Dobrý den prosím o pomoc se totálně zasekaným NB. přikládám FRST log, který jse udělal po ADW cleaner a JRT.
Doufám, že nevadí pořadí ADW--JRT--FRST.
předem moc děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014
Ran by (administrator) on on 20-04-2014 15:42:23
Running from C:\Users\Ver4a\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(PasswordBox, Inc.) C:\Program Files\PasswordBox\pbbtnService.exe
(Sony Corporation) c:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Thisisu) C:\Users\Ver4a\Desktop\JRT_NEW.exe
() C:\Program Files\GrabRez\updateGrabRez.exe
() C:\Program Files\GrabRez\bin\utilGrabRez.exe
() C:\Program Files\GrabRez\bin\FilterApp_C.exe
() C:\Program Files\GrabRez\bin\GrabRez.BrowserAdapter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Ver4a\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-11-01] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-11-01] (Synaptics Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => c:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4241512 2012-03-07] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [1022352 2012-09-04] (BitTorrent, Inc.)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\Run: [PriceMeterW] => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe [309768 2014-03-13] (PriceMeter)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {186f068c-533b-11e3-a104-f0bf978d0915} - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {1f754777-393d-11e2-a10a-f0bf978d0915} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {3205294e-7208-11e2-8426-90004ed7a618} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {b0389aee-89ac-11e2-b74d-f0bf978d0915} - E:\setup.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {d9c52ceb-3226-11e2-9aa4-f0bf978d0915} - F:\Autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0AAA889C-4B45-4F35-889D-C65571E79FB3} URL = http://services.zinio.com/search?s={sea ... sonyslices
SearchScopes: HKCU - {D7D808DE-7E92-4875-9BF8-FF39837E22B0} URL = http://rover.ebay.com/rover/1/14361-113 ... earchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\PROGRA~1\SAFEPC~2\bar\1.bin\89bar.dll No File
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezBHO.dll (GrabRez)
BHO: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0F9FD977-63B0-43C5-9626-B7A7C2080744}: [NameServer]
Tcpip\..\Interfaces\{3811ACE0-8FA2-FB76-B150-F42917A9776E}: [NameServer]93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{5E142FD9-AAA9-448D-A0F3-83E0058B46CE}: [NameServer]
Tcpip\..\Interfaces\{80496C92-D6E3-4BF8-83BF-23E360EFE280}: [NameServer]93.153.117.1 93.153.117.33
FireFox:
========
FF ProfilePath: C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @richmediaplayer.com/nppluginrichmediaplayer - C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Ver4a\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: SafePCRepair - C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\89ffxtbr@SafePCRepair_89.com [2014-04-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-17]
FF HKLM\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}
FF Extension: Rich Media Player extension - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013-08-19]
FF HKLM\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files\PasswordBox\Firefox [2013-11-22]
========================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2011-01-06] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-03-07] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [189048 2011-01-29] (Sony Corporation)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-11-09] (Crawler.com)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-11-02] (TuneUp Software)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R2 Update GrabRez; C:\Program Files\GrabRez\updateGrabRez.exe [350488 2014-04-18] ()
R2 Util GrabRez; C:\Program Files\GrabRez\bin\utilGrabRez.exe [350488 2014-04-17] ()
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [64704 2011-03-05] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [546608 2011-02-18] (Sony Corporation)
S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [385336 2011-02-18] (Sony Corporation)
R3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [44736 2011-02-14] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [772800 2011-02-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [957056 2012-10-26] (Sony Corporation)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [X]
S2 SafePCRepair_89Service; C:\PROGRA~1\SAFEPC~2\bar\1.bin\89barsvc.exe [X]
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [64128 2011-02-17] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [32384 2011-02-17] (Advanced Micro Devices)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2011-02-15] (ATI Technologies, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-23] (AVG Technologies)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-11-01] (Broadcom Corporation.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-02-25] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 15:42 - 2014-04-20 15:42 - 00019210 _____ () C:\Users\Ver4a\Desktop\FRST.txt
2014-04-20 15:41 - 2014-04-20 15:42 - 00000000 ____D () C:\FRST
2014-04-20 15:39 - 2014-04-20 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Ver4a\Desktop\FRSTLauncher.exe
2014-04-20 15:34 - 2014-04-20 15:34 - 01043968 _____ (Farbar) C:\Users\Ver4a\Desktop\FRST.exe
