TechSpot

Virus that freezes Desktop after few minutes

By Kosmoss
Apr 14, 2016
  1. After logging my desktop freezes after few minutes, safe mode is working.

    I saw that a lot of svchost proceses is genereted that uses RAM and CPU a lot.

    I scaned with malwareBytes and it found a lot of lpk.dll infected files (but not one in system32)


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
    Ran by asmirnovs (administrator) on SMIRNOVS-PC (14-04-2016 15:03:20)
    Running from C:\Users\asmirnovs\Downloads
    Loaded Profiles: asmirnovs (Available Profiles: asmirnovs & ezuburs & Smirnovs)
    Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\xampp\xampp-control.exe
    (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
    () C:\xampp\mysql\bin\mysqld.exe
    (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    () D:\dropbox\Dropbox\ToltekTennis\ToltekTennis\ToltekTennis\bin\Debug\ToltekTennis.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2015-01-23] (Cisco Systems, Inc.)
    HKU\S-1-5-21-1587357081-2278573558-14970797-1758\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
    HKU\S-1-5-21-1587357081-2278573558-14970797-1758\...\Run: [Dropbox Update] => C:\Users\asmirnovs\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
    HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    Startup: C:\Users\asmirnovs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-18]
    ShortcutTarget: Dropbox.lnk -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 80.233.167.4 80.233.167.7 80.233.167.10
    Tcpip\..\Interfaces\{BD2B5B22-B078-4D9A-8EE1-05A7ED3C5FE3}: [DhcpNameServer] 80.233.167.4 80.233.167.7 80.233.167.10

