Solved Audio ads + redirect. Steamwebhelper + Firefox

lasix · Nov 10, 2015

Hello everyone!
Please help with problem that was already described by other members.
For two days there are audio ads playing when Steam is on. When I kill Steamwebhelper.exe from taskmanager - they stop. Also Steam internal browser is redirecting to some strange sites.
Earlier Firefox was also redirecting, but I have used "Refresh Firefox" and deleted Java, and now Firefox is working fine (at least for now).
Windows 7 64 bit, Kaspersky Internet Security.
Please advice how to remove ads, also should I change KIS to something else?

lasix · Nov 10, 2015

Also some dialogs appear in Steam and has appeared in Firefox. Example attached.

lasix · Nov 10, 2015

FRST.TXT:
==
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Igor (administrator) on IGOR-IRIS-PC (11-11-2015 00:34:36)
Running from C:\Users\Igor\Desktop
Loaded Profiles: Igor (Available Profiles: Igor)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(TrueCrypt Foundation) D:\Program Files\TrueCrypt\TrueCrypt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Config.Msi\4085df.rbf
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Venta Association) D:\VentaFax & Voice 5\vfdrv32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Inc.) C:\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
(Ghisler Software GmbH) D:\Total Commander\TOTALCMD.EXE
(Ritlabs S.R.L.) I:\The Bat!\thebat.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpbdfawep] => C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe [1214976 2007-04-25] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-03-03] (HP)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2007-08-31] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [TrueCrypt] => D:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2013-11-17] (TrueCrypt Foundation)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [Viber] => C:\Users\Igor\AppData\Local\Viber\Viber.exe [51657424 2015-11-02] ()
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll [2014-12-06] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll [2014-12-06] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013-11-18]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1050-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2013-11-18]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-11-18]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VentaDrv.lnk [2013-11-19]
ShortcutTarget: VentaDrv.lnk -> D:\VentaFax & Voice 5\vfdrv32.exe (Venta Association)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 85.25.237.162 8.8.8.8
Tcpip\..\Interfaces\{064E15D3-9BBC-4AEA-8384-4A9934A8792A}: [DhcpNameServer] 85.25.237.162 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-233968585-743656622-1246094418-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fi.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-233968585-743656622-1246094418-1000 -> DefaultScope {6979B9AE-18EA-4820-9817-DFFF2DC6646B} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-233968585-743656622-1246094418-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\fawq9j0g.default-1447147514057
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2012-08-23] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-233968585-743656622-1246094418-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-31] ()
FF Extension: Adblock Plus - C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\fawq9j0g.default-1447147514057\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-02-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
S3 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-18] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2010-03-03] (HP) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-21] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-01-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-10] ()
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz136; \??\C:\Users\Igor\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-11 00:34 - 2015-11-11 00:34 - 00024732 _____ C:\Users\Igor\Desktop\FRST.txt
2015-11-11 00:26 - 2015-11-11 00:33 - 02198528 _____ (Farbar) C:\Users\Igor\Desktop\FRST64.exe
2015-11-10 22:24 - 2015-11-10 22:24 - 00000219 _____ C:\Users\Igor\Desktop\Counter-Strike Global Offensive.url
2015-11-10 22:15 - 2015-11-10 22:15 - 01476720 _____ C:\Users\Igor\Downloads\SteamSetup.exe
2015-11-10 22:15 - 2015-11-10 22:15 - 00000684 _____ C:\Users\Public\Desktop\Steam.lnk
2015-11-10 22:15 - 2015-11-10 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-10 20:27 - 2015-11-10 20:27 - 00000959 _____ C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2015-11-10 20:27 - 2015-11-10 20:27 - 00000957 _____ C:\Users\Igor\Desktop\Viber.lnk
2015-11-10 19:27 - 2015-11-10 22:28 - 00002926 _____ C:\Windows\System32\Tasks\HP WEP
2015-11-10 19:27 - 2015-11-10 22:28 - 00000326 _____ C:\Windows\Tasks\HP WEP.job
2015-11-10 19:08 - 2015-11-10 19:30 - 00000000 ____D C:\Users\Igor\AppData\Local\CrashDumps
2015-11-10 18:57 - 2015-11-10 20:15 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-10 18:57 - 2015-11-10 18:58 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-10 18:56 - 2015-11-10 18:56 - 18979400 _____ C:\Users\Igor\Downloads\RogueKiller.exe
2015-11-10 18:42 - 2015-11-10 18:42 - 00448512 _____ (OldTimer Tools) C:\Users\Igor\Downloads\TFC.exe
2015-11-10 18:36 - 2015-11-11 00:34 - 00000000 ____D C:\FRST
2015-11-10 18:31 - 2015-11-10 20:14 - 00000000 ____D C:\AdwCleaner
2015-11-10 18:29 - 2015-11-10 18:29 - 02198528 _____ (Farbar) C:\Users\Igor\Downloads\FRST64.exe
2015-11-10 18:28 - 2015-11-10 18:28 - 01712128 _____ C:\Users\Igor\Downloads\adwcleaner_5.019.exe
2015-11-10 18:22 - 2015-11-10 18:22 - 00000000 ____D C:\KVRT_Data
2015-11-10 18:21 - 2015-11-10 18:22 - 94177432 _____ (Kaspersky Lab ZAO) C:\Users\Igor\Downloads\KVRT.exe
2015-11-10 18:21 - 2015-11-10 18:21 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Igor\Downloads\tdsskiller(1).exe
2015-11-10 18:18 - 2015-11-10 18:18 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Igor\Downloads\tdsskiller.exe
2015-11-10 11:51 - 2015-11-10 22:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-10 11:51 - 2015-11-10 11:51 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-10 11:51 - 2015-11-10 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-10 11:51 - 2015-11-10 11:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-10 11:51 - 2015-11-10 11:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-10 11:51 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-10 11:51 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-10 11:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-10 11:25 - 2015-11-10 11:25 - 00000000 ____D C:\Users\Igor\Desktop\Old Firefox Data
2015-11-10 11:18 - 2015-11-10 11:18 - 22908888 _____ (Malwarebytes ) C:\Users\Igor\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-09 16:35 - 2015-11-10 20:27 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2015-11-09 16:35 - 2015-11-10 20:27 - 00000000 ____D C:\Users\Igor\AppData\Local\Viber
2015-11-09 16:35 - 2015-11-09 16:35 - 00000000 ____D C:\Users\Igor\AppData\Local\Package Cache
2015-11-06 22:57 - 2015-11-10 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-04 19:44 - 2015-11-02 15:16 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-04 19:42 - 2015-11-03 00:48 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-11-04 19:42 - 2015-11-03 00:48 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 37882160 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 22308472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 16553376 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 15120736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 14836064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 12034440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 11130672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-04 19:42 - 2015-11-02 19:10 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 02490672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435887.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435887.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00862000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00500872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00468096 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00369456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-27 14:24 - 2015-10-27 14:24 - 02228542 _____ C:\Users\Igor\Desktop\Infinity Blade III Gem Fusion Database and Journal Entry .xlsx
2015-10-26 09:10 - 2015-10-26 09:10 - 00016956 _____ C:\Users\Igor\Desktop\3036896542.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-11 00:28 - 2014-07-13 17:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-11 00:10 - 2013-12-01 14:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-11 00:04 - 2013-11-17 18:33 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Skype
2015-11-10 22:30 - 2013-11-18 14:01 - 00000000 ____D C:\Users\Igor\AppData\Roaming\MPC-HC
2015-11-10 22:24 - 2013-11-18 19:26 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-10 21:32 - 2015-04-06 14:08 - 00000000 ____D C:\Users\Igor\AppData\Roaming\ViberPC
2015-11-10 21:22 - 2013-11-17 12:34 - 01647285 _____ C:\Windows\WindowsUpdate.log
2015-11-10 20:55 - 2013-11-17 16:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-10 19:30 - 2013-11-18 10:23 - 00000000 ____D C:\Users\Igor\AppData\Roaming\uTorrent
2015-11-10 19:24 - 2009-07-14 06:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-10 19:24 - 2009-07-14 06:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-10 19:23 - 2014-11-09 10:45 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-10 19:22 - 2009-07-14 07:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-10 19:17 - 2014-07-13 17:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-10 19:16 - 2013-11-17 16:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-10 19:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-10 18:46 - 2014-12-24 22:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-10 18:34 - 2015-09-22 22:13 - 00000000 ___RD C:\Users\Igor\Creative Cloud Files
2015-11-10 18:34 - 2015-06-30 19:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-10 18:34 - 2014-08-21 14:46 - 00000000 ____D C:\Users\Igor\AppData\Local\Adobe
2015-11-10 18:34 - 2014-02-05 20:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-10 18:34 - 2014-02-05 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-10 18:22 - 2013-11-17 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-08 21:59 - 2013-11-18 10:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-04 19:44 - 2014-06-07 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-04 19:44 - 2013-11-17 16:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-04 19:34 - 2014-06-07 11:40 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-11-03 00:48 - 2014-03-20 22:02 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-02 19:10 - 2015-08-31 22:25 - 17515016 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-02 19:10 - 2015-08-09 11:27 - 18361976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-02 19:10 - 2015-01-23 18:37 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-02 19:10 - 2013-11-17 16:56 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-02 19:10 - 2013-11-17 16:32 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-02 19:10 - 2013-11-17 16:32 - 00105264 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-02 19:10 - 2013-11-17 16:27 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-02 19:10 - 2013-11-17 16:27 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-02 19:10 - 2013-11-17 16:26 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 02983216 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 02554672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-02 15:22 - 2013-11-17 16:32 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-10-29 02:31 - 2013-11-17 16:32 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-10-23 16:28 - 2013-11-18 10:50 - 00000000 ____D C:\Users\Igor\AppData\Roaming\TeamViewer
2015-10-23 16:24 - 2014-02-04 12:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-23 16:24 - 2014-02-04 12:42 - 00000000 ____D C:\Program Files\CCleaner
2015-10-23 15:44 - 2014-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-23 15:42 - 2013-11-18 14:13 - 00000000 ____D C:\ProgramData\Oracle
2015-10-23 15:41 - 2015-09-10 12:56 - 00000000 ____D C:\Users\Igor\.oracle_jre_usage
2015-10-23 15:18 - 2014-10-17 21:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-23 15:18 - 2014-10-17 21:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 09:33 - 2015-09-22 22:40 - 00000000 ____D C:\Users\Igor\Documents\Adobe
2015-10-17 09:33 - 2013-11-17 21:14 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Adobe
2015-10-16 10:13 - 2014-04-21 18:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-12 05:05 - 2014-06-07 11:42 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-10-12 05:05 - 2014-06-07 11:40 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-10-12 05:04 - 2014-06-07 11:42 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-10-12 05:04 - 2014-06-07 11:40 - 01710752 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2013-11-18 07:36 - 2015-10-08 16:24 - 0001892 _____ () C:\Users\Igor\AppData\Roaming\ex_log.txt
2014-11-27 19:15 - 2015-03-09 20:17 - 0004096 ____H () C:\Users\Igor\AppData\Local\keyfile3.drm
2014-02-12 20:10 - 2014-02-12 20:10 - 0000001 _____ () C:\Users\Igor\AppData\Local\llftool.4.40.agreement
2014-02-03 21:45 - 2015-09-16 09:15 - 0007637 _____ () C:\Users\Igor\AppData\Local\resmon.resmoncfg
2015-05-29 18:01 - 2015-05-30 08:56 - 0001782 _____ () C:\Users\Igor\AppData\Local\ViberUpdater.log
2013-11-18 09:35 - 2015-07-12 15:59 - 0006653 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Igor\AppData\Local\Temp\BRSVC_5820522_hlp.exe
C:\Users\Igor\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 00:15

