Голям проблем! Не се отварят основни програми

[IRISS]

Здравейте, на лап топа ( Windows Home Premium 7 -64) се появи голям проблем. Като отварям основния прозорец на антивирусната излиза този надпис Exeption EOleSysError in module AAMW_Main.exe at 00134E35 Клас не е вписан ClassID:

Също така при инсталиране на нова програма излизат CoCreateInstance failed; Code ox80040154 (Това излезе при инсталиране на Malwarebytes' Anti-Malware) Също и това Run-time error 'o' и Run-time error '440';

И други програми не работят (Skype) Може ли да се направи нещо? Благодаря ако някой знае да помогне!

 

Исках да прикрепя снимки, но не работи изборът на файл. Това също е част от проблема

 

Също така не могат да се инсталират 2 апдейта за Microsoft.Net FrameWork 4.

[Night_Raven]

Изтегли RKill и го запази на работния плот. Стартирай го и изчакай да приключи. След това ще се създаде дневник в същата папка (работния плот) и ще се отвори в Notepad. Моля, копирай съдържанието му тук.

Не рестартирай системата, докато не бъдеш инструктиран(а)!

 

 

[IRISS]

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 11/17/2012 03:51:33 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

 

Checking for Windows services to stop:

 

* No malware services found to stop.

 

Checking for processes to terminate:

 

* C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe (PID: 1080) [AU-HEUR]

 

1 proccess terminated!

 

Checking Registry for malware related settings:

 

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

 

Backup Registry file created at:

C:\Users\Emi\Desktop\rkill\rkill-11-17-2012-03-51-50.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

* No issues found.

 

Checking Windows Service Integrity:

 

* No issues found.

 

Searching for Missing Digital Signatures:

 

* C:\Windows\System32\UxTheme.dll [NoSig]

+-> C:\Windows\SysWOW64\uxtheme.dll : 245760 : 07/14/2009 00:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332288 : 07/14/2009 00:41 AM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]

+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245760 : 07/14/2009 00:11 AM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

 

Checking HOSTS File:

 

* No issues found.

 

Program finished at: 11/17/2012 03:54:13 PM

Execution time: 0 hours(s), 2 minute(s), and 40 seconds(s)

[Night_Raven]

Опитай отново да инсталираш Malwarebytes Anti-Malware.

[IRISS]

Същото CoCreateInstance failed; Code ox80040154 натиснах 5 пъти ОК

и другите две по 3 пъти

[Night_Raven]

Изтегли OTL и го запази на работния плот:

- стартирай инструмента;

- постави отметка в горната част на Scan All Users;

- в поле Standard Registry избери All;

- от падащо меню File Age избери 90 Days;

- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;

- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\temp\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Local\*.
%USERPROFILE%\AppData\Local\temp\*.exe
%USERPROFILE%\AppData\Roaming\*.*
%USERPROFILE%\AppData\Roaming\*.
%Public%\Documents\Softwrap\YOYOGAMESGM70FINAL\*.exe
%Public%\Documents\Fonts\*.exe
%Public%\Documents\Config\*.exe
%Public%\Documents\*.*
%ProgramData%\*.*
%ProgramData%\*.
%CommonProgramFiles%\*.*
%CommonProgramFiles%\ComObjects*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
%ProgramFiles(x86)%\*.*
%ProgramFiles(x86)%\*.
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
%windir%\temp\*.exe
%windir%\minidump\*.*
%windir%\*.
%windir%\installer\*.
%windir%\system32\*.
%windir%\sysnative\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /90
%systemroot%\syswow64\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.ini
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%SystemRoot%\assembly\GAC_MSIL\*.ini
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CURRENT_USER\Software\MSOLoad /s
bcdedit /enum all /v >C:\boot.txt /c
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
consrv.dll
services.exe
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
str.sys
crexv.ocx
/md5stop

- кликни бутон Run Scan;

Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt.

 

Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар.

[IRISS]

Exeption EOleSysError in module OTL.exe at 000584A5 не може да се стартира

[Night_Raven]

Изтегли DDS и:

1) я стартирай;

2) изчакай да събере информацията си;

3) ще се появят 2 текстови файла, запази ги на удобно място (на работния плот например), архивирай ги и прикачи архива към коментара си.

 

Важно: ако имаш инсталирана антивирусна програма, е желателно да спреш временно резидентната й защита, за да не попречи евентуално на нормалната работа на DDS.

[IRISS]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 28/11/2011 3:29:58 pµ

System Uptime: 17/11/2012 1:19:26 µµ (5 hours ago)

.

Motherboard: LENOVO | | 0301G7G

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 911/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 455 GiB total, 360.268 GiB free.

D: is CDROM ()

Q: is FIXED (NTFS) - 10 GiB total, 0.66 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\LEGACY_A2INJECTIONDRIVER\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_A2INJECTIONDRIVER\0000

Service:

.

==== System Restore Points ===================

.

RP118: 6/11/2012 2:57:59 µµ - Windows Update

RP119: 6/11/2012 4:59:36 µµ - Revo Uninstaller's restore point - Adobe Photoshop CS3

RP120: 10/11/2012 3:04:53 µµ - Windows Update

RP121: 13/11/2012 3:48:55 µµ - Windows Update

RP122: 15/11/2012 5:10:35 µµ - Windows Update

RP123: 15/11/2012 5:56:36 µµ - Windows Update

RP124: 15/11/2012 6:22:03 µµ - Windows Update

RP125: 15/11/2012 6:24:55 µµ - Windows Update

RP127: 16/11/2012 2:45:48 pµ - Windows Update

RP128: 17/11/2012 2:06:31 pµ - Windows Update

RP129: 17/11/2012 1:36:30 µµ - Windows Update

RP130: 17/11/2012 2:45:19 µµ - Windows Update

.

==== Installed Programs ======================

.