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1587357081-2278573558-14970797-1758\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1587357081-2278573558-14970797-1758\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\asmirnovs\AppData\Roaming\Mozilla\Firefox\Profiles\1wlqapta.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-20] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-20] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
    FF Extension: User Agent Switcher - C:\Users\asmirnovs\AppData\Roaming\Mozilla\Firefox\Profiles\1wlqapta.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-06-03]
    FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
    FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-11-12] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
    CHR Extension: (YouTube) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\cepflbjhkkhegamaeacdddihaphhgmci [2014-10-30]
    CHR Extension: (Google Search) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-03-14]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-04-07]
    CHR Extension: (Postman) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-04-04]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-04]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-04-14]
    CHR Extension: (90`s Games) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2015-03-18]
    CHR Extension: (Google Slides) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-02-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
    CHR Extension: (Gmail) - C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
    S2 fastuserswitchingcompatibility; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S2 fastuserswitchingcompatibility; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
    S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
    S2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [105960 2014-11-19] (Kaspersky Lab ZAO)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S2 Mmserves; C:\WINDOWS\SysWOW64\srvany.exe [8192 2016-04-04] () [File not signed]
    S2 MsDtsServer; C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [199384 2005-10-14] (Microsoft Corporation)
    S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-23] (Microsoft Corporation)
    S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
    S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 Wsawoe rakseuok; C:\Program Files (x86)\Microsoft Pkkahh\Wysgwey.exe [11776 2016-04-07] () [File not signed]
    S4 Wsfjsq pwmjhmrp; C:\Program Files (x86)\Microsoft Tuuzsr\Effkdcl.exe [11776 2016-04-06] () [File not signed]
    S4 Wskqpd ckwuscpt; C:\Program Files (x86)\Microsoft Ipvbdf\Tagmoqp.exe [11776 2016-04-04] () [File not signed]
    S4 Wsqfgr tpaxmxso; C:\Program Files (x86)\Microsoft Bslabm\Mdwlmxz.exe [11776 2016-04-06] () [File not signed]
    S2 Wsroxx jaqubasm; C:\Program Files (x86)\Microsoft Mwmgci\Iakikek.exe [11776 2016-04-06] () [File not signed]
    S4 Wsuvou xydwgyhk; C:\Program Files (x86)\Microsoft Cuaagw\Oeqcsqa.exe [11776 2016-04-06] () [File not signed]
    S2 Wsxkqo dyxafpxp; C:\Program Files (x86)\Microsoft Qnnagu\Xpjhphh.exe [19456 2016-04-06] () [File not signed]
    S2 Wszdbb vkynbjgl; C:\Program Files (x86)\Microsoft Nnuyxw\Siqtscw.exe [11776 2016-04-06] () [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
    R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
    R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
    S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
    R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
    R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-09-05] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [98400 2014-10-27] (Kaspersky Lab ZAO)
    S1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30816 2013-07-08] (Kaspersky Lab ZAO)
    S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [661600 2014-10-27] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-07-11] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-22] (Kaspersky Lab ZAO)
    S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-01] (Kaspersky Lab ZAO)
    S3 KProcessHacker2; C:\Program Files\Process Hacker 2\kprocesshacker.sys [39576 2013-11-13] (wj32)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2014-10-24] (Qualcomm Atheros Co., Ltd.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-14] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-01-23] (Cisco Systems, Inc.)
    S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-14 15:03 - 2016-04-14 15:03 - 02375168 _____ (Farbar) C:\Users\asmirnovs\Downloads\FRST64.exe
    2016-04-14 15:03 - 2016-04-14 15:03 - 00025337 _____ C:\Users\asmirnovs\Downloads\FRST.txt
    2016-04-14 15:03 - 2016-04-14 15:03 - 00000000 ____D C:\FRST
    2016-04-14 15:02 - 2016-04-14 15:02 - 01725952 _____ (Farbar) C:\Users\asmirnovs\Downloads\FRST.exe
    2016-04-14 15:02 - 2016-04-14 15:02 - 01725952 _____ (Farbar) C:\Users\asmirnovs\Downloads\FRST (1).exe
    2016-04-14 14:27 - 2016-04-14 14:27 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-04-14 14:15 - 2016-04-14 14:15 - 01153912 _____ (Emsi Software GmbH) C:\Users\asmirnovs\Downloads\BlitzBlank.exe
    2016-04-14 14:06 - 2016-04-14 14:06 - 00003457 _____ C:\Users\asmirnovs\Desktop\Svchost.exe.search-ms
    2016-04-14 13:08 - 2016-04-14 13:08 - 00000000 ___SD C:\ComboFix
    2016-04-14 12:49 - 2016-04-14 13:08 - 00000000 ____D C:\Qoobox
    2016-04-14 12:49 - 2016-04-14 13:02 - 00000000 ____D C:\Windows\erdnt
    2016-04-14 12:49 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-04-14 12:49 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-04-14 12:49 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-04-14 12:49 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-04-14 12:49 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-04-14 12:49 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
    2016-04-14 12:49 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
    2016-04-14 12:49 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
    2016-04-14 12:48 - 2016-04-14 12:49 - 05660069 ____R (Swearware) C:\Users\asmirnovs\Downloads\ComboFix.exe
    2016-04-14 11:53 - 2016-04-14 12:02 - 00000000 ____D C:\Program Files (x86)\DLL Suite
    2016-04-14 11:50 - 2016-04-14 11:52 - 21319616 _____ ( ) C:\Users\asmirnovs\Downloads\DLLSuite_Setup.exe
    2016-04-13 18:53 - 2016-04-14 10:36 - 00009593 _____ C:\Users\asmirnovs\Downloads\Versija.2.16.xlsx
    2016-04-13 18:51 - 2016-04-13 18:51 - 00010166 _____ C:\Users\asmirnovs\Downloads\Versija.2.15 (1).xlsx
    2016-04-13 10:35 - 2016-04-13 10:35 - 06516656 _____ (Tim Kosse) C:\Users\asmirnovs\Downloads\FileZilla_3.16.1_win64-setup.exe
    2016-04-12 14:12 - 2016-04-13 14:36 - 00015381 _____ C:\Users\asmirnovs\Desktop\scenariji.xlsx
    2016-04-12 10:30 - 2016-04-14 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-04-11 17:07 - 2016-04-11 17:07 - 00017662 _____ C:\Users\asmirnovs\Downloads\Application16166169.pdf
    2016-04-11 17:07 - 2016-04-11 17:07 - 00017528 _____ C:\Users\asmirnovs\Downloads\Application16145430.pdf
    2016-04-11 17:04 - 2016-04-11 17:04 - 59359897 _____ C:\Users\asmirnovs\Desktop\Lattelecomlv.web.v2.15.1.zip
    2016-04-11 10:49 - 2016-04-11 10:49 - 00000000 ____D C:\Users\asmirnovs\Desktop\Lattelecomlv.web.v2.15.1
    2016-04-11 10:49 - 2016-03-24 11:51 - 58939097 _____ C:\Users\asmirnovs\Desktop\Lattelecomlv.web.v2.15.zip
    2016-04-10 13:09 - 2016-04-10 13:17 - 00000000 ____D C:\Program Files (x86)\Wise PC Doctor
    2016-04-10 13:09 - 2016-04-10 13:09 - 02530071 _____ (Wise PC Doctor ) C:\Users\asmirnovs\Downloads\wisepcdoctor_Standard_Setup.exe
    2016-04-10 13:06 - 2016-01-19 14:18 - 00003072 _____ (Microsoft Corporation) C:\Users\asmirnovs\Desktop\lpk.dll
    2016-04-10 13:00 - 2016-04-10 13:00 - 00002081 _____ C:\Users\asmirnovs\Downloads\lpk.zip
    2016-04-10 12:55 - 2013-06-06 08:50 - 00041472 _____ (Microsoft Corporation) C:\Users\asmirnovs\Desktop\lpk_old.dll
    2016-04-10 12:15 - 2016-04-14 14:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-04-10 12:15 - 2016-04-10 12:15 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-04-10 12:15 - 2016-04-10 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-04-10 12:15 - 2016-04-10 12:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-04-10 12:15 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-04-10 12:15 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-04-10 12:15 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-04-10 12:14 - 2016-04-10 12:14 - 22851472 _____ (Malwarebytes ) C:\Users\asmirnovs\Downloads\mbam-setup-2.2.1.1043.exe
    2016-04-10 10:56 - 2016-04-10 11:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Exuksk
    2016-04-09 21:39 - 2016-04-09 21:39 - 00000000 ____D C:\Program Files\Common Files\ODBC
    2016-04-09 11:53 - 2016-04-09 12:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Gmomqo
    2016-04-08 20:23 - 2016-04-08 21:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Zrxwnj
    2016-04-08 17:55 - 2016-04-08 20:31 - 00020480 _____ C:\Windows\SysWOW64\v5.exe
    2016-04-08 17:51 - 2016-04-10 14:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2016-04-08 15:10 - 2016-04-08 15:10 - 00026624 _____ C:\Windows\SysWOW64\lufdmi.exe
    2016-04-08 10:40 - 2016-04-08 21:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Zhvgfg
    2016-04-08 10:40 - 2016-04-08 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Govqwr
    2016-04-08 10:39 - 2016-04-08 10:40 - 00019456 _____ C:\Windows\SysWOW64\DhlServer.exe
    2016-04-07 21:18 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Saogyw
    2016-04-07 13:29 - 2016-04-07 13:29 - 00565248 _____ C:\Windows\SysWOW64\nktlnrsjwo
    2016-04-07 11:26 - 2016-04-07 11:26 - 00011776 _____ C:\Windows\Ru4808106.EXE
    2016-04-07 11:21 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Pkkahh
    2016-04-07 10:09 - 2016-04-07 10:09 - 00262144 _____ C:\Windows\system32\config\elam
    2016-04-07 08:01 - 2016-04-08 21:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Xujvle
    2016-04-07 03:50 - 2016-04-07 03:50 - 00156672 _____ () C:\Windows\SysWOW64\wemotqe.dll
    2016-04-06 21:05 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Qnnagu
    2016-04-06 16:44 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Nnuyxw
    2016-04-06 15:50 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Bslabm
    2016-04-06 14:30 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Tuuzsr
    2016-04-06 14:25 - 2016-04-14 12:57 - 00000000 ____D C:\ProgramData\DRM
    2016-04-06 10:44 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Mwmgci
    2016-04-06 08:00 - 2016-04-07 12:22 - 00000000 ____D C:\Windows\WindowsUpdata
    2016-04-06 07:51 - 2016-04-06 07:51 - 00057429 _____ C:\Windows\SysWOW64\xggwai.exe
    2016-04-06 06:26 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Swqmeg
    2016-04-06 05:33 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Cuaagw
    2016-04-05 20:29 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Wfvcqp
    2016-04-05 19:21 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Owouqy
    2016-04-05 18:41 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Gmsimm
    2016-04-05 16:43 - 2016-04-10 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Ipvbdf
    2016-04-05 15:41 - 2016-04-05 15:41 - 00040960 _____ () C:\Windows\SysWOW64\401HK.exe
    2016-04-05 15:41 - 2016-04-05 15:41 - 00000000 ____D C:\Program Files\MSSQLBING
    2016-04-05 12:39 - 2016-04-05 12:39 - 68746055 _____ C:\Users\asmirnovs\Downloads\itv.psd
    2016-04-04 13:15 - 2016-04-04 13:15 - 00008192 _____ C:\Windows\SysWOW64\srvany.exe
    2016-04-02 21:03 - 2016-04-02 21:01 - 22345087 _____ C:\Users\asmirnovs\Desktop\IMG_2149.CR2
    2016-03-31 15:26 - 2016-03-31 15:26 - 00075046 _____ C:\Users\asmirnovs\Downloads\icon (1).zip
    2016-03-31 09:24 - 2016-03-31 09:24 - 00114902 _____ C:\Users\asmirnovs\Downloads\esfkf.txt.20160325.zip
    2016-03-31 09:24 - 2016-03-25 04:27 - 00823318 _____ C:\Users\asmirnovs\Desktop\esfkf.txt.20160325.txt
    2016-03-24 12:00 - 2016-03-24 12:00 - 00010166 _____ C:\Users\asmirnovs\Downloads\Versija.2.15.xlsx
    2016-03-24 11:58 - 2016-03-24 12:00 - 00010166 _____ C:\Users\asmirnovs\Downloads\Versija.2.14 (1).xlsx
    2016-03-23 09:03 - 2016-03-23 09:03 - 00017505 _____ C:\Users\asmirnovs\Downloads\accesslog_liepaja-airport.lv_3_23_2016.gz
    2016-03-19 00:19 - 2016-03-19 00:19 - 00030479 _____ C:\Users\asmirnovs\Downloads\download.xls
    2016-03-18 23:48 - 2016-03-18 23:48 - 00000000 ____D C:\Users\asmirnovs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-03-16 11:57 - 2016-03-16 11:58 - 00122473 _____ C:\Users\asmirnovs\Downloads\apraksts.gz