==================== End of FRST.txt ============================

lasix · Nov 10, 2015

ADDITION.TXT:
==
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Igor (2015-11-11 00:34:52)
Running from C:\Users\Igor\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-11-17 10:33:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-233968585-743656622-1246094418-500 - Administrator - Disabled)
Guest (S-1-5-21-233968585-743656622-1246094418-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-233968585-743656622-1246094418-1005 - Limited - Enabled)
Igor (S-1-5-21-233968585-743656622-1246094418-1000 - Administrator - Enabled) => C:\Users\Igor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat 8 Professional - Croatian, Ukrainien, Russian, Turkish (HKLM-x32\...\Adobe Acrobat 8 Professional - Croatian, Ukrainien, Russian, Turkish) (Version: 8.0.0 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AnVir Task Manager (HKLM-x32\...\AnVir Task Manager) (Version: - AnVir Software)
AOMEI Partition Assistant Standard Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applen ohjelmatuki (32-bittinen) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Applen ohjelmatuki (64-bittinen) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.6.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.6.0 - ASUSTek COMPUTER INC.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Capture One 8.3 (HKLM\...\CaptureOne8_is1) (Version: 8.3.1.23 - Phase One A/S)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
ClearType Switch (HKLM-x32\...\ClearType Switch) (Version: 1.1 - KARPOLAN)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DeviceDiscovery (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Foxit PhantomPDF (HKLM-x32\...\{E85A6409-DA6F-49EE-B023-49E3F2F08956}) (Version: 5.4.3.1106 - Foxit Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version: - )
HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP LaserJet M1522 MFP Series 4.2 (HKLM\...\{C8A37F1F-E13B-48ae-93F8-4669264969F9}) (Version: 4.2 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCarePackCore (HKLM-x32\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (x32 Version: 2.0.0.1 - HP) Hidden
hppFaxDrvM1522 (x32 Version: 003.100.00001 - Hewlett-Packard) Hidden
hppFaxUtility (x32 Version: 000.105.00107 - Название организации) Hidden
hppFonts (x32 Version: 001.001.00056 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.300.00005 - Hewlett-Packard) Hidden
hppLJM1522 (x32 Version: 002.101.00002 - Hewlett-Packard) Hidden
hppManualsM1522 (x32 Version: 002.103.00002 - Название организации) Hidden
hppScanTo (x32 Version: 002.102.00003 - Название организации) Hidden
hppSendFaxM1522 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1522 (x32 Version: 001.005.00009 - Hewlett-Packard) Hidden
hppusgM1522 (x32 Version: 000.000.00004 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
hpzTLBXFX (x32 Version: 005.013.00185 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.04.17271 - Sony Corporation)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office - профессиональный выпуск версии 2003 (HKLM-x32\...\{90110419-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Nettia (HKLM-x32\...\Nettia) (Version: 3.7 - Nettia)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
Product_Min_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Bat! Professional v5.0.36 (HKLM-x32\...\{B013FB80-453A-4AB0-8DD9-D13C1EB97AD6}) (Version: 5.0.36 - Ritlabs)
Total Commander (HKLM-x32\...\Total Commander) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Venta Fax & Voice 7.1 (бизнес-версия) (удаление/восстановление) (HKLM-x32\...\Venta Fax & Voice 7.1 (бизнес-версия)) (Version: 7.1 - Venta Association)
Viber (HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\{b1142ab5-4e7c-4fa1-8734-115e5d1e1933}) (Version: 5.4.0.1661 - Viber Media Inc.)
Viber (x32 Version: 5.4.0.1661 - Viber Media Inc.) Hidden
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Leaf Imaging Ltd. Image (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.)
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Driver Package - Phase One A/S (WinUSB) USBDevice (12/03/2014 1.13.0.0) (HKLM\...\7C6570ABBEB2F08EFBC23ED7925AE72DA6167BD8) (Version: 12/03/2014 1.13.0.0 - Phase One A/S)
WinZip (HKLM-x32\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Архиватор WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
На подпись! Free (удаление/восстановление) (HKLM-x32\...\На подпись! Free) (Version: 2.1 - Venta Association)
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM-x32\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233968585-743656622-1246094418-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

03-11-2015 00:14:38 Scheduled Checkpoint
10-11-2015 00:21:14 Scheduled Checkpoint
10-11-2015 19:22:41 Removed Java 8 Update 65
10-11-2015 20:55:41 Removed HP USB Disk Storage Format Tool
10-11-2015 20:57:37 Removed System Requirements Lab

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-11-10 19:08 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A45DE38-11B0-4326-8464-D4F9FFA30FE7} - System32\Tasks\AnVir Task Manager => D:\Program Files (x86)\AnVir Task Manager\anvir.exe [2013-07-16] (AnVir Software hxxp://www.anvir.net)
Task: {41159740-E55C-47F9-8863-08F6F6ED2C9B} - System32\Tasks\AdobeAAMUpdater-1.0-Igor-IRIS-PC-Igor => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {5B6B1415-3722-4B42-9CF3-B0BCAC185D13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7EB95912-1F12-4FC7-8FF3-FB719A0DAE1A} - System32\Tasks\{85BA16A7-BF5B-4887-93F7-BDA672A91D0C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?LastError=1618
Task: {864FEC95-9970-4EF8-9BA0-3D3AFE48337D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {AD9CC35B-2A99-43C1-83B0-BBBD31F491A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BAC6D5E4-F3A5-4869-A4EF-DEC4F028AEDA} - System32\Tasks\HP WEP => C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25] ()
Task: {C52138B6-8674-4317-B054-55E1D7E4988E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C77BC7D1-101B-46F0-9BBD-D7B446AFE1B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP WEP.job => C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exeIgor$Task for execution of hpbdfawep.exe