Registry Patch to arrange icons in Device and Printers folder of Windows 7

?a??t? ???ss?? ??a ta ???????? t?? Microsoft .NET Framework 4 Client Profile

?a??t? ???ss?? ??a ta ???????? t?? Microsoft .NET Framework 4 Extended

3D Video Converter 3.3.5

3D Video Player 3.3.5

50 FREE MP3s +1 Free Audiobook!

7-Zip 9.25 (x64 edition)

AcroPano Photo Stitcher, Panorama software

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Community Help

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Download Assistant

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 ActiveX 64-bit

Adobe Flash Player 11 Plugin 64-bit

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe Media Player

Adobe PDF Library Files

Adobe Photoshop CS5

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Advanced Woman Calendar 4.2

Aiseesoft Total Media Converter 6.2.26

AllMySongs Database

Animated Screensaver Maker

Artensoft Tilt Shift Generator

Ashampoo Anti-Malware v.1.21

Ashampoo Snap 4 v.4.3.1

Astro Gemini Screensaver Manager 1.2

Athtek Skype Recorder

Audio Record Wizard

AV Burning Pro 4.5.1

Batch Photo Watermarker 3.5

Blingee Toolbar

BS.Player FREE

Chameleon Startup Manager 3.4.0.766

Christmas Eve 3D Screensaver 1.0

Cleanse Uninstaller Pro 8.0

Clone Terminator

Common Desktop Agent

Create Recovery Media

D3DX10

DealPly

DesignBox version 1.06.02

DP Animation Maker

DriverMax 6

DVDVideoSoftTB Toolbar

Easter 3D Screensaver 1.0

EzGenerator 4.0

Face Off Max

Farm Frenzy - Pizza Party

Farmscapes

Fashion Fortune

Fishdom H2O - Hidden Odyssey

Flip Album

Free YouTube to MP3 Converter version 3.11.32.918

Funmoods Web Search

GIMP 2.8.2

Google Chrome

Google Earth Plug-in

Google Update Helper

Home Sweet Home - Christmas Edition

ImageSlicer

IMVU Avatar Chat Software

IMVU Inc Toolbar

Inpaint 3.1

Integrated Camera Driver Installer Package Ver.1.0.1.7

Integrated Camera TWAIN

Intel PROSet Wireless

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Wireless Display

InterVideo WinDVD 8

Java Auto Updater

Java 6 Update 17 (64-bit)

Java 6 Update 30

Jojo's Fashion Show

Jojos Fashion Show - World Tour

Junk Mail filter update

KGB Archiver 1.2.1.24

Kindergarten

Kingsoft Office 2012 (8.1.0.3020)

LangoMax Adult Advantage

Lenovo Auto Scroll Utility

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Lenovo Warranty Information

Lenovo Welcome

Magic Desktop 2.0.2

Malwarebytes Anti-Malware version 1.65.1.1000

Media Buddy 3.3.9

Mesh Runtime

Message Center Plus

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile ELL Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended ELL Language Pack

Microsoft Application Error Reporting

Microsoft Office "???s? µe ??a ????" 2010

Microsoft Office 2010

Microsoft Office Starter 2010 - ????????

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mobile Broadband

Mozilla Firefox 16.0.2 (x86 el)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multi Image Optimizer Pro version 1.0.5.737

MySlideShow 3.5.6

NetBalancer

On Screen Display

OptimizerPro1

Our World 3 e-Book

PageFlip PDF to Flash Converter

PDF Settings

PDF Settings CS5

Photo Stamp Remover 5.0

Photo Toolbox for Windows version 1.7.4.5

PhotoScape

Picture Collage Maker 3.2.8

Picture Cutout Guide Lite 2.10

PPT To Flash Catalog Professional

Presentation Marker V2.2.5

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Reg Organizer version 5.40

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

Retouch Pilot Free 3.4.1

Revo Uninstaller 1.93

S?????? f?t???af??? t?? Windows Live

Samsung CLP-360 Series

Samsung Easy Printer Manager

Samsung Printer Live Update

Santa's Elves Animated Wallpaper version 1.0

SaveAs

Screen Recording Suite V2.4.8

ScreenCamera.Net version 1.3.8.80

Search Assistant AppsAreFun 1.66

Security Update for ?a??t? ???ss?? ??a ta ???????? t?? Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for ?a??t? ???ss?? ??a ta ???????? t?? Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SilverCrest STMS 2017 A1 Driver

SimplyGoodPictures

Skype Click to Call

Skype™ 5.10

SoftOrbits Photo Retoucher 1.0

Sothink Logo Maker Special

Speed MP3 Downloader

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

System Update

Theme Manager

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkVantage Active Protection System

ThinkVantage Communications Utility

ThinkVantage Fingerprint Software

ThunderSoft Flash Slideshow Factory (2.8.2.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

uRex Video Converter Platinum

VirtualDJ Home FREE

VLC media player 1.0.1

VS10Runtimex64

Wedding Salon

Winamp

Winamp Detector Plug-in

Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)

Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Driver Package - Intel (iaStor) hdc (01/15/2010 9.5.7.1002)

Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)

Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)

Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)

Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Winter 3D Screensaver 1.0

WinX DVD Copy Pro 3.4.3

Wondershare PDF Converter (Build 3.0.0)

YouTube Downloader Toolbar v4.9

Zebra-Media Surveillance System version 1.3

.

==== End Of File ===========================

 

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455

Run by Emi at 18:14:51 on 2012-11-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1032.18.1909.323 [GMT 2:00]

.

AV: Ashampoo Anti-Malware *Disabled/Updated* {1586225C-B0F7-7A3E-FBB7-F15B3A4D2579}

SP: Ashampoo Anti-Malware *Disabled/Updated* {AEE7C3B8-96CD-75B0-C107-CA2941CA6FC4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_Service.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Programs\AdvancedWomanCalendar\Advanced Woman Calendar\WomanCalendar.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Programs\winamp5623_full_emusic-7plus_all\Winamp\winampa.exe

C:\Program Files (x86)\SilverCrest STMS 2017 A1 Driver\KbClient_FD2.exe

C:\Program Files (x86)\SilverCrest STMS 2017 A1 Driver\MouClient_FD2.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\inetsrv\inetinfo.exe

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k LPDService

C:\Windows\system32\mqsvc.exe

C:\Programs\NetBalancerPro\NetBalancer\SeriousBit.NetBalancer.Service.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\System32\tcpsvcs.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\System32\snmp.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\mqtgsvc.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\osk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_Guard.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe

C:\Programs\DriverMax\drivermax.exe

C:\Programs\Revo Uninstaller\Revouninstaller.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\rundll32.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://lenovo.msn.com

mStart Page = hxxp://home.myplaycity.com/

mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

uURLSearchHooks: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - <orphaned>

uURLSearchHooks: {192a6019-26d2-4611-aead-07cd7733b146} - <orphaned>

uURLSearchHooks: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - <orphaned>

uURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - <orphaned>

uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>

uURLSearchHooks: {62d40876-df18-411f-9d34-a9dd7a197bc5} - <orphaned>

uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll

mURLSearchHooks: {192a6019-26d2-4611-aead-07cd7733b146} - <orphaned>

mURLSearchHooks: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - <orphaned>

mURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>

mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll

mWinlogon: Userinit = userinit.exe

BHO: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - <orphaned>

BHO: {192a6019-26d2-4611-aead-07cd7733b146} - <orphaned>

BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>

BHO: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - <orphaned>

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>

BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll

BHO: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - <orphaned>

BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

BHO: {E486E3AC-A2E3-263F-D235-6B159A3CC2E0} - <orphaned>

BHO: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - <orphaned>

BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>

TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Advanced Woman Calendar] "C:\Programs\AdvancedWomanCalendar\Advanced Woman Calendar\WomanCalendar.exe" -m

uRun: [Google Update] "C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AdobeBridge] <no file>

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [WinampAgent] C:\Programs\winamp5623_full_emusic-7plus_all\Winamp\winampa.exe

mRun: [Launch SilverCrest STMS 2017 A1-K] C:\Program Files (x86)\SilverCrest STMS 2017 A1 Driver\KbClient_FD2.exe

mRun: [Launch SilverCrest STMS 2017 A1-M] C:\Program Files (x86)\SilverCrest STMS 2017 A1 Driver\MouClient_FD2.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

StartupFolder: C:\Users\Emi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Emi\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Free YouTube to MP3 Converter - C:\Users\Emi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{0ABF717E-C69E-46D1-BFF9-C0FBE6FB487E} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{0ABF717E-C69E-46D1-BFF9-C0FBE6FB487E} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{0ABF717E-C69E-46D1-BFF9-C0FBE6FB487E}\2647B6 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{0ABF717E-C69E-46D1-BFF9-C0FBE6FB487E}\2647B6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D0FA6351-DAE8-449D-B303-4CFEFB21B1E6} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{F6243604-7DDA-4687-81DA-50A7529E29EC} : NameServer = 0.0.0.0

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>

x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzutAtN2Y1L1Qzuzz0C0AzyzztBtAzz0EyD0FyByCzz0BtAtN0D0TzutBtDtCtBtDyBtCtD&cr=1851579163

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

x64-Run: [TpShocks] TpShocks.exe

x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

x64-Run: [Ashampoo Anti-Malware Guard] "C:\Programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_Guard.exe"

x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\

FF - prefs.js: Keyword.Enabled - true

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=2&q=

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll

FF - plugin: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Programs\Ommoo Magic Desktop\Magic Desktop\MagicDesktop_v2.5.4\npdzzoerunner.dll

FF - plugin: C:\Users\Emi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - ExtSQL: 2012-09-23 17:27; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - ExtSQL: 2012-09-23 17:31; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - ExtSQL: 2012-10-09 21:53; {62d40876-df18-411f-9d34-a9dd7a197bc5}; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}

FF - ExtSQL: 2012-10-28 00:06; 508c4318366e4@508c43183671d.com; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\508c4318366e4@508c43183671d.com

FF - ExtSQL: 2012-11-10 13:58; {90b49673-5506-483e-b92b-ca0265bd9ca8}; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}

FF - ExtSQL: 2012-11-15 17:07; badge@darktrojan.net; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\badge@darktrojan.net.xpi

FF - ExtSQL: 2012-11-15 17:10; personas@christopher.beard; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\personas@christopher.beard.xpi

FF - ExtSQL: 2012-11-15 17:10; status4evar@caligonstudios.com; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\status4evar@caligonstudios.com.xpi

FF - ExtSQL: 2012-11-15 17:10; {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}

FF - ExtSQL: 2012-11-17 13:35; support@lastpass.com; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\support@lastpass.com

FF - ExtSQL: 2012-11-17 17:11; GlassMyFox@ArisT2_Noia4dev; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\GlassMyFox@ArisT2_Noia4dev.xpi

FF - ExtSQL: 2012-11-17 17:13; TabAutoReload@schuzak.jp; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\TabAutoReload@schuzak.jp.xpi

FF - ExtSQL: 2012-11-17 17:19; StyleThing@ya.ru; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\StyleThing@ya.ru.xpi

FF - ExtSQL: 2012-11-17 17:21; restartless.restart@erikvold.com; C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\restartless.restart@erikvold.com.xpi

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzutAtN2Y1L1Qzuzz0C0AzyzztBtAzz0EyD0FyByCzz0BtAtN0D0TzutBtDtCtBtDyBtCtD&cr=1851579163

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1Qzuzz0C0AzyzztBtAzz0EyD0FyByCzz0BtAtN0D0TzutBtDtCtBtDyBtCtD&cr=1851579163

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=wbst&chnl=&cd=2XzutAtN2Y1L1Qzuzz0C0AzyzztBtAzz0EyD0FyByCzz0BtAtN0D0TzutBtDtCtBtDyBtCtD&cr=1851579163&q=

FF - user.js: extensions.funmoods.id - f67b68b30000000000008ca98238e5f7

FF - user.js: extensions.funmoods.instlDay - 15531

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:21:43

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - wbst

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef -

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f67b68b30000000000008ca98238e5f7&q=

FF - user.js: extensions.BabylonToolbar.id - f67b68b30000000000008ca98238e5f7

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15620

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.70:25:39

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

user_pref('extensions.dealply.partner', 'inff');

.

user_pref('extensions.dealply.channel', 'infftog01');

.

user_pref('extensions.dealply.installId', 'v24300247995957540653192012102800063631');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '1');

.

user_pref('extensions.dealply.partner', 'inff');

.

user_pref('extensions.dealply.channel', 'infftog01');

.

user_pref('extensions.dealply.installId', 'v24300247995957540653192012102800063631');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '1');

.