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-14 14:52 - 2014-10-28 12:06 - 00000000 ____D C:\Users\asmirnovs\AppData\Roaming\Skype
    2016-04-14 14:43 - 2014-10-24 11:24 - 00000208 _____ C:\Windows\system32\config\netlogon.ftl
    2016-04-14 14:42 - 2014-11-13 11:50 - 00000000 ____D C:\Users\asmirnovs\AppData\Local\TSVNCache
    2016-04-14 14:41 - 2015-03-30 10:29 - 00922326 _____ C:\Windows\ntbtlog.txt
    2016-04-14 14:27 - 2014-10-27 08:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2016-04-14 14:27 - 2009-07-14 08:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-04-14 14:26 - 2014-10-27 16:42 - 00000000 ____D C:\Users\asmirnovs\AppData\Roaming\Dropbox
    2016-04-14 14:26 - 2014-10-24 11:27 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-04-14 14:25 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-14 13:18 - 2015-06-07 10:08 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1587357081-2278573558-14970797-1758UA.job
    2016-04-14 13:17 - 2014-10-27 16:30 - 00000000 __SHD C:\Users\asmirnovs\IntelGraphicsProfiles
    2016-04-14 13:02 - 2014-10-24 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-04-14 13:02 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
    2016-04-14 13:01 - 2009-07-14 05:34 - 205160448 _____ C:\Windows\system32\config\software.bak
    2016-04-14 13:01 - 2009-07-14 05:34 - 18874368 _____ C:\Windows\system32\config\default.bak
    2016-04-14 13:01 - 2009-07-14 05:34 - 154402816 _____ C:\Windows\system32\config\system.bak
    2016-04-14 13:01 - 2009-07-14 05:34 - 00053248 _____ C:\Windows\system32\config\security.bak
    2016-04-14 13:00 - 2014-10-30 13:17 - 00000000 ____D C:\Users\asmirnovs\AppData\Roaming\KeePass
    2016-04-14 12:58 - 2014-10-28 12:43 - 00000600 _____ C:\Users\asmirnovs\AppData\Local\PUTTY.RND
    2016-04-14 12:55 - 2015-10-30 13:58 - 00000000 ____D C:\ProgramData\TEMP
    2016-04-13 19:06 - 2016-02-19 16:32 - 00000000 ____D C:\Users\asmirnovs\Desktop\build
    2016-04-13 14:10 - 2014-10-28 10:42 - 00000000 ____D C:\Users\asmirnovs\AppData\Roaming\FileZilla
    2016-04-12 06:42 - 2014-10-30 15:47 - 00000000 ____D C:\Users\asmirnovs\AppData\Local\IE Tab
    2016-04-10 14:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\LiveKernelReports
    2016-04-10 14:05 - 2016-01-04 17:18 - 00000000 ____D C:\Users\asmirnovs\Desktop\TimeGame
    2016-04-10 14:05 - 2014-10-28 10:59 - 00000000 ____D C:\xampp
    2016-04-10 14:05 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
    2016-04-10 12:36 - 2009-07-14 08:13 - 00858948 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-10 12:36 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
    2016-04-10 12:27 - 2014-11-13 11:39 - 00000000 ____D C:\Users\asmirnovs\AppData\Roaming\uTorrent
    2016-04-10 12:27 - 2014-10-29 18:28 - 00000000 ____D C:\Program Files\WinRAR
    2016-04-10 12:27 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system
    2016-04-10 12:20 - 2015-03-30 10:51 - 00000000 ____D C:\Users\asmirnovs\AppData\Local\ElevatedDiagnostics
    2016-04-10 12:02 - 2015-06-11 13:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-04-10 09:07 - 2015-02-11 17:19 - 00000000 ____D C:\Users\asmirnovs\Documents\Visual Studio 2012
    2016-04-10 07:18 - 2015-06-07 10:08 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1587357081-2278573558-14970797-1758Core.job
    2016-04-08 23:17 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2016-04-08 23:14 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2016-04-08 23:14 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\SysWOW64\com
    2016-04-08 23:13 - 2014-10-24 11:15 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
    2016-04-08 22:41 - 2010-11-21 09:30 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
    2016-04-08 22:34 - 2015-06-25 20:21 - 00000000 ____D C:\Users\asmirnovs\Documents\bank
    2016-04-08 21:40 - 2014-10-28 12:42 - 00000000 ____D C:\Program Files (x86)\WinSCP
    2016-04-08 21:40 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
    2016-04-08 21:40 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-04-08 21:37 - 2016-01-27 12:01 - 00000000 ____D C:\Program Files (x86)\RAMRush
    2016-04-08 21:37 - 2014-10-28 12:43 - 00000000 ____D C:\Program Files (x86)\PuTTY
    2016-04-08 21:37 - 2014-10-28 11:14 - 00000000 ____D C:\Program Files (x86)\Notepad++
    2016-04-08 20:52 - 2014-10-24 11:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-04-08 20:45 - 2014-10-27 16:47 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
    2016-04-08 20:43 - 2016-02-03 15:47 - 00000000 ____D C:\Program Files (x86)\IIS Express
    2016-04-08 20:43 - 2015-04-26 14:01 - 00000000 ____D C:\Program Files (x86)\Git
    2016-04-08 20:43 - 2015-04-26 13:59 - 00000000 ____D C:\Program Files (x86)\GitExtensions
    2016-04-08 20:43 - 2014-10-27 17:11 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
    2016-04-08 20:41 - 2015-11-12 10:59 - 00000000 ____D C:\Program Files (x86)\Fiddler2
    2016-04-08 20:41 - 2014-10-28 10:42 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
    2016-04-08 20:39 - 2015-11-24 16:17 - 00000000 ____D C:\Program Files (x86)\ActiveHelper Support Panel
    2016-04-08 20:39 - 2014-11-13 17:25 - 00000000 ____D C:\Program Files (x86)\ColorPic 4.1
    2016-04-08 20:39 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2016-04-08 20:38 - 2014-10-29 13:03 - 00000000 ____D C:\Program Files\NetBeans 8.0.1
    2016-04-08 20:38 - 2014-10-28 12:06 - 00000000 ____D C:\Program Files\Process Hacker 2
    2016-04-08 20:38 - 2010-11-21 09:30 - 00000000 ____D C:\Program Files\Windows Journal
    2016-04-08 20:38 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-04-08 20:38 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\Windows Defender
    2016-04-08 20:37 - 2015-03-31 11:25 - 00000000 ____D C:\Program Files\NetBeans 7.3.1
    2016-04-08 20:32 - 2014-10-24 11:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-04-08 20:31 - 2015-04-26 14:01 - 00000000 ____D C:\Program Files\KDiff3
    2016-04-08 20:30 - 2016-02-03 15:47 - 00000000 ____D C:\Program Files\IIS Express
    2016-04-08 20:30 - 2015-09-14 16:41 - 00000000 ____D C:\Program Files\grepWin
    2016-04-08 20:30 - 2014-10-28 10:36 - 00000000 ____D C:\Program Files\HeidiSQL
    2016-04-08 20:29 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\DVD Maker
    2016-04-08 20:26 - 2016-03-02 15:58 - 00000000 ____D C:\instantclient_12_1
    2016-04-08 20:26 - 2014-10-24 11:28 - 00000000 ____D C:\Program Files\7-Zip
    2016-04-08 14:50 - 2009-07-14 07:45 - 00026320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-04-08 14:50 - 2009-07-14 07:45 - 00026320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-04-08 00:18 - 2009-07-14 05:34 - 00036864 _____ C:\Windows\system32\config\sam.bak
    2016-04-07 14:36 - 2014-10-28 13:11 - 00000600 _____ C:\Users\asmirnovs\AppData\Roaming\winscp.rnd
    2016-04-07 14:25 - 2016-02-03 15:59 - 00000000 ____D C:\Users\asmirnovs\Documents\Visual Studio 2015
    2016-04-05 16:46 - 2014-11-13 15:39 - 00001456 _____ C:\Users\asmirnovs\AppData\Local\Adobe Save for Web 13.0 Prefs
    2016-04-05 16:26 - 2016-02-01 11:18 - 00000000 ____D C:\Users\asmirnovs\Desktop\ltc-images
    2016-04-04 15:34 - 2014-10-24 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-04-03 10:40 - 2016-02-19 17:10 - 00001412 _____ C:\Users\asmirnovs\Desktop\todolist.txt
    2016-03-31 13:18 - 2016-02-11 13:37 - 00002308 ____H C:\Users\asmirnovs\Documents\Default.rdp
    2016-03-31 12:28 - 2014-11-12 12:02 - 00000000 ____D C:\Users\asmirnovs\Documents\Visual Studio 2008
    2016-03-31 12:28 - 2014-10-29 17:46 - 00000000 ____D C:\Users\asmirnovs\Documents\SQL Server Management Studio
    2016-03-31 09:27 - 2015-01-06 16:09 - 00000000 ____D C:\temp
    2016-03-30 23:48 - 2014-10-24 11:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-03-21 13:20 - 2016-02-28 16:33 - 78199063 _____ C:\Users\asmirnovs\Desktop\db-bank-migr.sql
    2016-03-16 10:50 - 2015-03-30 14:09 - 01833374 ____H C:\Users\asmirnovs\AppData\Local\IconCache.db.backup
    2016-03-15 14:50 - 2014-11-13 19:00 - 00000000 ____D C:\Users\asmirnovs\.gimp-2.8