==================== Loaded Modules (Whitelisted) ==============

2013-11-17 16:32 - 2015-11-02 15:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-18 13:36 - 2013-09-04 16:29 - 00024056 _____ () C:\Windows\system32\vntmon64.dll
2013-11-19 08:41 - 2012-12-12 13:29 - 00059520 _____ () C:\Windows\system32\vsign.dll
2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-07-11 18:38 - 2015-06-22 20:38 - 00245760 _____ () D:\Program Files\Phase One\Capture One 8\WIC\WIC64\P1.WIC.NativeComWrapper.dll
2015-07-11 18:38 - 2015-06-19 12:41 - 46870528 _____ () D:\Program Files\Phase One\Capture One 8\WIC\WIC64\ImgCoreDll.dll
2015-07-11 18:38 - 2015-06-19 12:41 - 00771072 _____ () D:\Program Files\Phase One\Capture One 8\WIC\WIC64\OpenCoreDll.dll
2015-11-02 14:22 - 2015-11-02 14:22 - 51657424 _____ () C:\Users\Igor\AppData\Local\Viber\Viber.exe
2007-08-31 07:59 - 2007-08-31 07:59 - 00036864 _____ () C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2015-03-30 20:08 - 2015-10-12 05:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-02 14:16 - 2015-11-02 14:16 - 00089088 _____ () C:\Users\Igor\AppData\Local\Viber\qfacebook.dll
2015-11-02 14:16 - 2015-11-02 14:16 - 00389632 _____ () C:\Users\Igor\AppData\Local\Viber\imageformats\qsvg.dll
2015-09-29 04:58 - 2015-09-29 04:58 - 00012288 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-09-29 17:25 - 2015-09-29 17:25 - 00690176 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-29 17:26 - 2015-09-29 17:26 - 00057856 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-29 04:58 - 2015-09-29 04:58 - 00012288 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-09-29 04:58 - 2015-09-29 04:58 - 00012288 _____ () C:\Users\Igor\AppData\Local\Viber\QtQml\Models.2\modelsplugin.dll
2015-09-29 05:04 - 2015-09-29 05:04 - 00184320 _____ () C:\Users\Igor\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-09-29 04:58 - 2015-09-29 04:58 - 00044032 _____ () C:\Users\Igor\AppData\Local\Viber\QtQml\StateMachine\qtqmlstatemachine.dll
2015-09-29 17:34 - 2015-09-29 17:34 - 00425984 _____ () C:\Users\Igor\AppData\Local\Viber\QtLocation\declarative_location.dll
2015-09-29 05:03 - 2015-09-29 05:03 - 00065024 _____ () C:\Users\Igor\AppData\Local\Viber\QtPositioning\declarative_positioning.dll
2007-08-31 07:59 - 2007-08-31 07:59 - 00057344 _____ () C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
2007-08-31 07:59 - 2007-08-31 07:59 - 00065536 _____ () C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
2007-08-31 07:59 - 2007-08-31 07:59 - 00114688 _____ () C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
2007-08-31 07:59 - 2007-08-31 07:59 - 00036864 _____ () C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
2007-08-31 07:59 - 2007-08-31 07:59 - 00016384 _____ () C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll
2014-08-30 17:12 - 2014-12-06 14:09 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2014-12-06 14:09 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-08-30 17:12 - 2014-12-06 14:09 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2015-10-23 15:18 - 2015-10-23 15:18 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
2015-11-10 22:17 - 2015-10-05 18:18 - 00778752 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2015-11-10 22:17 - 2015-07-03 18:12 - 04962816 _____ () D:\Program Files (x86)\Steam\v8.dll
2015-11-10 22:17 - 2015-07-03 18:12 - 01556992 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2015-11-10 22:17 - 2015-07-03 18:12 - 01187840 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-11-10 22:17 - 2015-11-10 04:44 - 02541648 _____ () D:\Program Files (x86)\Steam\video.dll
2015-11-10 22:17 - 2015-09-24 02:33 - 02549248 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-10 22:17 - 2015-09-24 02:33 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-10 22:17 - 2015-09-24 02:33 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-10 22:17 - 2015-09-24 02:33 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-10 22:17 - 2015-09-24 02:33 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-10 22:17 - 2015-11-10 04:44 - 00806992 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-11-10 22:17 - 2015-11-04 00:00 - 00201728 _____ () D:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-11-10 22:17 - 2015-10-09 00:20 - 45010208 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2015-11-10 22:17 - 2015-09-25 01:56 - 00119208 _____ () D:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233968585-743656622-1246094418-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 85.25.237.162 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B510F59E-EE49-4A3D-8DCD-DC2BD175DBC2}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0DABC831-94CD-4FB1-86B6-C9402BA7774F}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B45EBF14-DE9C-49A0-ACDB-4BF745EF469C}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B5761AF6-DEF5-43E5-B435-7F82563A0299}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7744700B-5069-45A5-9EC7-A44D524C577E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2770D470-3A32-4ADC-A750-E362A565EF19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A2AFC35A-221C-48A3-A22A-9275A5D641B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE0865B3-ACE2-4FD1-BE6E-9F8CB565766C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32A2EEA1-999F-4AE2-94AF-CB188356121C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{809468D3-EC9D-47AB-B83A-BFF552FA13A0}] => (Allow) D:\VentaFax & Voice 5\vft38m.exe
FirewallRules: [{D49119D8-95E1-4ACF-9BD1-0037166F9645}] => (Allow) D:\VentaFax & Voice 5\vft38m.exe
FirewallRules: [{930AD622-B330-4BD9-9114-F26CE1A9A129}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{86779A56-F327-447A-9B9D-FA8B73FE8C94}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DB2E751C-F8B8-483F-971F-8F0750042032}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F00C02C-76F9-43F8-9209-60536984B654}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{41288245-BF33-41E4-905A-B0FE1C02E9E3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ED801AEF-9662-43C4-AE30-C213E9B7903D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3AA7F01A-6FC7-4F58-8A8D-B763CE0356B9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{AD7AA26B-0614-487F-B10E-36E29BDBE4D6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{54ECB3B0-A6BF-40BA-9699-0A4163301883}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2C4CD533-7A78-40EF-AA31-D7B28F6FCA0D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4AF61EA0-F2E4-490F-9262-A6B3F8F75EB4}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{008224FA-FC5D-4566-92C4-690B5BD025AF}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF27760B-22B4-4F3E-B799-708C97E8875F}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84446EEC-2F60-499A-9F61-D6A4D3B7EA98}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7652228D-1FF5-4341-B58D-BEE369C9D283}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{59832A7B-A927-4B2B-9F22-E6CD2DD5B1FF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{EB215398-0471-44C9-9310-913EE1EA7A81}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{7D1536C7-6FB1-4888-A17C-7AB64604CCBF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{12640893-31D1-4986-97BC-2CC9FDD1B45E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{75AAE7B1-C61F-4259-8EF3-529E1710D367}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{720277D1-6231-4544-AFF4-35598A851270}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{594FCE1B-0477-4915-BBA8-5BFB7B1FE24A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{D4757CD7-A426-49FB-B83D-F66575AC50C0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{E60F8AE5-05DF-4B30-97BD-600A598DBCC0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{A3D07026-8092-4D83-8CA4-A95856B06F14}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6462475E-95A2-453C-89FC-CD269B3FDCF7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{56CF05A1-5635-4411-A1EA-C5AE04355A01}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0A7F1E5C-53CF-4A59-B5FB-D18425310921}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3AA6C5E6-2C9E-40D6-AB86-90D636E4EC1F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{6D3B8DC5-5745-4910-A1E7-095CF60D6B4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{0DAA0C9F-4F9C-4485-A2E2-2652E32F0746}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C9B23A32-A3BF-48D8-A5BA-7F0175ADD57D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{10D65F0A-724F-42A5-AFAE-1F00DC1C71BC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout Beta\Loadout.exe
FirewallRules: [{C867B417-1B52-4CEB-BA3B-0CB1311ECCA5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout Beta\Loadout.exe
FirewallRules: [TCP Query User{93E82EA4-C52E-4976-B6B8-7D7D6146F835}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{30C6A54C-9E92-4651-9699-1CCBB3B23705}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{F2D00076-9E2C-4B10-9119-0D8B21BFEACD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{44C5475B-BE4D-47BF-9F2A-7E6477E2004F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FB06F1A1-B568-45C1-9EC1-B875B5780D77}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{92488EEE-5306-4762-A810-2F655486A913}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{24FD0E64-9BCE-4341-B4F7-75942DBBB1ED}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2CF38D1E-4089-41BF-ACA1-517B6CCDA114}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{D3950748-57FF-4476-B52F-E5544DADCA5B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{69A6639D-1E97-4DFD-BC28-D42B101D5B44}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78540F45-B3CA-4986-8A2E-326045B9BA67}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{D00F9325-02C2-4BDB-AA68-F2793C07A061}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{CDD02707-FA97-4B2F-BD20-E2874BB82DF6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{B8F9D079-634B-4491-927A-59B79701846B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{1FB53C63-03FE-4315-B878-8391AB4174AF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{77E322F7-EA5E-433B-A381-F7B5752A8615}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{722E372B-4671-43AE-B75C-90988DEDCB64}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{458986E2-6A0A-499D-9FEA-006521B1600B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{49D40F0F-78C5-44E1-8EC7-FA1A1958E76E}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{85EAA8D9-AE5B-437C-A1FF-F343A99F2E91}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{CF01DD8E-9B1C-4F8A-8D27-9D7EED33C1B2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{3415114E-1423-4560-8BE2-F22EB7184C37}] => (Allow) C:\Program Files (x86)\HP\hp laserjet m1522\Fax Config utility1.exe
FirewallRules: [{6527AA6F-6448-42ED-B6DA-4CE87EEE185F}] => (Allow) C:\Program Files (x86)\HP\hp laserjet m1522\Fax Config utility1.exe
FirewallRules: [{DB2072C4-3D9E-4783-B09B-F3114A9105EC}] => (Allow) D:\Program Files (x86)\Nettia\Nettia.exe
FirewallRules: [{115C712A-84B0-4F54-BDE3-D15733E58368}] => (Allow) D:\Program Files (x86)\Nettia\Nettia.exe
FirewallRules: [{912AF027-EC0C-4612-90B7-B8DB77EADA29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B711A9A4-2A19-4E0F-9F54-C455820D6A74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F7F084A2-3F26-4BFA-9FB1-07B33C2F0DD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D0A6DBBE-0800-48C8-9335-B2B6F6895E33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B250A2B-FF50-4865-AEAE-514D8454A2D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{133ADC28-9238-4890-8C9D-0761915C05CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC51FF52-A77E-4C98-8DF0-4F6DCD24D9E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5294B591-8236-44E1-9DD6-3F9153E9DAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C29C159D-1835-4969-BAC5-964443163E7A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B1F513C3-75D2-4A58-875B-1F002AFEAF02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49CFD433-D513-400F-B762-8B0F90F91407}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2015 10:28:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2015 08:19:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.11.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e04

Start Time: 01d11be3c0cb7c0b

Termination Time: 0

Application Path: C:\Users\Igor\Desktop\RogueKiller.exe

Report Id:

Error: (11/10/2015 07:47:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RogueKiller.exe version 10.11.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1548