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-1-14 23664]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-17 30568]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2010-5-27 15400]

R2 AAMWService;Ashampoo Anti-Malware Service;C:\Programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_Service.exe [2012-3-9 1313184]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-3-3 50536]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-3-3 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-5-27 93032]

R2 NetBalancer Windows Service;NetBalancer Windows Service;C:\Programs\NetBalancerPro\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-2-18 10240]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-3-3 199272]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-14 13840]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-2-15 11576]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-5-27 63928]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-3 2320920]

R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-11-17 830048]

R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2012-10-28 56136]

R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-3-3 161664]

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-4-26 29288]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-3 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-3 158976]

R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2012-10-2 17920]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-3 271872]

R3 MouFilter_Mou_FlexDef4;HID Mouse(FlexDef4) Driver Service;C:\Windows\System32\drivers\MouFilter_FlexDef4.sys [2012-10-2 15360]

R3 Nbdrv;NetBalancer;C:\Windows\System32\drivers\nbdrv.sys [2012-2-18 41256]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]

R3 PCWinSoft;ScreenCamera.Net Video Camera;C:\Windows\System32\drivers\scrcamnetdriver_x64.sys [2012-6-28 241800]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]

S2 AAMW_WSC_Service_Vista;Ashampoo Anti-Malware WSC Service;C:\Programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [2012-3-9 52616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-5-27 45496]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 Application Updater;Application Updater;"C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" --> C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-3-3 53800]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-3 35104]

S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2012-1-6 276256]

S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-2-27 252416]

S3 Magic Desktop Server;Magic Desktop Server;C:\Programs\Ommoo Magic Desktop\Magic Desktop\server\MagicDesktopServer.exe --> C:\Programs\Ommoo Magic Desktop\Magic Desktop\server\MagicDesktopServer.exe [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-11-12 25072]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-3-3 75112]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-15 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-3 239136]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-15 57856]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-11-17 15:14:25 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-11-17 15:14:21 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2012-11-17 15:14:15 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-11-17 15:14:07 -------- d--h--w- C:\ProgramData\Common Files

2012-11-17 14:57:35 -------- d-----w- C:\Users\Emi\AppData\Local\Innovative Solutions

2012-11-17 12:46:37 -------- d-----w- C:\fb9977af00c2e2b591d7c86f

2012-11-17 12:46:11 -------- d-----w- C:\96e311d8e08296ae808ef2241270a5

2012-11-17 11:38:18 -------- d-----w- C:\3a3eac37d1c3557dd2def9

2012-11-17 11:37:43 -------- d-----w- C:\7d7444aaab06e7b2640c40e4615d

2012-11-16 20:03:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2689F9C6-F9E2-41C9-95FA-3336E754F2A5}\offreg.dll

2012-11-16 12:37:52 192000 ----a-w- C:\Windows\System32\iisRtl.dll

2012-11-16 12:37:51 55296 ----a-w- C:\Windows\System32\admwprox.dll

2012-11-16 12:37:51 50688 ----a-w- C:\Windows\SysWow64\admwprox.dll

2012-11-16 12:37:51 154624 ----a-w- C:\Windows\SysWow64\iisRtl.dll

2012-11-16 12:37:50 8192 ----a-w- C:\Windows\SysWow64\iisrstap.dll

2012-11-16 12:37:50 60928 ----a-w- C:\Windows\System32\ahadmin.dll

2012-11-16 12:37:50 26624 ----a-w- C:\Windows\SysWow64\ahadmin.dll

2012-11-16 12:37:50 16896 ----a-w- C:\Windows\System32\iisreset.exe

2012-11-16 12:37:50 15360 ----a-w- C:\Windows\SysWow64\iisreset.exe

2012-11-16 12:37:50 14848 ----a-w- C:\Windows\System32\wamregps.dll

2012-11-16 12:37:50 11264 ----a-w- C:\Windows\System32\iisrstap.dll

2012-11-16 12:37:50 10752 ----a-w- C:\Windows\SysWow64\wamregps.dll

2012-11-16 12:32:46 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2689F9C6-F9E2-41C9-95FA-3336E754F2A5}\mpengine.dll

2012-11-15 17:16:09 -------- d-----w- C:\Windows\SysWow64\BestPractices

2012-11-15 17:16:07 -------- d-----w- C:\Windows\System32\msmq

2012-11-15 17:16:07 -------- d-----w- C:\Windows\System32\BestPractices

2012-11-15 17:15:59 -------- d-----w- C:\inetpub

2012-11-15 16:08:30 -------- d-----w- C:\Program Files\AuthenTec

2012-11-15 16:06:24 -------- d-----w- C:\Users\Emi\AppData\Roaming\Malwarebytes

2012-11-15 16:05:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-15 16:05:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-15 16:05:14 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-15 16:05:14 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-15 16:05:14 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-15 16:05:14 2560 ----a-w- C:\Windows\System32\drivers\el-GR\wdf01000.sys.mui

2012-11-15 15:58:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-15 15:58:03 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-15 15:58:02 140960 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-11-15 15:58:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-15 15:58:01 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2012-11-15 15:58:01 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2012-11-15 15:58:01 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-11-15 15:58:00 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-15 15:58:00 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-15 15:31:02 -------- d-----w- C:\Users\Emi\AppData\Roaming\EurekaLog

2012-11-15 15:12:22 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-15 15:12:22 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-15 15:12:22 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-15 15:12:22 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-15 15:12:21 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-15 15:12:21 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-15 15:12:21 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-15 14:42:08 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-11-15 14:42:08 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-11-15 14:42:08 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-11-15 14:42:08 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-15 14:42:08 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-11-15 14:42:08 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-15 14:42:08 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-11-15 14:42:08 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-11-15 14:42:08 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2012-11-15 14:40:14 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-11-15 14:40:14 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-11-15 14:40:14 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2012-11-15 14:40:14 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-11-15 14:40:14 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-11-15 14:40:14 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-11-15 14:40:14 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-11-15 14:40:14 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-11-15 14:40:14 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-11-15 14:40:14 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-11-15 14:40:14 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-11-15 14:40:14 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-11-15 14:35:59 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-11-15 14:35:59 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-11-15 14:35:59 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-11-15 14:35:58 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-11-15 14:35:23 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-15 14:33:25 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-11-15 14:33:25 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-11-10 11:12:47 -------- d-----w- C:\Program Files (x86)\YourFileDownloader