    ==================== Files in the root of some directories =======

    2016-04-06 15:51 - 2016-04-06 15:54 - 1720320 ___SH () C:\Program Files (x86)\Common Files\game918.exe
    2014-11-21 12:47 - 2015-06-25 14:24 - 0000132 _____ () C:\Users\asmirnovs\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2014-11-13 14:44 - 2016-03-09 13:10 - 0000034 _____ () C:\Users\asmirnovs\AppData\Roaming\AdobeWLCMCache.dat
    2015-09-17 13:20 - 2015-09-17 13:20 - 1758665 _____ () C:\Users\asmirnovs\AppData\Roaming\npm.zip
    2014-10-28 13:11 - 2016-04-07 14:36 - 0000600 _____ () C:\Users\asmirnovs\AppData\Roaming\winscp.rnd
    2014-11-13 15:39 - 2016-04-05 16:46 - 0001456 _____ () C:\Users\asmirnovs\AppData\Local\Adobe Save for Web 13.0 Prefs
    2014-10-28 12:43 - 2016-04-14 12:58 - 0000600 _____ () C:\Users\asmirnovs\AppData\Local\PUTTY.RND
    2016-03-08 16:23 - 2016-03-08 16:23 - 0002257 _____ () C:\Users\asmirnovs\AppData\Local\recently-used.xbel
    2015-11-10 11:24 - 2015-11-12 11:05 - 0014187 _____ () C:\Users\asmirnovs\AppData\Local\TempMy Log File.txt