Start Time: 01d11bdf3b34307f

Termination Time: 4

Application Path: C:\Users\Igor\Desktop\RogueKiller.exe

Report Id:

Error: (11/10/2015 07:27:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/10/2015 07:18:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 07:17:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Creative Cloud.exe, version: 3.3.0.151, time stamp: 0x55fab2fa
Faulting module name: ContainerUI.dll, version: 3.3.0.151, time stamp: 0x55fab383
Exception code: 0xc0000005
Fault offset: 0x00016870
Faulting process id: 0x1b1c
Faulting application start time: 0xCreative Cloud.exe0
Faulting application path: Creative Cloud.exe1
Faulting module path: Creative Cloud.exe2
Report Id: Creative Cloud.exe3

Error: (11/10/2015 07:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x1698
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/10/2015 07:08:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x274c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/10/2015 07:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0xd24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/10/2015 06:44:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/10/2015 10:17:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (11/10/2015 10:17:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (11/10/2015 08:15:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/10/2015 07:49:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/10/2015 07:47:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/10/2015 07:42:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/10/2015 06:58:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/10/2015 06:57:34 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/10/2015 06:43:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/10/2015 06:33:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2015-04-16 23:50:05.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.526
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 00:05:53.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 00:05:53.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 00:05:53.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 00:05:53.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 50%
Total physical RAM: 8146.92 MB
Available physical RAM: 4030.54 MB
Total Virtual: 16292.04 MB
Available Virtual: 12329.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:37.86 GB) NTFS
Drive d: (Work) (Fixed) (Total:931.51 GB) (Free:158.98 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:14.92 GB) (Free:7.74 GB) NTFS
Drive g: (ru) (CDROM) (Total:108.77 GB) (Free:0 GB) UDF
Drive I: () (Fixed) (Total:149.98 GB) (Free:12.6 GB) FAT32
Drive z: (My Book) (Fixed) (Total:931.51 GB) (Free:105.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7E3E5925)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 93C20E31)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Nov 10, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

lasix · Nov 11, 2015

Hello Broni and thanks for your fast reply.
Here comes RogueKiller report. There was no separate RKreport.txt
==
RogueKiller V10.11.5.0 [Nov 9 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Igor [Administrator]
Started from : C:\Users\Igor\Desktop\RogueKiller.exe
Mode : Delete -- Date : 11/11/2015 10:08:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] bf30b62fc9b1ef2bd4430905b63e4c43
[BSP] 593457aa9e42134291196b481b18c02f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 43cbfa4e4a35744afdeb515f424c6872
[BSP] 09c08f36643a952682e76cde2524d461 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953864 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] bc019513fa63cc247f587094e735f440
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 8064 | Size: 15276 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
--- User ---
[MBR] 7061a89619313fca2cd228c1bdf9edad
[BSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
==

lasix · Nov 11, 2015

MBAM report. No reboot was requested.

==
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11.11.2015
Scan Time: 10:13
Logfile: MBAM Report.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.11.02
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Igor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384541
Time Elapsed: 8 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
==

lasix · Nov 11, 2015

ADW Cleaner report.
==
# AdwCleaner v5.019 - Logfile created 11/11/2015 at 10:29:15
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Igor - IGOR-IRIS-PC
# Running from : C:\Users\Igor\Desktop\adwcleaner_5.019.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [682 bytes] ##########
==

lasix · Nov 11, 2015

JRT report
==
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by Igor on 11.11.2015 at 10:38:42,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.11.2015 at 10:40:56,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==

lasix · Nov 11, 2015

One more thing with TheBat mail client... It does not download mail from gmail.com, see pics below. Mailboxes on other domains are downloading fine.
I already had this or similar problem with gmail box on 04 November 2015, but it disappeared in an hour and I thought is was something on gmail side.
Here is part from account log
==
11.11.2015, 11:00:55: FETCH - receiving mail messages
11.11.2015, 11:00:55: FETCH - Connecting to POP3 server pop.gmail.com on port 995
11.11.2015, 11:00:55: FETCH - Initiating TLS handshake
>11.11.2015, 11:00:56: FETCH - Certificate S/N: 5511C797, algorithm: RSA (2048 bits), issued from 3/24/2015 8:22:47 PM to 3/23/2016 8:22:47 PM, for 1 host(s): Parallels Panel.
>11.11.2015, 11:00:56: FETCH - Owner: US, Virginia, Herndon, Parallels, Parallels Panel, Parallels Panel, info@parallels.com.
>11.11.2015, 11:00:56: FETCH - This certificate is self-issued.
!11.11.2015, 11:00:56: FETCH - TLS handshake failure. Invalid server certificate (The CA Root certificate is not trusted because it is not in the Trusted Root CA address book).
==

lasix · Nov 11, 2015

And now it works normal:
==
>11.11.2015, 11:39:21: FETCH - Certificate S/N: 5511C797, algorithm: RSA (2048 bits), issued from 3/24/2015 8:22:47 PM to 3/23/2016 8:22:47 PM, for 1 host(s): Parallels Panel.
>11.11.2015, 11:39:21: FETCH - Owner: US, Virginia, Herndon, Parallels, Parallels Panel, Parallels Panel, info@parallels.com.
>11.11.2015, 11:39:21: FETCH - This certificate is self-issued.
!11.11.2015, 11:39:21: FETCH - TLS handshake failure. Invalid server certificate (The CA Root certificate is not trusted because it is not in the Trusted Root CA address book).
!11.11.2015, 11:51:36: FETCH - TLS handshake failure. An existing connection was forcibly closed by the remote host
>11.11.2015, 11:51:53: FETCH - Certificate S/N: 5511C797, algorithm: RSA (2048 bits), issued from 3/24/2015 8:22:47 PM to 3/23/2016 8:22:47 PM, for 1 host(s): Parallels Panel.
>11.11.2015, 11:51:53: FETCH - Owner: US, Virginia, Herndon, Parallels, Parallels Panel, Parallels Panel, info@parallels.com.
>11.11.2015, 11:51:53: FETCH - This certificate is self-issued.
!11.11.2015, 11:51:53: FETCH - TLS handshake failure. Invalid server certificate (The CA Root certificate is not trusted because it is not in the Trusted Root CA address book).
>11.11.2015, 12:02:20: FETCH - Certificate S/N: 256E0B7A1DC7D6D0, algorithm: RSA (2048 bits), issued from 11/4/2015 5:52:39 PM to 2/2/2016, for 1 host(s): pop.gmail.com.
>11.11.2015, 12:02:20: FETCH - Owner: US, California, Mountain View, Google Inc, pop.gmail.com.
>11.11.2015, 12:02:20: FETCH - Issuer: US, Google Inc, Google Internet Authority G2.
>11.11.2015, 12:02:20: FETCH - Root: US, GeoTrust Inc., GeoTrust Global CA
==

Broni · Nov 11, 2015

Good

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

lasix · Nov 12, 2015

Hi, Broni. Thanks!

Combofix launched ok.
I have turned off KIS and MBAM before scan.
However, log says that windows defender is on - I am not sure where from it comes, it always have been off. Possibly, it turned automatically when I turned off KIS?
Also I have noticed that (after yesterdays cleaning) system tray notification settings are changed somehow. Earlier when KIS was running, I was seeing icon in the tray, and now it is running (according taskmanager), but I dont see any icon. Same with other programs (adobe, Anvir, Teamviewer, etc).

