbcojafkodobelld_0.1.4.crx [2013-08-10]
CHR HKLM-x32\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-10-01] (Intel Corporation)
R3 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-10-01] (Intel Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-25] (Intel® Corporation)
S3 updater; C:\Program Files (x86)\mediainformationaccess\updater.exe run options=0000000777000000000000000000000 source=mia  [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-05-28] (Emsisoft GmbH)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [112640 2012-10-29] (ASIX Electronics Corp.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-02] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-02] (Motorola Solutions, Inc.)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-28] (Emsisoft GmbH)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-10-01] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-10-01] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-10-01] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-10-01] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-10-01] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-10-01] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-08-12] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2013-01-10] (ESET)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-12] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-28 23:51 - 2015-05-28 23:52 - 00037061 _____ () C:\Users\Timofey Tyagur\Downloads\Addition.txt
2015-05-28 23:49 - 2015-05-31 21:55 - 00024845 _____ () C:\Users\Timofey Tyagur\Downloads\FRST.txt
2015-05-28 23:49 - 2015-05-31 21:55 - 00000000 ____D () C:\FRST
2015-05-28 23:49 - 2015-05-28 23:49 - 02108928 _____ (Farbar) C:\Users\Timofey Tyagur\Downloads\FRST64.exe
2015-05-28 21:29 - 2015-05-28 21:42 - 00000000 ____D () C:\EEK
2015-05-28 21:29 - 2015-05-28 21:29 - 00000745 _____ () C:\Users\Timofey Tyagur\Desktop\Start Emsisoft Emergency Kit.lnk
2015-05-28 21:27 - 2015-05-28 21:28 - 20781656 _____ () C:\Users\Timofey Tyagur\Downloads\RogueKillerX64.exe
2015-05-28 21:24 - 2015-05-28 21:28 - 155048408 _____ () C:\Users\Timofey Tyagur\Downloads\EmsisoftEmergencyKit.exe
2015-05-28 21:09 - 2015-05-28 21:09 - 00283258 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.log
2015-05-28 21:09 - 2015-05-28 21:09 - 00000022 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.zip
2015-05-28 20:31 - 2015-05-28 20:31 - 00001294 _____ () C:\Windows\system32\.crusader
2015-05-28 20:02 - 2015-05-28 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-28 20:01 - 2015-05-28 20:01 - 11024496 _____ (SurfRight B.V.) C:\Users\Timofey Tyagur\Downloads\HitmanPro_x64.exe
2015-05-28 08:19 - 2015-05-28 08:19 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ParetoLogic
2015-05-28 08:18 - 2015-05-28 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-05-28 08:18 - 2015-05-28 08:18 - 00000000 _____ () C:\autoexec.bat
2015-05-27 23:43 - 2015-05-27 23:55 - 00014996 _____ () C:\Users\Timofey Tyagur\Downloads\Travel plans 2015 .xlsm
2015-05-27 23:43 - 2015-05-27 23:43 - 00000165 ____H () C:\Users\Timofey Tyagur\Downloads\~$Travel plans 2015 .xlsm
2015-05-27 23:26 - 2015-05-28 09:26 - 00085356 _____ () C:\Windows\PFRO.log
2015-05-27 23:20 - 2015-05-31 17:35 - 00463814 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 23:02 - 2015-05-31 20:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 23:02 - 2015-05-27 23:02 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-27 23:02 - 2015-05-27 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-27 23:01 - 2015-05-27 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-27 23:01 - 2015-05-27 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-27 23:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-27 23:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-27 23:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-27 22:59 - 2015-05-27 23:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Timofey Tyagur\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-27 22:58 - 2015-05-27 22:58 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner (1).exe
2015-05-27 22:56 - 2015-05-27 22:56 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe
2015-05-02 10:54 - 2015-04-18 11:18 - 00000080 _____ () C:\Users\Timofey Tyagur\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-05-01 19:11 - 2015-05-01 19:11 - 00002840 _____ () C:\Users\Timofey Tyagur\Downloads\latest.edemo.jnlp
2015-05-01 19:11 - 2015-05-01 19:11 - 00000008 ___RH () C:\Users\Timofey Tyagur\hwid