    Some files in TEMP:
    ====================
    C:\Users\asmirnovs\AppData\Local\Temp\GUR8381.exe
    C:\Users\asmirnovs\AppData\Local\Temp\{13AC054A-3C28-4F73-844B-9D8BD4D2B305}-49.0.2623.112_49.0.2623.110_chrome_updater.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-04-08 00:18

    ==================== End of FRST.txt ============================
     
  2. Kosmoss

    Kosmoss TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
    Ran by asmirnovs (2016-04-14 15:03:37)
    Running from C:\Users\asmirnovs\Downloads
    Windows 7 Enterprise Service Pack 1 (X64) (2014-10-23 14:00:30)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-84501023-953453865-1424904438-500 - Administrator - Disabled)
    Guest (S-1-5-21-84501023-953453865-1424904438-501 - Limited - Disabled)
    piress (S-1-5-21-84501023-953453865-1424904438-1012 - Administrator - Enabled)
    Smirnovs (S-1-5-21-84501023-953453865-1424904438-1000 - Administrator - Enabled) => C:\Users\Smirnovs

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Endpoint Security 10 for Windows (Enabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Endpoint Security 10 for Windows (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Endpoint Security 10 for Windows (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1587357081-2278573558-14970797-1758\...\uTorrent) (Version: 3.4.2.35706 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ActiveHelper Support Panel (HKLM-x32\...\LiveChat) (Version: 5.2 - Mentat Technologies Ltda)
    ActiveHelper Support Panel (x32 Version: 5.2 - Mentat Technologies Ltda) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{B87B45A1-B23C-48DC-8857-9B619B420925}) (Version: 4.1.60107.3 - Microsoft Corporation)
    ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
    Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
    AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Canon MF8200C Series (HKLM\...\{C2938963-3BB0-41cd-9769-E28814C59075}) (Version: 4.2.0.0 - CANON INC.)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06078 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06078 - Cisco Systems, Inc.) Hidden
    ColorPic (HKLM-x32\...\ColorPic) (Version: 4.1 - Iconico)
    Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
    Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
    Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
    Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
    Dropbox (HKU\S-1-5-21-1587357081-2278573558-14970797-1758\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
    Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
    Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
    Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.1.5 - Telerik)
    FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Git Extensions 2.48.03 (HKLM-x32\...\{2FB6BD8C-1D04-4595-BFCC-5EC326E939F8}) (Version: 2.48.03 - Henk)
    Git version 1.9.4-preview20140929 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140929 - The Git Development Community)
    Google Chrome (HKLM-x32\...\{D0759C6C-1F01-345D-8F59-E3B43977D754}) (Version: 49.0.2623.110 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    grepWin x64 (HKLM\...\{260D91ED-217D-4F44-ADC2-89A0A6428DE0}) (Version: 1.6.633 - Stefans Tools)
    HeidiSQL (HKLM\...\HeidiSQL_is1) (Version: - Ansgar Becker)
    IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{94931BF0-5331-4B67-A8D0-6793A933B7B6}) (Version: 5.0.10.2907 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
    Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
    JetBrains PhpStorm 8.0.1 (HKLM-x32\...\PhpStorm 8.0.1) (Version: 138.2001.2328 - JetBrains s.r.o.)
    Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
    Kaspersky Endpoint Security 10 for Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
    Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.2.434 - Kaspersky Lab)
    Kaspersky Security Center Network Agent (x32 Version: 10.2.434 - Kaspersky Lab) Hidden
    KDiff3 (remove only) (HKLM-x32\...\KDiff3) (Version: - )
    KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
    Latvian (Apostrofs v1.0; punkts) (HKLM\...\{A4C7BB3F-B150-4C96-951A-74F818673D93}) (Version: 1.0.3.40 - laacz unltd)
    LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Compact Framework 1.0 SP3 Developer (HKLM-x32\...\{6C531060-84FB-4F96-8F33-29DF020632EB}) (Version: 1.0.4292 - Microsoft Corporation)
    Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
    Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
    Microsoft .NET Framework 2.0 SDK (x64) - ENU (HKLM\...\Microsoft .NET Framework 2.0 SDK (x64) - ENU) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
    Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Document Explorer 2005 (HKLM-x32\...\Microsoft Document Explorer 2005) (Version: - Microsoft Corporation)
    Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
    Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
    Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Language Pack 2007 - Latvian/latviski (HKLM-x32\...\OMUI.lv-lv) (Version: 12.0.4518.1045 - Microsoft Corporation)
    Microsoft Office Powerpoint 2007 Help atjauninājums (KB963669) (HKLM-x32\...\{90120000-0018-0426-0000-0000000FF1CE}_OMUI.lv-lv_{53EB9B9A-9DB8-4D36-AC95-E8BB45AA9A1D}) (Version: - Microsoft)
    Microsoft Office Word 2007 Help atjauninājums (KB963665) (HKLM-x32\...\{90120000-001B-0426-0000-0000000FF1CE}_OMUI.lv-lv_{987CFE49-2B82-40DD-B27E-2F7C6B1C0F27}) (Version: - Microsoft)
    Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{C92556F2-4950-48CF-ABA3-F0026B05BCE8}) (Version: 8.05.1054 - Microsoft Corporation)
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (HKLM-x32\...\{1389C6A4-4965-4AEC-9175-08B54A10FA48}) (Version: 3.0.0.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU (HKLM\...\{75F299F3-8234-47CD-BB40-2994C1B1105E}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Professional Edition - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (HKLM-x32\...\KB926601.T2_29ToU260_29) (Version: 1 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB945140) (Version: 1 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{64D5BBC6-5270-3711-AA39-31C1087AF4E6}.KB945140) (Version: 1 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Team Explorer - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Team Explorer - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{766B3A7A-B5AE-33F5-9858-75E692799C84}.KB945140) (Version: 1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{1d03ad7c-fa27-4517-91b0-410bb49f94d9}) (Version: 14.0.24720.1 - Microsoft Corporation)
    Microsoft Visual Studio Premium 2012 (HKLM-x32\...\{ddf0bb95-e254-447e-8472-3470057d9c7e}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
    Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
    Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
    Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5294.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5294.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Windows 7 (7.0) (HKLM\...\SDKSetup_7.0.7600.16385.40715) (Version: 7.0.7600.16385.40715 - Microsoft Corporation)
    Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
    Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)
    MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
    Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
    MySQL Connector Net 6.1.6 (HKLM-x32\...\{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 6.1.6 - Oracle)
    MySQL Connector/ODBC 5.1 (HKLM-x32\...\{EDB9F166-FA9B-4F71-B2C8-BECD561BD77F}) (Version: 5.1.13 - Oracle Corporation)
    NetBeans IDE 7.3.1 (HKLM\...\nbi-nb-base-7.3.1.0.201306052037) (Version: 7.3.1 - NetBeans.org)
    NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    pgAdmin III 1.20 (HKLM-x32\...\{F58594B6-AA28-45B2-B1D6-01CC516AE05E}) (Version: 1.20 - The pgAdmin Development Team)
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
    PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    RAMRush 1.0.6.917 (HKLM-x32\...\RAMRush_is1) (Version: - FTweak, Inc.)
    Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
    Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
    SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
    Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
    SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
    Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
    Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
    TortoiseSVN 1.8.8.25755 (64 bit) (HKLM\...\{7DAA9D5A-ED99-40D2-AA9D-386722FE105A}) (Version: 1.8.25755 - TortoiseSVN)
    TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
    TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM-x32\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM-x32\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.30729 - Microsoft Corporation)
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
    WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
    WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
    Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
    Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
    Windows Phone Emulator - ENU (HKLM-x32\...\{EBAF3EDB-7F86-3B10-9C83-18A881821F65}) (Version: 10.0.30128 - Microsoft Corporation)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
    WinSCP 5.6.2 beta (HKLM-x32\...\winscp3_is1) (Version: 5.6.2 beta - Martin Prikryl)
    XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
     