==
ComboFix 15-11-09.01 - Igor 12.11.2015 13:18:44.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1251.7.1033.18.8147.5819 [GMT 2:00]
Running from: c:\users\Igor\Desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Total Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Total Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\AdobePDF.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((( Files Created from 2015-10-12 to 2015-11-12 )))))))))))))))))))))))))))))))
.
.
2015-11-10 17:08 . 2015-11-10 17:30 -------- d-----w- c:\users\Igor\AppData\Local\CrashDumps
2015-11-10 16:57 . 2015-11-11 08:03 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-10 16:57 . 2015-11-10 16:58 -------- d-----w- c:\programdata\RogueKiller
2015-11-10 16:36 . 2015-11-10 22:35 -------- d-----w- C:\FRST
2015-11-10 16:31 . 2015-11-11 08:29 -------- d-----w- C:\AdwCleaner
2015-11-10 16:22 . 2015-11-10 16:22 -------- d-----w- C:\KVRT_Data
2015-11-10 09:51 . 2015-11-12 10:59 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-10 09:51 . 2015-11-10 09:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-10 09:51 . 2015-11-10 09:51 -------- d-----w- c:\programdata\Malwarebytes
2015-11-10 09:51 . 2015-10-05 07:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-10 09:51 . 2015-10-05 07:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-10 09:51 . 2015-10-05 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-09 14:35 . 2015-11-12 10:23 -------- d-----w- c:\users\Igor\AppData\Local\Viber
2015-11-09 14:35 . 2015-11-09 14:35 -------- d-----w- c:\users\Igor\AppData\Local\Package Cache
2015-11-04 17:44 . 2015-11-02 13:16 102704 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-02 22:48 . 2014-03-20 20:02 1572496 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-11-02 17:10 . 2015-08-31 20:25 17515016 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-11-02 17:10 . 2015-08-09 09:27 18361976 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-11-02 17:10 . 2015-01-23 16:37 3158736 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-11-02 17:10 . 2013-11-17 14:56 15717672 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-11-02 17:10 . 2013-11-17 14:32 112760 ----a-w- c:\windows\system32\OpenCL.dll
2015-11-02 17:10 . 2013-11-17 14:32 105264 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-11-02 17:10 . 2013-11-17 14:27 12770752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-11-02 17:10 . 2013-11-17 14:26 3579000 ----a-w- c:\windows\system32\nvapi64.dll
2015-11-02 13:22 . 2013-11-17 14:32 6358648 ----a-w- c:\windows\system32\nvcpl.dll
2015-11-02 13:22 . 2013-11-17 14:32 2983216 ----a-w- c:\windows\system32\nvsvc64.dll
2015-11-02 13:22 . 2013-11-17 14:32 938616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-11-02 13:22 . 2013-11-17 14:32 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-11-02 13:22 . 2013-11-17 14:32 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-11-02 13:22 . 2013-11-17 14:32 2554672 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-29 00:31 . 2013-11-17 14:32 6027430 ----a-w- c:\windows\system32\nvcoproc.bin
2015-10-23 13:18 . 2014-10-17 19:07 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-23 13:18 . 2014-10-17 19:07 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-12 03:05 . 2014-06-07 09:42 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-10-12 03:05 . 2014-06-07 09:40 1423304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-10-12 03:04 . 2014-06-07 09:42 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-10-12 03:04 . 2014-06-07 09:40 1710752 ----a-w- c:\windows\system32\nvspcap64.dll
2015-09-10 23:48 . 2015-09-10 23:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{603ADB7F-BA87-4AB6-9625-A211F22629F0}\offreg.3252.dll
2015-08-30 18:10 . 2013-11-18 14:10 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-08-25 18:46 . 2015-08-31 20:25 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
2015-08-25 18:46 . 2015-08-31 20:25 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
[HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}]
2014-12-06 12:09 552232 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="d:\program files\TrueCrypt\TrueCrypt.exe" [2013-11-17 1516496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
"Viber"="c:\users\Igor\AppData\Local\Viber\Viber.exe" [2015-11-02 51657424]
"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2015-09-27 57981568]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-09-16 8461224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpbdfawep"="c:\program files (x86)\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 1214976]
"Acrobat Assistant 8.0"="c:\acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2010-03-03 53248]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2007-08-31 36864]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2015-04-06 157480]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2015-09-17 2292912]
.
c:\users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VentaDrv.lnk - d:\ventafax & voice 5\vfdrv32.exe [2013-11-18 1189880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1050-0000-7760-000000000003}\_SC_Acrobat.exe [2013-11-18 295606]
Adobe Acrobat Synchronizer.lnk - c:\acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2013-11-18 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ampa;ampa;c:\windows\system32\ampa.sys;c:\windows\SYSNATIVE\ampa.sys [x]
R3 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 cpuz136;cpuz136;c:\users\Igor\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Igor\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe;d:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfx64fax.sys;c:\windows\SYSNATIVE\drivers\hpfx64fax.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13 06:16]
.
2015-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13 06:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-09-11 16:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-09-11 16:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-09-11 16:02 803488 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}"
[HKEY_CLASSES_ROOT\CLSID\{014F27E2-6D75-4E42-A0E9-2A2C68498AFA}]
2014-12-06 12:10 726312 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2012-07-04 1240064]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-12 2655520]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-12 1710752]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-09-04 508104]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Append to existing PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 85.25.237.162 8.8.8.8
FF - ProfilePath - c:\users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\fawq9j0g.default-1447147514057\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files (x86)\AnVir Task Manager\anvir.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
.
**************************************************************************
.
Completion time: 2015-11-12 13:24:57 - machine was rebooted
ComboFix-quarantined-files.txt 2015-11-12 11:24
.
Pre-Run: 40 686 182 400 bytes free
Post-Run: 40 285 573 120 bytes free
.
- - End Of File - - 05572E882085695BC5288756DB19A252
A36C5E4F47E84449FF07ED3517B43A31
==