2012-11-08 21:58:24 -------- d-----w- C:\Program Files (x86)\IMVU_Inc

2012-11-03 12:03:37 -------- d-----w- C:\Users\Emi\AppData\Local\WEB2Print

2012-11-02 13:13:07 -------- d--h--w- C:\.cache

2012-11-02 13:11:25 -------- d-----r- C:\Users\Emi\MegaCloud

2012-11-02 13:10:49 -------- d-----w- C:\Users\Emi\AppData\Roaming\MegaCloudBackup

2012-11-02 13:09:51 -------- d-----w- C:\Users\Emi\AppData\Roaming\MegaCloud

2012-11-02 13:08:49 -------- d-----w- C:\ProgramData\Web Installer

2012-10-28 13:43:28 -------- d-----w- C:\ProgramData\GoBit Games

2012-10-28 13:35:35 -------- d-----w- C:\Users\Emi\AppData\Roaming\Exent Technologies

2012-10-28 13:35:29 -------- d-----w- C:\Users\Emi\AppData\Roaming\Supermarket Mania 2

2012-10-28 13:23:29 -------- d-----w- C:\Remote Programs

2012-10-28 13:23:20 -------- d-----w- C:\ProgramData\Free Ride Games

2012-10-28 13:23:10 57824 ------w- C:\Windows\ExentInfo.exe

2012-10-28 13:23:09 -------- d-----w- C:\Program Files (x86)\Free Ride Games

2012-10-27 21:49:22 -------- d-----w- C:\Downloads

2012-10-27 21:48:07 -------- d-----w- C:\Users\Emi\AppData\Roaming\BitComet

2012-10-27 21:06:36 -------- d-----w- C:\Program Files (x86)\DealPly

2012-10-27 20:17:04 -------- d-----w- C:\Program Files (x86)\AppsAreFun

2012-10-27 20:16:46 -------- d-----w- C:\ProgramData\Premium

2012-10-27 20:16:21 -------- d-----w- C:\ProgramData\SaveAs

2012-10-27 20:15:35 -------- d-----w- C:\ProgramData\InstallMate

2012-10-27 19:15:35 -------- d-----w- C:\Users\Emi\AppData\Roaming\IMVU

2012-10-27 19:09:02 -------- d-----w- C:\Users\Emi\AppData\Roaming\IMVUClient

.

==================== Find3M ====================

.

2012-10-11 16:11:29 0 ----a-w- C:\Windows\SysWow64\sho23D8.tmp

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-09-26 08:44:36 226424 ----a-w- C:\Windows\System32\SBuySupplies.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-09-03 22:23:00 161951 ----a-w- C:\Windows\DP Animation Maker Uninstaller.exe

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-26 15:47:34 161 ----a-w- C:\Windows\SysWow64\gpupdate.bin

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll

2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll

2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll

2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll

2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll

2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe

2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll

2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe

2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe

2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll

2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 18:17:01.76 ===============

[Night_Raven]

Да видим дали ComboFix ще стартира...

 

Ако имаш антивирусна програма инсталирана, я спри, както и всякакви други излишни програми. Изтегли ComboFix (ако случайно вече имаш някаква версия, я замени) и го запази на работния плот.

Стартирай го, кликни I Agree, изчакай да се разархивира и сканира докрай. Не кликай по прозореца на инструмента. Ако бъдеш попитан(а) дали да бъде инсталирана Recovery Console, кликни Yes и потвърди след това с OK и отново Yes (два пъти). Сканирането ще продължи. Ако има нужда от рестарт, компютърът ще се рестартира автоматично. След рестарта трябва да продължи сканирането. Отново не закачай прозореца, докато той не се самозатвори. След това постави съдържанието на текстовия файл C:\ComboFix.txt тук или го прикачи към коментара си.

 

Ако не можеш да установиш връзка с интернет след използване на ComboFix, рестартирай системата.

[IRISS]

ComboFix 12-11-16.02 - Emi 17/11/2012 19:43:59.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1032.18.1909.561 [GMT 2:00]

Running from: c:\users\Emi\Downloads\ComboFix.exe

AV: Ashampoo Anti-Malware *Disabled/Updated* {1586225C-B0F7-7A3E-FBB7-F15B3A4D2579}

SP: Ashampoo Anti-Malware *Disabled/Updated* {AEE7C3B8-96CD-75B0-C107-CA2941CA6FC4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPly.crx

c:\program files (x86)\DealPly\DealPly.xpi

c:\program files (x86)\DealPly\DealPlyIE.dll

c:\program files (x86)\DealPly\DealPlyTune.dll

c:\program files (x86)\DealPly\DealPlyUpdate.exe

c:\program files (x86)\DealPly\DealPlyUpdate.log

c:\program files (x86)\DealPly\DealPlyUpdateRun.exe

c:\program files (x86)\DealPly\icon.ico

c:\program files (x86)\DealPly\uninst.exe

c:\program files (x86)\Funmoods

c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll

c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll

c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll

c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll

c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll

c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico

c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe

c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe

C:\Skype

c:\skype\SkypeSetup.exe

c:\windows\SysWow64\Winter 3D Screensaver.htm

c:\windows\XSxS

Q:\AUTORUN.INF

.

.

((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))

.

.