  3. Kosmoss

    Kosmoss TS Rookie Topic Starter

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1587357081-2278573558-14970797-1758_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03324F9B-6916-40AC-BD7E-FCA0181EC562} - System32\Tasks\{6757DF31-E83E-40DB-87C2-A550042C896F} => pcalua.exe -a "C:\Program Files\NetBeans 8.0.1\uninstall.exe"
    Task: {123D93F7-04D1-4EB9-A4E3-4101218EB8E2} - System32\Tasks\{9604CBDA-9A9F-41E8-8879-5B80F9E85B5E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.0.107/en/abandoninstall?page=tsProgressBar
    Task: {1F4B99B3-FBD1-43C9-8EE5-32B57CFC164E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1587357081-2278573558-14970797-1758Core => C:\Users\asmirnovs\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-07] (Dropbox, Inc.)
    Task: {6209A2C7-F8D3-4261-A130-CF86253E5B92} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1587357081-2278573558-14970797-1758UA => C:\Users\asmirnovs\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-07] (Dropbox, Inc.)
    Task: {64221CEA-8D00-4962-972D-B9EF8902D471} - System32\Tasks\{670B1B3D-C6B0-4A8F-A896-040B77D5D5A8} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall PROPLUS /dll OSETUP.DLL
    Task: {96DCC92F-7D33-4C79-85EE-CC7A31DC94E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {A30D8F21-EDB9-44FB-8B60-ED22BB4C5383} - System32\Tasks\{4F68C840-543A-47F2-AA00-44673CB8179D} => pcalua.exe -a "C:\Program Files (x86)\RAMRush\unins000.exe"
    Task: {B77F3862-4F9F-4B4D-AD5E-BBAD153846A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {D142BD06-7DCB-49CF-9BF8-3A96CCF8031A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1587357081-2278573558-14970797-1758Core.job => C:\Users\asmirnovs\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1587357081-2278573558-14970797-1758UA.job => C:\Users\asmirnovs\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-08-10 17:10 - 2014-08-10 17:10 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
    2014-08-10 17:10 - 2014-08-10 17:10 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
    2014-05-01 22:29 - 2014-05-01 22:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-12-09 23:49 - 2014-12-09 23:49 - 00369152 _____ () C:\Program Files (x86)\GitExtensions\GitExtensionsShellEx64.dll
    2012-08-05 05:15 - 2012-08-05 05:15 - 00176640 _____ () C:\Program Files\KDiff3\diff_ext_for_kdiff3_64.dll
    2014-05-12 12:49 - 2014-05-12 12:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2014-10-28 10:59 - 2013-06-17 12:42 - 02569216 _____ () C:\xampp\xampp-control.exe
    2014-10-28 10:59 - 2014-07-18 19:24 - 10982912 _____ () c:\xampp\mysql\bin\mysqld.exe
    2015-07-11 15:48 - 2016-04-07 13:05 - 00064000 _____ () D:\dropbox\Dropbox\ToltekTennis\ToltekTennis\ToltekTennis\bin\Debug\ToltekTennis.exe
    2014-10-28 10:59 - 2014-07-17 14:18 - 00219648 _____ () c:\xampp\apache\bin\pcre.dll
    2014-10-28 11:00 - 2014-07-24 01:24 - 00128512 _____ () C:\xampp\php\libpq.dll
    2016-04-01 21:59 - 2016-04-01 21:59 - 00015360 _____ () C:\xampp\mysql\lib\plugin\znhrv.dll
    2014-10-28 10:59 - 2014-07-17 14:18 - 00219648 _____ () C:\xampp\apache\bin\pcre.dll
    2014-08-10 16:40 - 2014-08-10 16:40 - 00065792 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
    2015-04-29 18:29 - 2015-04-29 18:29 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
    2011-07-19 00:07 - 2011-07-19 00:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
    2014-01-07 02:42 - 2014-01-07 02:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
    2016-02-22 16:01 - 2016-02-22 16:01 - 01940480 _____ () C:\Program Files (x86)\Notepad++\plugins\XMLTools.dll
    2016-02-22 16:01 - 2016-02-22 16:01 - 00103424 _____ () C:\Program Files (x86)\Notepad++\zlib1.dll
    2016-02-22 16:01 - 2016-02-22 16:01 - 04535910 _____ () C:\Program Files (x86)\Notepad++\libxml2-2.dll
    2016-02-22 16:01 - 2016-02-22 16:01 - 00941389 _____ () C:\Program Files (x86)\Notepad++\libxslt-1.dll
    2014-08-10 16:40 - 2014-08-10 16:40 - 00071936 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
    2016-04-08 17:51 - 2016-04-08 17:51 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
    2016-04-08 17:51 - 2016-04-08 17:51 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
    2015-03-30 10:51 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2015-03-30 10:51 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
    2016-04-09 00:29 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-03 13:58 - 2016-03-18 11:11 - 00001312 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 lvm-migr.lvm
    127.0.0.1 mammadaba-migr.lvm
    127.0.0.1 cukmens.loc
    127.0.0.1 toltek.loc
    127.0.0.1 bs.loc
    127.0.0.1 andy.loc
    127.0.0.1 corpcloud.loc
    127.0.0.1 bank.loc
    127.0.0.1 rez.loc
    159.148.37.88 ltc.loc
    127.0.0.1 tt.loc
    127.0.0.1 localhost
    127.0.0.1 m.localhost
    127.0.0.1 backend.loc
    127.0.0.1 forums.loc
    127.0.0.1 bunsam.loc
    127.0.0.1 bunsamdemo.loc
    127.0.0.1 gbg.loc
    127.0.0.1 lidosta.loc
    127.0.0.1 ag.loc
    127.0.0.1 m.ltc.loc