Broni · Nov 12, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

lasix · Nov 13, 2015

FRST.TXT
==
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Igor (administrator) on IGOR-IRIS-PC (13-11-2015 08:35:54)
Running from C:\Users\Igor\Desktop
Loaded Profiles: Igor (Available Profiles: Igor)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AnVir Software hxxp://www.anvir.net) D:\Program Files (x86)\AnVir Task Manager\AnVir.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Igor\AppData\Local\Viber\Viber.exe
(TrueCrypt Foundation) D:\Program Files\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [hpbdfawep] => C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe [1214976 2007-04-25] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2010-03-03] (HP)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2007-08-31] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [TrueCrypt] => D:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2013-11-17] (TrueCrypt Foundation)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [Viber] => C:\Users\Igor\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll [2014-12-06] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll [2014-12-06] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013-11-18]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1050-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2013-11-18]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-11-18]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VentaDrv.lnk [2013-11-19]
ShortcutTarget: VentaDrv.lnk -> D:\VentaFax & Voice 5\vfdrv32.exe (Venta Association)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 85.25.237.162 8.8.8.8
Tcpip\..\Interfaces\{064E15D3-9BBC-4AEA-8384-4A9934A8792A}: [DhcpNameServer] 85.25.237.162 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-233968585-743656622-1246094418-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-233968585-743656622-1246094418-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-233968585-743656622-1246094418-1000 -> DefaultScope {6979B9AE-18EA-4820-9817-DFFF2DC6646B} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2014-12-06] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-233968585-743656622-1246094418-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\fawq9j0g.default-1447147514057
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2012-08-23] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-233968585-743656622-1246094418-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-31] ()
FF Extension: Adblock Plus - C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\fawq9j0g.default-1447147514057\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-02-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-06] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
S3 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-18] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2010-03-03] (HP) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-21] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-01-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-06] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-12] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-06] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-11] ()
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Igor\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 22:26 - 2015-11-12 22:26 - 00000967 _____ C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-12 22:26 - 2015-11-12 22:26 - 00000943 _____ C:\Users\Igor\Desktop\µTorrent.lnk
2015-11-12 22:26 - 2015-11-12 22:26 - 00000000 ____D C:\Program Files (x86)\uTorrent
2015-11-12 20:00 - 2015-11-12 21:34 - 00000000 ____D C:\Users\Igor\AppData\LocalLow\uTorrent
2015-11-12 13:52 - 2015-11-12 13:53 - 00000000 ____D C:\Users\Igor\AppData\Local\Viber
2015-11-12 13:30 - 2015-11-12 13:30 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2015-11-12 13:24 - 2015-11-12 13:24 - 00019371 _____ C:\ComboFix.txt
2015-11-12 13:18 - 2015-11-12 13:25 - 00000000 ____D C:\Qoobox
2015-11-12 13:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-12 13:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-12 13:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-12 13:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-12 13:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-12 13:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-12 13:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-12 13:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-12 13:17 - 2015-11-12 13:23 - 00000000 ____D C:\Windows\erdnt
2015-11-12 13:15 - 2015-11-12 13:15 - 00001047 _____ C:\1.txt
2015-11-12 12:56 - 2015-11-12 12:56 - 00228602 _____ C:\Users\Igor\Desktop\Audio ads + redirect. Steamwebhelper + Firefox - TechSpot Forums.htm
2015-11-12 12:56 - 2015-11-12 12:56 - 00000000 ____D C:\Users\Igor\Desktop\Audio ads + redirect. Steamwebhelper + Firefox - TechSpot Forums_files
2015-11-12 12:54 - 2015-11-12 12:54 - 05638248 ____R (Swearware) C:\Users\Igor\Desktop\ComboFix.exe
2015-11-11 10:40 - 2015-11-11 10:40 - 00000604 _____ C:\Users\Igor\Desktop\JRT.txt
2015-11-11 10:34 - 2015-11-11 10:34 - 01801288 _____ (Malwarebytes) C:\Users\Igor\Desktop\JRT.exe
2015-11-11 10:30 - 2015-11-12 13:23 - 00001314 _____ C:\Windows\PFRO.log
2015-11-11 10:30 - 2015-11-12 13:23 - 00000168 _____ C:\Windows\setupact.log
2015-11-11 10:30 - 2015-11-11 10:30 - 00000000 _____ C:\Windows\setuperr.log
2015-11-11 10:27 - 2015-11-11 10:27 - 01712128 _____ C:\Users\Igor\Desktop\adwcleaner_5.019.exe
2015-11-11 10:24 - 2015-11-11 10:24 - 00001057 _____ C:\Users\Igor\Desktop\MBAM Report 1.txt
2015-11-11 10:22 - 2015-11-11 10:22 - 00001055 _____ C:\Users\Igor\Desktop\MBAM Report.txt
2015-11-11 10:01 - 2015-11-11 10:02 - 18979400 _____ C:\Users\Igor\Desktop\RogueKiller.exe
2015-11-11 00:34 - 2015-11-13 08:35 - 00023292 _____ C:\Users\Igor\Desktop\FRST.txt
2015-11-11 00:34 - 2015-11-11 00:35 - 00048850 _____ C:\Users\Igor\Desktop\Addition.txt
2015-11-11 00:26 - 2015-11-11 00:33 - 02198528 _____ (Farbar) C:\Users\Igor\Desktop\FRST64.exe
2015-11-10 22:24 - 2015-11-10 22:24 - 00000219 _____ C:\Users\Igor\Desktop\Counter-Strike Global Offensive.url
2015-11-10 22:15 - 2015-11-10 22:15 - 01476720 _____ C:\Users\Igor\Downloads\SteamSetup.exe
2015-11-10 22:15 - 2015-11-10 22:15 - 00000684 _____ C:\Users\Public\Desktop\Steam.lnk
2015-11-10 22:15 - 2015-11-10 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-10 20:27 - 2015-11-10 20:27 - 00000959 _____ C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
2015-11-10 20:27 - 2015-11-10 20:27 - 00000957 _____ C:\Users\Igor\Desktop\Viber.lnk
2015-11-10 19:08 - 2015-11-10 19:30 - 00000000 ____D C:\Users\Igor\AppData\Local\CrashDumps
2015-11-10 18:57 - 2015-11-11 10:03 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-10 18:57 - 2015-11-10 18:58 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-10 18:56 - 2015-11-10 18:56 - 18979400 _____ C:\Users\Igor\Downloads\RogueKiller.exe
2015-11-10 18:42 - 2015-11-10 18:42 - 00448512 _____ (OldTimer Tools) C:\Users\Igor\Downloads\TFC.exe
2015-11-10 18:36 - 2015-11-13 08:35 - 00000000 ____D C:\FRST
2015-11-10 18:31 - 2015-11-11 10:29 - 00000000 ____D C:\AdwCleaner
2015-11-10 18:29 - 2015-11-10 18:29 - 02198528 _____ (Farbar) C:\Users\Igor\Downloads\FRST64.exe
2015-11-10 18:28 - 2015-11-10 18:28 - 01712128 _____ C:\Users\Igor\Downloads\adwcleaner_5.019.exe
2015-11-10 18:22 - 2015-11-10 18:22 - 00000000 ____D C:\KVRT_Data
2015-11-10 18:21 - 2015-11-10 18:22 - 94177432 _____ (Kaspersky Lab ZAO) C:\Users\Igor\Downloads\KVRT.exe
2015-11-10 18:21 - 2015-11-10 18:21 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Igor\Downloads\tdsskiller(1).exe
2015-11-10 18:18 - 2015-11-10 18:18 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Igor\Downloads\tdsskiller.exe
2015-11-10 11:51 - 2015-11-13 05:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-10 11:51 - 2015-11-10 11:51 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-10 11:51 - 2015-11-10 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-10 11:51 - 2015-11-10 11:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-10 11:51 - 2015-11-10 11:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-10 11:51 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-10 11:51 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-10 11:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-10 11:25 - 2015-11-10 11:25 - 00000000 ____D C:\Users\Igor\Desktop\Old Firefox Data
2015-11-10 11:18 - 2015-11-10 11:18 - 22908888 _____ (Malwarebytes ) C:\Users\Igor\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-09 16:35 - 2015-11-10 20:27 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2015-11-09 16:35 - 2015-11-09 16:35 - 00000000 ____D C:\Users\Igor\AppData\Local\Package Cache
2015-11-06 22:57 - 2015-11-10 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-04 19:44 - 2015-11-02 15:16 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-04 19:42 - 2015-11-03 00:48 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-11-04 19:42 - 2015-11-03 00:48 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 37882160 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 22308472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 16553376 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 15120736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 14836064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 12034440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 11130672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-04 19:42 - 2015-11-02 19:10 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 02490672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435887.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435887.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00862000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00500872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00468096 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00369456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-04 19:42 - 2015-11-02 19:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-27 14:24 - 2015-10-27 14:24 - 02228542 _____ C:\Users\Igor\Desktop\Infinity Blade III Gem Fusion Database and Journal Entry .xlsx
2015-10-26 09:10 - 2015-10-26 09:10 - 00016956 _____ C:\Users\Igor\Desktop\3036896542.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-13 08:35 - 2013-11-17 18:33 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Skype
2015-11-13 08:34 - 2013-11-18 10:23 - 00000000 ____D C:\Users\Igor\AppData\Roaming\uTorrent
2015-11-13 08:33 - 2013-12-01 14:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-13 08:28 - 2014-07-13 17:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-13 02:28 - 2014-07-13 17:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 02:16 - 2009-07-14 06:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-13 02:16 - 2009-07-14 06:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-13 02:08 - 2013-11-17 12:34 - 01755665 _____ C:\Windows\WindowsUpdate.log
2015-11-13 02:00 - 2014-08-21 14:46 - 00000000 ____D C:\Users\Igor\AppData\Local\Adobe
2015-11-12 13:53 - 2015-04-06 14:08 - 00000000 ____D C:\Users\Igor\AppData\Roaming\ViberPC
2015-11-12 13:30 - 2015-09-10 09:34 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-12 13:29 - 2009-07-14 07:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-12 13:24 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-11-12 13:23 - 2013-11-17 16:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-12 13:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 13:23 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-11-12 13:22 - 2009-07-14 04:34 - 83099648 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-11-12 13:22 - 2009-07-14 04:34 - 44302336 _____ C:\Windows\system32\config\COMPONENTS.bak
2015-11-12 13:22 - 2009-07-14 04:34 - 17563648 _____ C:\Windows\system32\config\SYSTEM.bak
2015-11-12 13:22 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-11-12 13:22 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-11-12 13:22 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-11-11 10:30 - 2015-09-22 22:13 - 00000000 ___RD C:\Users\Igor\Creative Cloud Files
2015-11-11 10:30 - 2015-06-30 19:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-10 22:30 - 2013-11-18 14:01 - 00000000 ____D C:\Users\Igor\AppData\Roaming\MPC-HC
2015-11-10 22:24 - 2013-11-18 19:26 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-10 20:55 - 2013-11-17 16:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-10 19:23 - 2014-11-09 10:45 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-10 18:46 - 2014-12-24 22:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-10 18:34 - 2014-02-05 20:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-10 18:34 - 2014-02-05 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-10 18:22 - 2013-11-17 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-08 21:59 - 2013-11-18 10:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-04 19:44 - 2014-06-07 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-04 19:44 - 2013-11-17 16:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-04 19:34 - 2014-06-07 11:40 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-11-03 00:48 - 2014-03-20 22:02 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-11-02 19:10 - 2015-08-31 22:25 - 17515016 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-02 19:10 - 2015-08-09 11:27 - 18361976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-02 19:10 - 2015-01-23 18:37 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-02 19:10 - 2013-11-17 16:56 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-02 19:10 - 2013-11-17 16:32 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-02 19:10 - 2013-11-17 16:32 - 00105264 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-02 19:10 - 2013-11-17 16:27 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-02 19:10 - 2013-11-17 16:27 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-02 19:10 - 2013-11-17 16:26 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 02983216 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 02554672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-02 15:22 - 2013-11-17 16:32 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-02 15:22 - 2013-11-17 16:32 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-10-29 02:31 - 2013-11-17 16:32 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-10-23 16:28 - 2013-11-18 10:50 - 00000000 ____D C:\Users\Igor\AppData\Roaming\TeamViewer
2015-10-23 16:24 - 2014-02-04 12:42 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-23 16:24 - 2014-02-04 12:42 - 00000000 ____D C:\Program Files\CCleaner
2015-10-23 15:44 - 2014-02-05 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-23 15:42 - 2013-11-18 14:13 - 00000000 ____D C:\ProgramData\Oracle
2015-10-23 15:41 - 2015-09-10 12:56 - 00000000 ____D C:\Users\Igor\.oracle_jre_usage
2015-10-23 15:18 - 2014-10-17 21:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-23 15:18 - 2014-10-17 21:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 09:33 - 2015-09-22 22:40 - 00000000 ____D C:\Users\Igor\Documents\Adobe
2015-10-17 09:33 - 2013-11-17 21:14 - 00000000 ____D C:\Users\Igor\AppData\Roaming\Adobe
2015-10-16 10:13 - 2014-04-21 18:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2013-11-18 07:36 - 2015-10-08 16:24 - 0001892 _____ () C:\Users\Igor\AppData\Roaming\ex_log.txt
2014-11-27 19:15 - 2015-03-09 20:17 - 0004096 ____H () C:\Users\Igor\AppData\Local\keyfile3.drm
2014-02-12 20:10 - 2014-02-12 20:10 - 0000001 _____ () C:\Users\Igor\AppData\Local\llftool.4.40.agreement
2014-02-03 21:45 - 2015-09-16 09:15 - 0007637 _____ () C:\Users\Igor\AppData\Local\resmon.resmoncfg
2015-05-29 18:01 - 2015-05-30 08:56 - 0001782 _____ () C:\Users\Igor\AppData\Local\ViberUpdater.log
2013-11-18 09:35 - 2015-07-12 15:59 - 0006653 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 00:15