2012-11-17 18:05 . 2012-11-17 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-17 15:14 . 2012-11-17 15:14 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-11-17 15:14 . 2012-11-17 15:14 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-11-17 15:14 . 2012-11-17 15:14 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-11-17 15:14 . 2012-11-17 15:14 -------- d--h--w- c:\programdata\Common Files

2012-11-17 14:57 . 2012-11-17 14:57 -------- d-----w- c:\users\Emi\AppData\Local\Innovative Solutions

2012-11-17 12:46 . 2012-11-17 12:46 -------- d-----w- C:\fb9977af00c2e2b591d7c86f

2012-11-17 12:46 . 2012-11-17 12:46 -------- d-----w- C:\96e311d8e08296ae808ef2241270a5

2012-11-17 11:38 . 2012-11-17 11:38 -------- d-----w- C:\3a3eac37d1c3557dd2def9

2012-11-17 11:37 . 2012-11-17 11:38 -------- d-----w- C:\7d7444aaab06e7b2640c40e4615d

2012-11-16 20:03 . 2012-11-17 13:54 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2689F9C6-F9E2-41C9-95FA-3336E754F2A5}\offreg.dll

2012-11-16 12:37 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll

2012-11-16 12:37 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll

2012-11-16 12:37 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll

2012-11-16 12:37 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll

2012-11-16 12:37 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll

2012-11-16 12:37 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll

2012-11-16 12:37 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll

2012-11-16 12:37 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe

2012-11-16 12:37 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll

2012-11-16 12:37 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll

2012-11-16 12:37 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll

2012-11-16 12:37 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe

2012-11-16 12:32 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2689F9C6-F9E2-41C9-95FA-3336E754F2A5}\mpengine.dll

2012-11-15 17:40 . 2012-11-15 17:40 -------- d-sh--we c:\users\DEFAUL~2\86F2~1

2012-11-15 17:40 . 2012-11-17 13:51 -------- d-----w- c:\users\DefaultAppPool

2012-11-15 17:17 . 2012-11-17 11:21 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2012-11-15 17:16 . 2012-11-15 17:16 -------- d-----w- c:\windows\SysWow64\BestPractices

2012-11-15 17:16 . 2012-11-15 17:16 -------- d-----w- c:\windows\system32\msmq

2012-11-15 17:16 . 2012-11-15 17:16 -------- d-----w- c:\windows\system32\BestPractices

2012-11-15 17:15 . 2012-11-15 17:16 -------- d-----w- C:\inetpub

2012-11-15 16:08 . 2012-11-15 16:08 -------- d-----w- c:\program files\AuthenTec

2012-11-15 16:06 . 2012-11-15 16:06 -------- d-----w- c:\users\Emi\AppData\Roaming\Malwarebytes

2012-11-15 16:05 . 2012-11-15 16:05 -------- d-----w- c:\programdata\Malwarebytes

2012-11-15 16:05 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 16:05 . 2012-07-26 07:41 2560 ----a-w- c:\windows\system32\drivers\el-GR\wdf01000.sys.mui

2012-11-15 16:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-15 16:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-15 16:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-15 15:58 . 2012-10-08 11:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-15 15:58 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-15 15:58 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-15 15:58 . 2012-10-08 08:37 140960 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-11-15 15:58 . 2012-10-08 12:29 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-11-15 15:58 . 2012-10-08 11:20 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-11-15 15:58 . 2012-10-08 07:45 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll

2012-11-15 15:58 . 2012-10-08 07:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-15 15:58 . 2012-10-08 11:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-15 15:58 . 2012-10-08 11:09 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-15 15:58 . 2012-10-08 07:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-15 15:31 . 2012-11-15 16:34 -------- d-----w- c:\users\Emi\AppData\Roaming\EurekaLog

2012-11-15 15:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-15 15:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-15 15:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-15 15:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-15 15:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-15 15:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-15 15:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-15 14:42 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-11-15 14:42 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2012-11-15 14:42 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2012-11-15 14:42 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-15 14:42 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2012-11-15 14:42 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2012-11-15 14:42 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-11-15 14:42 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-11-15 14:42 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-11-15 14:40 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-15 14:40 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-15 14:40 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-15 14:40 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-15 14:40 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-15 14:40 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-11-15 14:40 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-15 14:40 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-11-15 14:40 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-11-15 14:40 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-11-15 14:40 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-15 14:40 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2012-11-15 14:35 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-15 14:35 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-15 14:35 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-15 14:35 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-15 14:35 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-15 14:33 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-15 14:33 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-10 11:12 . 2012-11-10 11:16 -------- d-----w- c:\program files (x86)\YourFileDownloader

2012-11-08 21:58 . 2012-11-08 21:58 -------- d-----w- c:\program files (x86)\IMVU_Inc

2012-11-03 12:03 . 2012-11-03 12:03 -------- d-----w- c:\users\Emi\AppData\Local\WEB2Print

2012-11-02 13:13 . 2012-11-02 13:13 -------- d-----w- C:\.cache

2012-11-02 13:11 . 2012-11-02 13:52 -------- d-----r- c:\users\Emi\MegaCloud

 

 

2012-11-02 13:09 . 2012-11-02 15:55 -------- d-----w- c:\users\Emi\AppData\Roaming\MegaCloud

2012-11-02 13:08 . 2012-11-02 13:08 -------- d-----w- c:\programdata\Web Installer

2012-10-28 13:43 . 2012-10-28 13:43 -------- d-----w- c:\programdata\GoBit Games

2012-10-28 13:35 . 2012-10-28 13:35 -------- d-----w- c:\users\Emi\AppData\Roaming\Exent Technologies

2012-10-28 13:35 . 2012-10-28 13:41 -------- d-----w- c:\users\Emi\AppData\Roaming\Supermarket Mania 2

2012-10-28 13:23 . 2012-11-06 15:59 -------- d-----w- C:\Remote Programs

2012-10-28 13:23 . 2012-10-28 13:23 -------- d-----w- c:\programdata\Free Ride Games

2012-10-28 13:23 . 2012-09-03 08:24 57824 ------w- c:\windows\ExentInfo.exe

2012-10-28 13:23 . 2012-10-28 16:23 -------- d-----w- c:\program files (x86)\Free Ride Games

2012-10-27 21:49 . 2012-10-28 08:59 -------- d-----w- C:\Downloads

2012-10-27 21:48 . 2012-11-15 17:59 -------- d-----w- c:\users\Emi\AppData\Roaming\BitComet