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1587357081-2278573558-14970797-1758\Control Panel\Desktop\\Wallpaper -> C:\Users\asmirnovs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 80.233.167.4 - 80.233.167.7
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: TrustedInstaller => 3
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: ftweak_RAMRush => C:\Program Files (x86)\RAMRush\RAMRush.exe
    MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    MSCONFIG\startupreg: ISCT Tray => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{C4DBAC40-957E-4280-9423-977D9B61A20A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{B6CE9391-6B54-437B-BBB4-F7D32D4B6752}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{D142A610-8A64-4371-B55D-C7A16D600442}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{E70752E3-A3EB-4F19-BB52-AFCFD5A6FC87}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{8FA263FC-C7BF-40D4-8574-5A4646FEE072}] => (Allow) LPort=15000
    FirewallRules: [{74F6F46E-8774-4383-A151-19D32BDC23B4}] => (Allow) LPort=15000
    FirewallRules: [{1198E842-59E0-4778-9FDB-A02EF1B4A2B1}] => (Allow) LPort=15000
    FirewallRules: [{76BCB683-8332-49E6-B755-40B0CFC88E80}] => (Allow) C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{B017C515-D055-486E-AFD7-BDD22B6D5884}] => (Allow) C:\Users\asmirnovs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{35CB9AE6-36D2-4408-8F6E-28FD8AA6D99C}] => (Allow) C:\Users\asmirnovs\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{99CFA7AF-B377-4641-8154-AE661B8859C4}] => (Allow) C:\Users\asmirnovs\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{78384460-EB8F-44A1-BCCB-A830A8E4D489}] => (Allow) C:\Users\asmirnovs\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DCD680B8-14EF-4E16-A79E-49ABBF79251C}] => (Allow) C:\Users\asmirnovs\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{7296DF58-AB15-4228-AB06-6261F6F2A678}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{970BE22E-5A57-4E34-B7AF-14B128886407}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{2D240568-4868-4727-B2E1-1DCAC1E1EBAD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{C681E47F-FE82-430E-B886-7F6D4B060A92}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{C8CE73AF-E28C-4716-BAAB-8DC8C3ED729E}] => (Allow) LPort=1688
    FirewallRules: [{0FB95176-A92E-4B92-9DA5-D60C17AC44A8}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{AC4B1301-C28E-47A2-9450-BB23D6196A3D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{D9305F06-5D57-4D22-BF18-A4CA76633B9C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{089821A6-E9BA-40C5-A3A7-EF35785647AF}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{6AEF4863-42EE-4310-8D4F-A1C7DC768D45}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
    FirewallRules: [{1FD6758C-E8D8-4F2F-A270-F5A159D72EDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{008AF56E-AB8A-41DA-A414-FD070271967A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{64BCF11A-576C-4E09-9225-70A110B0E70F}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
    FirewallRules: [{C4F82266-180F-499E-A26D-2AF2843C7F7D}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
    FirewallRules: [{571A707F-74B2-4D0F-AEF5-B78B7AFDE54D}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
    FirewallRules: [{FE30FD9A-0C1A-4B01-B090-8E6F3345C11B}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
    FirewallRules: [{9B934365-2E95-49C3-8AE5-1CCFDFB3DDFB}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
    FirewallRules: [{6ED5B0AF-1879-4827-9330-4E3BFB0F1599}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
    FirewallRules: [{A8C04C0E-F220-4E85-BD41-890075A5DCAB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{8048C2AC-F1E5-45FB-B2BB-7A10215F55E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{B87D7BFB-3E05-415D-9986-3AF77D16808E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{81AB6CB1-E494-4AC7-A863-1FED51F032C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{9C0DCD88-DC29-4F80-9025-68F26E558858}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{AB5561E7-DF0F-40A0-8A5F-4BA0FF94D435}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D3728863-689F-4E24-B14F-3B149BF951BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{365FF2BC-241E-42CA-A268-A4BF99F807D4}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
    FirewallRules: [{5BE6927B-3A1C-438F-8230-A2B334F280DC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
    FirewallRules: [{AE763ABA-B564-453A-837D-8C4658762893}] => (Allow) LPort=15001
    FirewallRules: [{6ED934BB-1B32-4AFD-A07E-60EEA27FEF91}] => (Allow) LPort=15001
    FirewallRules: [{AFA71392-5B7A-48FC-9CDB-3491DC1FF92C}] => (Allow) LPort=15001
    FirewallRules: [{5963B9AF-3B60-42D6-942D-88497245665E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/14/2016 02:43:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 02:38:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 02:30:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 02:27:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 02:24:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 01:21:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 01:17:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 01:13:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 01:11:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/14/2016 01:10:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (04/14/2016 02:42:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/14/2016 02:42:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/14/2016 02:42:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/14/2016 02:42:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/14/2016 02:42:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/14/2016 02:42:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (04/14/2016 02:42:09 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (04/14/2016 02:42:09 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (04/14/2016 02:42:08 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (04/14/2016 02:42:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068


    CodeIntegrity:
    ===================================
    Date: 2016-04-14 12:57:02.665
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-04-14 12:57:02.573
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-04-10 13:16:08.775
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 13:16:08.775
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 13:16:08.775
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 13:16:08.775
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 13:16:08.775
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 13:16:08.775
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 12:46:25.611
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-04-10 12:46:25.595
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
    Percentage of memory in use: 40%
    Total physical RAM: 7846.62 MB
    Available physical RAM: 4666.18 MB
    Total Virtual: 31784.67 MB
    Available Virtual: 28646.11 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.69 GB) (Free:4.92 GB) NTFS
    Drive d: () (Fixed) (Total:108.06 GB) (Free:35.06 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: () (Fixed) (Total:48.83 GB) (Free:23.38 GB) NTFS
    Drive f: () (Fixed) (Total:141.2 GB) (Free:88.81 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 33333332)
    Partition 1: (Not Active) - (Size=141.2 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=108.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 40DBEEE6)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  4. Kosmoss