2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Saxo Bank
2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Saxo Bank
2015-05-01 16:41 - 2015-05-01 16:41 - 00002070 _____ () C:\Users\Timofey Tyagur\Desktop\SaxoTrader.lnk
2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saxo Bank
2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Program Files (x86)\Saxo Bank
2015-05-01 16:38 - 2015-05-01 16:38 - 00301352 _____ (Saxo Bank) C:\Users\Timofey Tyagur\Downloads\SaxoTrader2_webdeploy.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-31 21:22 - 2014-08-15 15:05 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-05-31 18:45 - 2013-10-09 18:45 - 00000250 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-05-28 22:41 - 2013-08-10 09:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1532010537-4047090494-72995704-1001
2015-05-28 21:50 - 2012-09-27 13:49 - 00797086 _____ () C:\Windows\system32\perfh019.dat
2015-05-28 21:50 - 2012-09-27 13:49 - 00167944 _____ () C:\Windows\system32\perfc019.dat
2015-05-28 21:50 - 2012-07-26 09:28 - 01774770 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 21:42 - 2015-01-18 18:25 - 00003264 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-1001
2015-05-28 21:42 - 2014-01-03 13:01 - 00003384 _____ () C:\Windows\System32\Tasks\Update Checker
2015-05-28 21:42 - 2013-10-09 18:45 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-05-28 21:42 - 2013-02-01 13:42 - 00003052 _____ () C:\Windows\System32\Tasks\ASUS P4G
2015-05-28 21:42 - 2013-02-01 13:42 - 00003024 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2015-05-28 21:42 - 2013-02-01 13:38 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-05-28 21:41 - 2013-08-10 08:54 - 00000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys
2015-05-28 21:41 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 20:55 - 2015-01-18 18:25 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-1001
2015-05-28 20:51 - 2014-05-11 13:32 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\.ACEStream
2015-05-28 20:51 - 2014-05-11 13:31 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream
2015-05-28 20:42 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-28 20:34 - 2013-02-01 13:48 - 00004280 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-28 08:17 - 2013-08-10 08:54 - 00000000 ____D () C:\Users\Timofey Tyagur
2015-05-27 23:26 - 2014-10-06 23:05 - 00000000 ____D () C:\Program Files\biforder
2015-05-27 23:05 - 2014-03-23 21:15 - 00000000 ____D () C:\temp
2015-05-27 22:41 - 2013-09-05 13:05 - 02318336 ___SH () C:\Users\Timofey Tyagur\Desktop\Thumbs.db
2015-05-27 22:25 - 2013-08-24 11:34 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Skype
2015-05-21 20:44 - 2013-08-21 20:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\vlc
2015-05-18 08:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-05-05 21:02 - 2014-01-16 18:29 - 00575488 ___SH () C:\Users\Timofey Tyagur\Downloads\Thumbs.db
2015-05-02 12:57 - 2013-08-09 21:36 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\DAEMON Tools Lite
2015-05-02 10:51 - 2014-04-29 23:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Rockstar Games
2015-05-02 04:21 - 2013-11-19 14:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-01 00:41 - 2014-11-09 21:05 - 00000000 ____D () C:\Users\Timofey Tyagur\Downloads\Cities XL
 
==================== Files in the root of some directories =======
 
2015-05-28 08:19 - 2015-05-28 20:37 - 0000115 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\LogFile.txt
2013-09-29 19:55 - 2013-09-29 19:55 - 0000021 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\my_intel.sys
2014-09-03 00:18 - 2014-09-03 00:18 - 0611500 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\Scorch_Install.log
2013-08-10 08:54 - 2015-05-28 21:41 - 0000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys
2015-04-08 20:46 - 2015-04-08 21:24 - 0004608 _____ () C:\Users\Timofey Tyagur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 18:53 - 2014-12-11 00:30 - 0000112 _____ () C:\ProgramData\j75O8Et0M.dat
2012-11-24 03:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-24 03:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-24 03:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\j75O8Et0M.dat
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-23 10:47
 
==================== End of log ============================
 
Thank you very much in advance. 
Timofey
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.