2012-10-27 20:17 . 2012-10-27 20:17 -------- d-----w- c:\program files (x86)\AppsAreFun

2012-10-27 20:16 . 2012-10-27 20:17 -------- d-----w- c:\programdata\Premium

2012-10-27 20:16 . 2012-10-27 21:34 -------- d-----w- c:\programdata\SaveAs

2012-10-27 20:15 . 2012-10-27 20:17 -------- d-----w- c:\programdata\InstallMate

2012-10-27 19:15 . 2012-11-17 11:27 -------- d-----w- c:\users\Emi\AppData\Roaming\IMVU

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 15:13 . 2011-11-27 08:32 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-11 16:11 . 2012-10-11 16:11 0 ----a-w- c:\windows\SysWow64\sho23D8.tmp

2012-09-26 08:44 . 2012-09-26 08:44 226424 ----a-w- c:\windows\system32\SBuySupplies.exe

2012-09-14 19:19 . 2012-10-10 19:23 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 19:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-03 22:23 . 2012-09-03 22:22 161951 ----a-w- c:\windows\DP Animation Maker Uninstaller.exe

2012-08-31 18:19 . 2012-10-10 19:24 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 19:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 19:24 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-10 19:24 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05 . 2012-10-10 19:24 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 19:24 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-12 18:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 18:21 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 18:21 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-25 18:42 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 18:48 . 2012-10-10 19:23 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-10 19:23 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-10 19:23 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-10 19:23 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-10 19:23 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-10 19:23 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-10 19:23 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-10 19:23 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-10 19:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-10 19:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-10 19:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-10 19:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-10 19:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-10 19:23 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-10 19:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2012-08-20 15:38 . 2012-10-10 19:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2012-08-20 15:38 . 2012-10-10 19:23 2048 ----a-w- c:\windows\SysWow64\user.exe

2012-08-20 15:33 . 2012-10-10 19:23 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:23 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33 . 2012-10-10 19:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll" [2011-05-09 176936]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-11-17 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Advanced Woman Calendar"="c:\programs\AdvancedWomanCalendar\Advanced Woman Calendar\WomanCalendar.exe" [2012-03-07 4168000]

"DriverMax"="c:\programs\DriverMax\drivermax.exe" [2012-10-19 11325376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]

"WinampAgent"="c:\programs\winamp5623_full_emusic-7plus_all\Winamp\winampa.exe" [2011-12-09 74752]

"Launch SilverCrest STMS 2017 A1-K"="c:\program files (x86)\SilverCrest STMS 2017 A1 Driver\KbClient_FD2.exe" [2012-07-10 1424384]

"Launch SilverCrest STMS 2017 A1-M"="c:\program files (x86)\SilverCrest STMS 2017 A1 Driver\MouClient_FD2.exe" [2012-07-10 865280]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-17 1147488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]

.

c:\users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

IMVU.lnk - c:\users\Emi\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2012-11-8 23408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\APPSAR~1\sprotector.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

R2 AAMW_WSC_Service_Vista;Ashampoo Anti-Malware WSC Service;c:\programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [2010-03-02 52616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-30 53800]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-05-27 276256]

R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-07-05 252416]

R3 Magic Desktop Server;Magic Desktop Server;c:\programs\Ommoo Magic Desktop\Magic Desktop\server\MagicDesktopServer.exe [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-11-12 25072]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-08 239136]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;?p??es?a ?e????????? e?e???p???s?? t?? Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-28 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-17 30568]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]

S2 AAMWService;Ashampoo Anti-Malware Service;c:\programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_Service.exe [2011-09-13 1313184]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 iprip;????as? RIP;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\programs\NetBalancerPro\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-02-16 10240]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-07-15 199272]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-11-17 830048]

S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-03-17 161664]

S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-19 17920]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]

S3 MouFilter_Mou_FlexDef4;HID Mouse(FlexDef4) Driver Service;c:\windows\system32\DRIVERS\MouFilter_FlexDef4.sys [2010-10-20 15360]

S3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [2011-05-18 41256]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]

S3 PCWinSoft;ScreenCamera.Net Video Camera;c:\windows\system32\DRIVERS\scrcamnetdriver_x64.sys [2012-05-09 241800]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AVGTP

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 13:27]

.

2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 13:27]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-521448404-2630859273-2988597377-1000Core.job

- c:\users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 12:10]

.

2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-521448404-2630859273-2988597377-1000UA.job

- c:\users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 12:10]

.

2012-11-17 c:\windows\Tasks\OptimizerPro1UpdaterTask{60AD2DD8-ADED-4406-9D7B-4CA6C262D661}.job

- c:\programdata\Premium\OptimizerPro1\OptimizerPro1.exe [2012-10-27 14:50]

.

2012-11-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34]

.

2012-11-17 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34]

.

2012-11-17 c:\windows\Tasks\WpsUpdateTask_Emi.job

- c:\programs\KingsoftOfficeSuiteProfessional_2012\Kingsoft Office\office6\wpsupdate.exe [2011-10-29 16:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]

@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"

[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]

2012-10-17 14:26 258224 ----a-w- c:\users\Emi\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]

"TpShocks"="TpShocks.exe" [2011-01-14 380776]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 456704]

"Ashampoo Anti-Malware Guard"="c:\programs\Ashampoo® Anti-Malware\Ashampoo Anti-Malware\AAMW_Guard.exe" [2010-08-26 3314176]

"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

mStart Page = hxxp://home.myplaycity.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

IE: Free YouTube to MP3 Converter - c:\users\Emi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0ABF717E-C69E-46D1-BFF9-C0FBE6FB487E}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{0ABF717E-C69E-46D1-BFF9-C0FBE6FB487E}\2647B6: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{D0FA6351-DAE8-449D-B303-4CFEFB21B1E6}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{F6243604-7DDA-4687-81DA-50A7529E29EC}: NameServer = 0.0.0.0

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

FF - ProfilePath - c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\

FF - prefs.js: Keyword.Enabled - true

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2612669&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=2&q=

FF - ExtSQL: 2012-09-23 17:27; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - ExtSQL: 2012-09-23 17:31; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