==================== End of FRST.txt ============================
==

lasix · Nov 13, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Igor (2015-11-13 08:36:09)
Running from C:\Users\Igor\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-11-17 10:33:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-233968585-743656622-1246094418-500 - Administrator - Disabled)
Guest (S-1-5-21-233968585-743656622-1246094418-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-233968585-743656622-1246094418-1005 - Limited - Enabled)
Igor (S-1-5-21-233968585-743656622-1246094418-1000 - Administrator - Enabled) => C:\Users\Igor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\uTorrent) (Version: 1.8.2 - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat 8 Professional - Croatian, Ukrainien, Russian, Turkish (HKLM-x32\...\Adobe Acrobat 8 Professional - Croatian, Ukrainien, Russian, Turkish) (Version: 8.0.0 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AnVir Task Manager (HKLM-x32\...\AnVir Task Manager) (Version: - AnVir Software)
AOMEI Partition Assistant Standard Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applen ohjelmatuki (32-bittinen) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Applen ohjelmatuki (64-bittinen) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.6.0 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.2.6.0 - ASUSTek COMPUTER INC.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Capture One 8.3 (HKLM\...\CaptureOne8_is1) (Version: 8.3.1.23 - Phase One A/S)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
ClearType Switch (HKLM-x32\...\ClearType Switch) (Version: 1.1 - KARPOLAN)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DeviceDiscovery (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Foxit PhantomPDF (HKLM-x32\...\{E85A6409-DA6F-49EE-B023-49E3F2F08956}) (Version: 5.4.3.1106 - Foxit Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version: - )
HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP LaserJet M1522 MFP Series 4.2 (HKLM\...\{C8A37F1F-E13B-48ae-93F8-4669264969F9}) (Version: 4.2 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPCarePackCore (HKLM-x32\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (x32 Version: 2.0.0.1 - HP) Hidden
hppFaxDrvM1522 (x32 Version: 003.100.00001 - Hewlett-Packard) Hidden
hppFaxUtility (x32 Version: 000.105.00107 - Название организации) Hidden
hppFonts (x32 Version: 001.001.00056 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.300.00005 - Hewlett-Packard) Hidden
hppLJM1522 (x32 Version: 002.101.00002 - Hewlett-Packard) Hidden
hppManualsM1522 (x32 Version: 002.103.00002 - Название организации) Hidden
hppScanTo (x32 Version: 002.102.00003 - Название организации) Hidden
hppSendFaxM1522 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1522 (x32 Version: 001.005.00009 - Hewlett-Packard) Hidden
hppusgM1522 (x32 Version: 000.000.00004 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
hpzTLBXFX (x32 Version: 005.013.00185 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.04.17271 - Sony Corporation)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office - профессиональный выпуск версии 2003 (HKLM-x32\...\{90110419-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Nettia (HKLM-x32\...\Nettia) (Version: 3.7 - Nettia)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
Product_Min_QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Bat! Professional v5.0.36 (HKLM-x32\...\{B013FB80-453A-4AB0-8DD9-D13C1EB97AD6}) (Version: 5.0.36 - Ritlabs)
Total Commander (HKLM-x32\...\Total Commander) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
WebReg (x32 Version: 90.0.146.000 - Hewlett-Packard) Hidden
Venta Fax & Voice 7.1 (бизнес-версия) (удаление/восстановление) (HKLM-x32\...\Venta Fax & Voice 7.1 (бизнес-версия)) (Version: 7.1 - Venta Association)
Viber (HKU\S-1-5-21-233968585-743656622-1246094418-1000\...\{b1142ab5-4e7c-4fa1-8734-115e5d1e1933}) (Version: 5.4.0.1661 - Viber Media Inc.)
Viber (x32 Version: 5.4.0.1661 - Viber Media Inc.) Hidden
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Leaf Imaging Ltd. Image (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.)
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Driver Package - Phase One A/S (WinUSB) USBDevice (12/03/2014 1.13.0.0) (HKLM\...\7C6570ABBEB2F08EFBC23ED7925AE72DA6167BD8) (Version: 12/03/2014 1.13.0.0 - Phase One A/S)
WinZip (HKLM-x32\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Архиватор WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
На подпись! Free (удаление/восстановление) (HKLM-x32\...\На подпись! Free) (Version: 2.1 - Venta Association)
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM-x32\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233968585-743656622-1246094418-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Restore Points =========================

10-11-2015 00:21:14 Scheduled Checkpoint
10-11-2015 19:22:41 Removed Java 8 Update 65
10-11-2015 20:55:41 Removed HP USB Disk Storage Format Tool
10-11-2015 20:57:37 Removed System Requirements Lab
11-11-2015 10:35:58 JRT Pre-Junkware Removal
11-11-2015 10:38:42 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-11-12 13:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A45DE38-11B0-4326-8464-D4F9FFA30FE7} - System32\Tasks\AnVir Task Manager => D:\Program Files (x86)\AnVir Task Manager\anvir.exe [2013-07-16] (AnVir Software hxxp://www.anvir.net)
Task: {41159740-E55C-47F9-8863-08F6F6ED2C9B} - System32\Tasks\AdobeAAMUpdater-1.0-Igor-IRIS-PC-Igor => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {5B6B1415-3722-4B42-9CF3-B0BCAC185D13} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7EB95912-1F12-4FC7-8FF3-FB719A0DAE1A} - System32\Tasks\{85BA16A7-BF5B-4887-93F7-BDA672A91D0C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?LastError=1618
Task: {864FEC95-9970-4EF8-9BA0-3D3AFE48337D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {AD9CC35B-2A99-43C1-83B0-BBBD31F491A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BAF700D7-5D1F-4F9A-870C-74D10BCD61CE} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {C52138B6-8674-4317-B054-55E1D7E4988E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C77BC7D1-101B-46F0-9BBD-D7B446AFE1B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-11-17 16:32 - 2015-11-02 15:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-18 13:36 - 2013-09-04 16:29 - 00024056 _____ () C:\Windows\system32\vntmon64.dll
2013-11-19 08:41 - 2012-12-12 13:29 - 00059520 _____ () C:\Windows\system32\vsign.dll
2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-11-12 13:52 - 2015-11-09 12:26 - 51657424 _____ () C:\Users\Igor\AppData\Local\Viber\Viber.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2015-03-30 20:08 - 2015-10-12 05:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-12 13:52 - 2015-11-09 12:19 - 00089088 _____ () C:\Users\Igor\AppData\Local\Viber\qfacebook.dll
2015-11-12 13:52 - 2015-11-09 12:19 - 00389632 _____ () C:\Users\Igor\AppData\Local\Viber\imageformats\qsvg.dll
2015-11-12 13:52 - 2015-09-29 03:58 - 00012288 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-11-12 13:52 - 2015-09-29 16:25 - 00690176 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-12 13:52 - 2015-09-29 16:26 - 00057856 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-12 13:52 - 2015-09-29 03:58 - 00012288 _____ () C:\Users\Igor\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-11-12 13:52 - 2015-09-29 04:04 - 00184320 _____ () C:\Users\Igor\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-11-12 13:52 - 2015-09-29 03:58 - 00044032 _____ () C:\Users\Igor\AppData\Local\Viber\QtQml\StateMachine\qtqmlstatemachine.dll
2015-11-12 13:52 - 2015-09-29 03:58 - 00012288 _____ () C:\Users\Igor\AppData\Local\Viber\QtQml\Models.2\modelsplugin.dll
2015-11-12 13:52 - 2015-09-29 16:34 - 00425984 _____ () C:\Users\Igor\AppData\Local\Viber\QtLocation\declarative_location.dll
2015-11-12 13:52 - 2015-09-29 04:03 - 00065024 _____ () C:\Users\Igor\AppData\Local\Viber\QtPositioning\declarative_positioning.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233968585-743656622-1246094418-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 85.25.237.162 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B510F59E-EE49-4A3D-8DCD-DC2BD175DBC2}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0DABC831-94CD-4FB1-86B6-C9402BA7774F}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B45EBF14-DE9C-49A0-ACDB-4BF745EF469C}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B5761AF6-DEF5-43E5-B435-7F82563A0299}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7744700B-5069-45A5-9EC7-A44D524C577E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2770D470-3A32-4ADC-A750-E362A565EF19}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A2AFC35A-221C-48A3-A22A-9275A5D641B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE0865B3-ACE2-4FD1-BE6E-9F8CB565766C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32A2EEA1-999F-4AE2-94AF-CB188356121C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{809468D3-EC9D-47AB-B83A-BFF552FA13A0}] => (Allow) D:\VentaFax & Voice 5\vft38m.exe
FirewallRules: [{D49119D8-95E1-4ACF-9BD1-0037166F9645}] => (Allow) D:\VentaFax & Voice 5\vft38m.exe
FirewallRules: [{930AD622-B330-4BD9-9114-F26CE1A9A129}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{86779A56-F327-447A-9B9D-FA8B73FE8C94}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{DB2E751C-F8B8-483F-971F-8F0750042032}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F00C02C-76F9-43F8-9209-60536984B654}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{41288245-BF33-41E4-905A-B0FE1C02E9E3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ED801AEF-9662-43C4-AE30-C213E9B7903D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{3AA7F01A-6FC7-4F58-8A8D-B763CE0356B9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{AD7AA26B-0614-487F-B10E-36E29BDBE4D6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{54ECB3B0-A6BF-40BA-9699-0A4163301883}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2C4CD533-7A78-40EF-AA31-D7B28F6FCA0D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4AF61EA0-F2E4-490F-9262-A6B3F8F75EB4}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{008224FA-FC5D-4566-92C4-690B5BD025AF}] => (Allow) C:\Users\Igor\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF27760B-22B4-4F3E-B799-708C97E8875F}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84446EEC-2F60-499A-9F61-D6A4D3B7EA98}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7652228D-1FF5-4341-B58D-BEE369C9D283}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{59832A7B-A927-4B2B-9F22-E6CD2DD5B1FF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{EB215398-0471-44C9-9310-913EE1EA7A81}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{7D1536C7-6FB1-4888-A17C-7AB64604CCBF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{12640893-31D1-4986-97BC-2CC9FDD1B45E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{75AAE7B1-C61F-4259-8EF3-529E1710D367}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{720277D1-6231-4544-AFF4-35598A851270}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{594FCE1B-0477-4915-BBA8-5BFB7B1FE24A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{D4757CD7-A426-49FB-B83D-F66575AC50C0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{E60F8AE5-05DF-4B30-97BD-600A598DBCC0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Phantoms - EU\Launcher.exe
FirewallRules: [{A3D07026-8092-4D83-8CA4-A95856B06F14}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6462475E-95A2-453C-89FC-CD269B3FDCF7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{56CF05A1-5635-4411-A1EA-C5AE04355A01}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0A7F1E5C-53CF-4A59-B5FB-D18425310921}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3AA6C5E6-2C9E-40D6-AB86-90D636E4EC1F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{6D3B8DC5-5745-4910-A1E7-095CF60D6B4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{0DAA0C9F-4F9C-4485-A2E2-2652E32F0746}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{C9B23A32-A3BF-48D8-A5BA-7F0175ADD57D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{10D65F0A-724F-42A5-AFAE-1F00DC1C71BC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout Beta\Loadout.exe
FirewallRules: [{C867B417-1B52-4CEB-BA3B-0CB1311ECCA5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Loadout Beta\Loadout.exe
FirewallRules: [TCP Query User{93E82EA4-C52E-4976-B6B8-7D7D6146F835}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{30C6A54C-9E92-4651-9699-1CCBB3B23705}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{F2D00076-9E2C-4B10-9119-0D8B21BFEACD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{44C5475B-BE4D-47BF-9F2A-7E6477E2004F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FB06F1A1-B568-45C1-9EC1-B875B5780D77}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{92488EEE-5306-4762-A810-2F655486A913}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{24FD0E64-9BCE-4341-B4F7-75942DBBB1ED}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{2CF38D1E-4089-41BF-ACA1-517B6CCDA114}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{D3950748-57FF-4476-B52F-E5544DADCA5B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{69A6639D-1E97-4DFD-BC28-D42B101D5B44}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78540F45-B3CA-4986-8A2E-326045B9BA67}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{D00F9325-02C2-4BDB-AA68-F2793C07A061}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{CDD02707-FA97-4B2F-BD20-E2874BB82DF6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{B8F9D079-634B-4491-927A-59B79701846B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{1FB53C63-03FE-4315-B878-8391AB4174AF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{77E322F7-EA5E-433B-A381-F7B5752A8615}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{722E372B-4671-43AE-B75C-90988DEDCB64}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{458986E2-6A0A-499D-9FEA-006521B1600B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{49D40F0F-78C5-44E1-8EC7-FA1A1958E76E}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{85EAA8D9-AE5B-437C-A1FF-F343A99F2E91}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{CF01DD8E-9B1C-4F8A-8D27-9D7EED33C1B2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{3415114E-1423-4560-8BE2-F22EB7184C37}] => (Allow) C:\Program Files (x86)\HP\hp laserjet m1522\Fax Config utility1.exe
FirewallRules: [{6527AA6F-6448-42ED-B6DA-4CE87EEE185F}] => (Allow) C:\Program Files (x86)\HP\hp laserjet m1522\Fax Config utility1.exe
FirewallRules: [{DB2072C4-3D9E-4783-B09B-F3114A9105EC}] => (Allow) D:\Program Files (x86)\Nettia\Nettia.exe
FirewallRules: [{115C712A-84B0-4F54-BDE3-D15733E58368}] => (Allow) D:\Program Files (x86)\Nettia\Nettia.exe
FirewallRules: [{912AF027-EC0C-4612-90B7-B8DB77EADA29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B711A9A4-2A19-4E0F-9F54-C455820D6A74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F7F084A2-3F26-4BFA-9FB1-07B33C2F0DD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D0A6DBBE-0800-48C8-9335-B2B6F6895E33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B250A2B-FF50-4865-AEAE-514D8454A2D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{133ADC28-9238-4890-8C9D-0761915C05CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EC51FF52-A77E-4C98-8DF0-4F6DCD24D9E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5294B591-8236-44E1-9DD6-3F9153E9DAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C29C159D-1835-4969-BAC5-964443163E7A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B1F513C3-75D2-4A58-875B-1F002AFEAF02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49CFD433-D513-400F-B762-8B0F90F91407}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9417E196-0067-4E7D-B54A-E21321C7B72F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{85A93960-5189-4E75-88C4-06C95E074710}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2015 01:25:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 10:40:56 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 7884. Message ID: [0x2509].