    Kosmoss TS Rookie Topic Starter

    Posted Addition.txt in two parts, because of post charecters limit
     
  5. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. Kosmoss

    Kosmoss TS Rookie Topic Starter

    RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : asmirnovs [Administrator]
    Started from : C:\Users\asmirnovs\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 04/15/2016 09:47:17

    ¤¤¤ Processes : 1 ¤¤¤
    [VT.Unknown] ToltekTennis.exe(4132) -- D:\dropbox\Dropbox\ToltekTennis\ToltekTennis\ToltekTennis\bin\Debug\ToltekTennis.exe[x] -> Found

    ¤¤¤ Registry : 36 ¤¤¤
    [Hj.Name] (X64) HKEY_USERS\RK_Default_ON_D_3873\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : D:\Windows\System32\mctadmin.exe [x] -> Deleted
    [Hj.Name] (X86) HKEY_USERS\RK_Default_ON_D_3873\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : D:\Windows\System32\mctadmin.exe [x] -> ERROR [2]
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 80.233.167.4 80.233.167.7 80.233.167.10 ([X][X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_1A43\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_4EC9\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 80.233.167.4 80.233.167.7 80.233.167.10 ([X][X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_1A43\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_4EC9\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 80.233.167.4 80.233.167.7 80.233.167.10 ([X][X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2B5B22-B078-4D9A-8EE1-05A7ED3C5FE3} | DhcpNameServer : 80.233.167.4 80.233.167.7 80.233.167.10 ([X][X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_1A43\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B3235776-67A6-403F-AEF5-CE3735F9BE02} | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_4EC9\ControlSet001\Services\Tcpip\Parameters\Interfaces\{247063EF-B476-4662-BAD0-E5745EE25D04} | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BD2B5B22-B078-4D9A-8EE1-05A7ED3C5FE3} | DhcpNameServer : 80.233.167.4 80.233.167.7 80.233.167.10 ([X][X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_1A43\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B3235776-67A6-403F-AEF5-CE3735F9BE02} | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_4EC9\ControlSet002\Services\Tcpip\Parameters\Interfaces\{247063EF-B476-4662-BAD0-E5745EE25D04} | DhcpNameServer : 80.233.167.3 80.233.167.4 159.148.60.2 ([X][X][-]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BD2B5B22-B078-4D9A-8EE1-05A7ED3C5FE3} | DhcpNameServer : 80.233.167.4 80.233.167.7 80.233.167.10 ([X][X][X]) -> Replaced ()
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_aivars_ON_D_8798\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_aivars_ON_D_8798\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_aivars_ON_E_CEF0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_aivars_ON_E_CEF0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_asmirnovs_ON_D_6321\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_asmirnovs_ON_D_6321\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_asmirnovs_ON_E_23AF\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_asmirnovs_ON_E_23AF\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_ezuburs_ON_F_B6EC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_ezuburs_ON_F_B6EC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_ezuburs_ON_F_B6EC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_ezuburs_ON_F_B6EC\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Smirnovs_ON_F_B014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Smirnovs_ON_F_B014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Smirnovs_ON_F_B014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Smirnovs_ON_F_B014\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1587357081-2278573558-14970797-1758\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1587357081-2278573558-14970797-1758\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200AAKS-00B3A SCSI Disk Device +++++
    --- User ---
    [MBR] b8ed007e5789910dfd9d187f9f8015d2
    [BSP] 0b1402fc7d86b3a5426e9d4d79b31b9f : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 144591 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 296126145 | Size: 110650 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 522739035 | Size: 49999 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

    +++++ PhysicalDrive1: KINGSTON KINGSTON SV300S3 SCSI Disk Device +++++
    --- User ---
    [MBR] d12b3e9592b67d34d0873de09b2ebc62
    [BSP] 0385c87bc3df2b9fe79132131edb993e : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )
     
  7. Kosmoss

    Kosmoss TS Rookie Topic Starter

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2016.04.15.
    Scan Time: 9:55
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.04.15.01
    Rootkit Database: v2016.04.09.01
    License: Trial
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: asmirnovs

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 552684
    Time Elapsed: 8 min, 47 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    Trojan.Agent.NTSQQ, C:\Program Files\AppPatch\NetSyst77.dll, Quarantined, [cb52edc2b6e3df575444020590740bf5],
    Trojan.Agent.NTSQQ, C:\Program Files\AppPatch\NetSyst88.dll, Quarantined, [4cd1ae01831612248b0d868162a26a96],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  8. Kosmoss

    Kosmoss TS Rookie Topic Starter

    # AdwCleaner v5.111 - Logfile created 15/04/2016 at 10:39:36
    # Updated 14/04/2016 by Xplode
    # Database : 2016-04-11.4 [Server]
    # Operating system : Windows 7 Enterprise Service Pack 1 (X64)
    # Username : asmirnovs - SMIRNOVS-PC
    # Running from : C:\Users\asmirnovs\Downloads\adwcleaner_5.111.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    File Found : C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_archi.ru_0.localstorage
    File Found : C:\Users\asmirnovs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_archi.ru_0.localstorage-journal

    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [882 bytes] - [15/04/2016 10:39:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [954 bytes] ##########
     
  9. Kosmoss

    Kosmoss TS Rookie Topic Starter

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.4 (03.14.2016)
    Operating System: Windows 7 Enterprise x64
    Ran by asmirnovs (Limited) on 2016.04.15. at 10:57:52,15
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 33

    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6039GM3U (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\613YSL1B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S9PPQHG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D38H46TK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2R5HMJX (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY9TWUTV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LINF26D9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQC32PRF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1HW3YZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XH44J7HF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y80LD7NQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\asmirnovs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF9W0VEG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\system32\RENA4D.tmp (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6039GM3U (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\613YSL1B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S9PPQHG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D38H46TK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I2R5HMJX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY9TWUTV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LINF26D9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQC32PRF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1HW3YZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XH44J7HF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y80LD7NQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF9W0VEG (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Jing (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2016.04.15. at 10:58:35,78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Kosmoss

    Kosmoss TS Rookie Topic Starter

    After and running all scans and cleaning founded files switched from safe mode and tested normal mode - no effect still freeze in normal mode
     
  11. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    Still with me?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,889   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...