FF - ExtSQL: 2012-10-09 21:53; {62d40876-df18-411f-9d34-a9dd7a197bc5}; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{62d40876-df18-411f-9d34-a9dd7a197bc5}

FF - ExtSQL: 2012-10-28 00:06; 508c4318366e4@508c43183671d.com; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\508c4318366e4@508c43183671d.com

FF - ExtSQL: 2012-11-10 13:58; {90b49673-5506-483e-b92b-ca0265bd9ca8}; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}

FF - ExtSQL: 2012-11-15 17:07; badge@darktrojan.net; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\badge@darktrojan.net.xpi

FF - ExtSQL: 2012-11-15 17:10; personas@christopher.beard; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\personas@christopher.beard.xpi

FF - ExtSQL: 2012-11-15 17:10; status4evar@caligonstudios.com; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\status4evar@caligonstudios.com.xpi

FF - ExtSQL: 2012-11-15 17:10; {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}

FF - ExtSQL: 2012-11-17 13:35; support@lastpass.com; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\support@lastpass.com

FF - ExtSQL: 2012-11-17 17:11; GlassMyFox@ArisT2_Noia4dev; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\GlassMyFox@ArisT2_Noia4dev.xpi

FF - ExtSQL: 2012-11-17 17:13; TabAutoReload@schuzak.jp; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\TabAutoReload@schuzak.jp.xpi

FF - ExtSQL: 2012-11-17 17:19; StyleThing@ya.ru; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\StyleThing@ya.ru.xpi

FF - ExtSQL: 2012-11-17 17:21; restartless.restart@erikvold.com; c:\users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\akyxs1kh.default\extensions\restartless.restart@erikvold.com.xpi

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=wbst&chnl=&cd=2XzutAtN2Y1L1Qzuzz0C0AzyzztBtAzz0EyD0FyByCzz0BtAtN0D0TzutBtDtCtBtDyBtCtD&cr=1851579163

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=wbst&chnl=&cd=2XzutAtN2Y1L1Qzuzz0C0AzyzztBtAzz0EyD0FyByCzz0BtAtN0D0TzutBtDtCtBtDyBtCtD&cr=1851579163

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=wbst&chnl=&cd=2XzutAtN2Y1L1Qzuzz0C0AzyzztBtAzz0EyD0FyByCzz0BtAtN0D0TzutBtDtCtBtDyBtCtD&cr=1851579163&q=

FF - user.js: extensions.funmoods.id - f67b68b30000000000008ca98238e5f7

FF - user.js: extensions.funmoods.instlDay - 15531

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.221:21

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - wbst

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef -

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f67b68b30000000000008ca98238e5f7&q=

FF - user.js: extensions.BabylonToolbar.id - f67b68b30000000000008ca98238e5f7

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15620

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.70:25

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

user_pref('extensions.dealply.partner', 'inff');

user_pref('extensions.dealply.channel', 'infftog01');

user_pref('extensions.dealply.installId', 'v24300247995957540653192012102800063631');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '1');

user_pref('extensions.dealply.partner', 'inff');

user_pref('extensions.dealply.channel', 'infftog01');

user_pref('extensions.dealply.installId', 'v24300247995957540653192012102800063631');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '1');

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{192a6019-26d2-4611-aead-07cd7733b146} - (no file)

URLSearchHooks-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)

URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

URLSearchHooks-{62d40876-df18-411f-9d34-a9dd7a197bc5} - (no file)

BHO-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)

BHO-{192a6019-26d2-4611-aead-07cd7733b146} - (no file)

BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - (no file)

BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)

BHO-{E486E3AC-A2E3-263F-D235-6B159A3CC2E0} - (no file)

BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

Toolbar-Locked - (no file)

Toolbar-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)

Toolbar-{192a6019-26d2-4611-aead-07cd7733b146} - (no file)

Toolbar-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - (no file)

Toolbar-{D1121FE0-0145-44C9-AA35-72071AC20A9B} - (no file)

Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)

Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-DriverMax_RESTART - (no file)

Toolbar-Locked - (no file)

WebBrowser-{192A6019-26D2-4611-AEAD-07CD7733B146} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

AddRemove-KGB Archiver_is1 - c:\games\gta\KGB Archiver\unins000.exe

AddRemove-PhotoScape - c:\programs\PhotoScape 3

AddRemove-Funmoods Web Search - c:\progra~2\Funmoods\1.5.23.22\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]

"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-521448404-2630859273-2988597377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E317469-5675-C466-B29A-D2970E64B966}*]

"hahelcicemlbbmag"=hex:6b,61,69,69,6f,68,65,6a,68,69,62,63,6a,62,6f,6c,70,6f,

68,6d,70,6a,00,01

"hajcokppkijfimeo"=hex:61,62,6d,63,6b,66,70,66,6b,62,6a,6b,69,70,64,69,61,63,

6b,65,6e,61,61,6a,67,69,61,68,6b,63,63,67,70,67,00,00

"jaicdkhlnmjbjeckpabi"=hex:64,62,64,69,61,68,67,63,69,65,67,69,64,67,69,69,6a,

6d,70,68,65,70,6f,65,62,6b,6f,6f,65,6f,6e,6e,62,6d,62,65,70,61,6e,62,00,86

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-17 20:12:00

ComboFix-quarantined-files.txt 2012-11-17 18:11

.

Pre-Run: 387649859584 bytes free

Post-Run: 391831740416 bytes free

.

- - End Of File - - FF745445832011DEAB5F8C08C14172CD

[Night_Raven]

Има ли някакво подобрение? Може ли да се стартира Malwarebytes Anti-Malware?

[IRISS]

Здравейте отново мисля да помъчим Уиндоуса сега имам време. Никакво подобрение от вчера. Според мен има проблем по Net Framework , може да не е вирус

 

За Google Chrome исках да инсталирам най новата версия и излезе прозорец, че не може да се инсталира, защото липсва някакъв апдейт на Windows

[Night_Raven]

Под Safe Mode има ли проблеми със стартирането на приложения?

[IRISS]

Никаква промяна излизат същите съобщения