Error: (11/11/2015 10:32:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 10:30:26 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2015 10:30:26 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2015 10:30:26 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2015 10:30:26 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (11/11/2015 10:30:26 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/11/2015 10:30:26 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/11/2015 10:30:26 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (11/13/2015 07:24:59 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MONROE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{064E15D3-9BBC-4AEA-8384-4A9934A8792A}.
The master browser is stopping or an election is being forced.

Error: (11/13/2015 03:12:44 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MONROE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{064E15D3-9BBC-4AEA-8384-4A9934A8792A}.
The master browser is stopping or an election is being forced.

Error: (11/13/2015 12:01:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/12/2015 01:22:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/12/2015 01:22:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/12/2015 01:21:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/12/2015 01:20:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/12/2015 01:17:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/12/2015 01:17:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (11/12/2015 03:12:44 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MONROE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{064E15D3-9BBC-4AEA-8384-4A9934A8792A}.
The master browser is stopping or an election is being forced.

CodeIntegrity:
===================================
Date: 2015-11-12 13:21:55.084
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-12 13:21:55.054
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-16 23:50:05.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.533
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 23:50:05.526
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 00:05:53.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-16 00:05:53.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8146.92 MB
Available physical RAM: 5322.54 MB
Total Virtual: 16292.04 MB
Available Virtual: 13196.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:37.12 GB) NTFS
Drive d: (Work) (Fixed) (Total:931.51 GB) (Free:149.26 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:14.92 GB) (Free:7.74 GB) NTFS
Drive I: () (Fixed) (Total:149.98 GB) (Free:12.57 GB) FAT32
Drive z: (My Book) (Fixed) (Total:931.51 GB) (Free:105.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7E3E5925)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 93C20E31)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Nov 13, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

lasix · Nov 14, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Igor (2015-11-14 11:40:22) Run:1
Running from C:\Users\Igor\Desktop
Loaded Profiles: Igor (Available Profiles: Igor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-233968585-743656622-1246094418-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-233968585-743656622-1246094418-1000 -> DefaultScope {6979B9AE-18EA-4820-9817-DFFF2DC6646B} URL =
Toolbar: HKU\S-1-5-21-233968585-743656622-1246094418-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Igor\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
2013-11-18 07:36 - 2015-10-08 16:24 - 0001892 _____ () C:\Users\Igor\AppData\Roaming\ex_log.txt
2014-11-27 19:15 - 2015-03-09 20:17 - 0004096 ____H () C:\Users\Igor\AppData\Local\keyfile3.drm
2014-02-12 20:10 - 2014-02-12 20:10 - 0000001 _____ () C:\Users\Igor\AppData\Local\llftool.4.40.agreement
2014-02-03 21:45 - 2015-09-16 09:15 - 0007637 _____ () C:\Users\Igor\AppData\Local\resmon.resmoncfg
2015-05-29 18:01 - 2015-05-30 08:56 - 0001782 _____ () C:\Users\Igor\AppData\Local\ViberUpdater.log
2013-11-18 09:35 - 2015-07-12 15:59 - 0006653 _____ () C:\ProgramData\hpzinstall.log

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-233968585-743656622-1246094418-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-233968585-743656622-1246094418-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-233968585-743656622-1246094418-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
BRDriver64_1_3_3_E02B25FC => service removed successfully
catchme => service removed successfully
cpuz136 => service removed successfully
C:\Users\Igor\AppData\Roaming\ex_log.txt => moved successfully
C:\Users\Igor\AppData\Local\keyfile3.drm => moved successfully
C:\Users\Igor\AppData\Local\llftool.4.40.agreement => moved successfully
C:\Users\Igor\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\Igor\AppData\Local\ViberUpdater.log => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully

==== End of Fixlog 11:40:23 ====

Broni · Nov 14, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

lasix · Nov 14, 2015

Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Total Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 19.0.0.226
Adobe Reader XI
Mozilla Firefox (42.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Total Security 15.0.1 avp.exe
Kaspersky Lab Kaspersky Total Security 15.0.1 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

lasix · Nov 14, 2015

Farbar Service Scanner Version: 26-07-2015
Ran by Igor (administrator) on 14-11-2015 at 19:10:09
Running from "C:\Users\Igor\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

lasix · Nov 14, 2015

TFC ran, not asked for reload.

lasix · Nov 15, 2015

Sophos Virus Removal Tool was working several hours, then said that computer is clean.

Broni · Nov 15, 2015

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

lasix · Nov 15, 2015

Hi, Broni, thanks a lot.
I have ran through your list.
In pos. 2 I have now all available updates installed except of Win10 itself. However, can You please share you opinion? Is it ok to uninstall so-called "Windows 7 spying updates" (KB 3068708, 3022345, 3075249, 3080149)?
Pos. 3 - I did not have this, right?
Pos. 12 - Well, this is the question. I have launched Steam (and, therefore, steamwebhelper.exe launched automatically). I was not launching Steam for 5 days or so. On clicking on link in Steam's internal browser I have received same dialog window as I have posted in the very beginning (without redirecting to other sites, however).
I didn't believe that this is really JavaScript confirmation, I even don't have Java installed at the moment... I did not press OK, or CANCEL, but closed this dialog by Alt-F4. Dialog window closed, but I did not follow to the link where I wanted to go. When I clicked again - same dialog window opened.
Then I found out that cleaning tools have cleared IE's and Firefox's cache, etc, but ignored Steam's cache in C:\Users\*\Appdata\Local\Steam\htmlcache\ So, I turned Steam off, deleted 380Mb from this folder and restarted Steam. No unwanted windows anymore, at least for now.... However, I am still unsure is there is anything else uncleared.

Also, can You please advice about set of safety programs that I have at the moment?
- Kaspersky Total Security 15
- MBAM in trial premium mode, ends soon.
- Anvir as system hook and monitor
- CCleaner
- Secunia
These five are running constantly, plus ADWCleaner, TFC and JRT are supposed to be ran weekly.
Should anything be removed/replaced/added?

Thank you very much for your reply in advance!

Solved Audio ads + redirect. Steamwebhelper + Firefox

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Attachments

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Similar threads