2014-04-20 15:32 - 2014-04-20 15:32 - 00004832 _____ () C:\Users\Ver4a\Desktop\JRT.txt
2014-04-20 15:23 - 2014-04-20 15:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 15:22 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT_NEW.exe
2014-04-20 15:21 - 2014-04-20 15:21 - 01032220 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT.exe
2014-04-20 15:05 - 2014-04-20 15:05 - 00000056 _____ () C:\Windows\setupact.log
2014-04-20 15:05 - 2014-04-20 15:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 15:04 - 2014-04-20 15:04 - 00001498 _____ () C:\Windows\PFRO.log
2014-04-20 14:56 - 2014-04-20 15:03 - 00000000 ____D () C:\AdwCleaner
2014-04-20 14:55 - 2014-04-20 14:55 - 01308369 _____ () C:\Users\Ver4a\Desktop\adwcleaner.exe
2014-04-09 17:50 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 17:50 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 17:50 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:50 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 17:50 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 17:50 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 17:50 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 17:50 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-02 17:29 - 2014-04-02 17:29 - 00034534 _____ () C:\Users\Ver4a\Downloads\2. část BP_Pátková.sxw
2014-03-29 16:46 - 2014-03-29 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:30 - 2014-03-29 16:30 - 00000346 _____ () C:\Windows\Tasks\pricemeterwatcher.job
2014-03-29 16:30 - 2014-03-29 16:30 - 00000344 _____ () C:\Windows\Tasks\pricemetertask.job
2014-03-27 23:46 - 2014-03-31 15:46 - 00000084 _____ () C:\Users\Ver4a\AppData\Roaming\WB.CFG
2014-03-27 22:46 - 2014-04-20 15:05 - 00000948 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-03-27 22:46 - 2014-04-20 14:53 - 00000952 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-03-27 22:46 - 2014-04-20 14:47 - 00000292 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-03-27 22:46 - 2014-03-27 22:51 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\PriceMeter
2014-03-27 22:46 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
==================== One Month Modified Files and Folders =======
2014-04-20 15:42 - 2014-04-20 15:42 - 00019210 _____ () C:\Users\Ver4a\Desktop\FRST.txt
2014-04-20 15:42 - 2014-04-20 15:41 - 00000000 ____D () C:\FRST
2014-04-20 15:41 - 2012-02-22 20:35 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\uTorrent
2014-04-20 15:39 - 2014-04-20 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Ver4a\Desktop\FRSTLauncher.exe
2014-04-20 15:34 - 2014-04-20 15:34 - 01043968 _____ (Farbar) C:\Users\Ver4a\Desktop\FRST.exe
2014-04-20 15:32 - 2014-04-20 15:32 - 00004832 _____ () C:\Users\Ver4a\Desktop\JRT.txt
2014-04-20 15:27 - 2009-07-14 04:04 - 00000678 _____ () C:\Windows\win.ini
2014-04-20 15:23 - 2014-04-20 15:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 15:22 - 2009-07-14 06:34 - 00020608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 15:22 - 2009-07-14 06:34 - 00020608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 15:21 - 2014-04-20 15:21 - 01032220 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT.exe
2014-04-20 15:09 - 2011-09-10 19:49 - 01439438 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 15:05 - 2014-04-20 15:05 - 00000056 _____ () C:\Windows\setupact.log
2014-04-20 15:05 - 2014-04-20 15:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 15:05 - 2014-03-27 22:46 - 00000948 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-04-20 15:05 - 2014-02-20 14:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-20 15:05 - 2012-03-17 09:43 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 15:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 15:04 - 2014-04-20 15:04 - 00001498 _____ () C:\Windows\PFRO.log
2014-04-20 15:03 - 2014-04-20 14:56 - 00000000 ____D () C:\AdwCleaner
2014-04-20 15:02 - 2011-09-10 20:27 - 00000000 ____D () C:\Users\Ver4a
2014-04-20 15:01 - 2011-09-28 19:21 - 00000000 ____D () C:\ProgramData\ICQ
2014-04-20 14:55 - 2014-04-20 14:55 - 01308369 _____ () C:\Users\Ver4a\Desktop\adwcleaner.exe
2014-04-20 14:54 - 2013-01-25 18:53 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 14:53 - 2014-03-27 22:46 - 00000952 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-04-20 14:49 - 2012-03-17 09:43 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 14:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-04-20 14:47 - 2014-03-27 22:46 - 00000292 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-04-20 14:45 - 2013-01-26 19:26 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\CrashDumps
2014-04-20 13:25 - 2012-04-11 10:15 - 00000982 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job
2014-04-20 13:25 - 2012-04-11 10:15 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job
2014-04-20 11:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-20 09:55 - 2012-11-03 14:41 - 00000000 ____D () C:\Users\Ver4a\Desktop\na vyvolání
2014-04-17 12:41 - 2009-07-14 06:53 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-13 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-12 18:20 - 2010-11-20 23:01 - 01586106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 22:17 - 2011-11-14 13:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 12:23 - 2012-03-14 12:02 - 00754588 _____ () C:\test.xml
2014-04-06 17:38 - 2013-11-22 08:01 - 00000000 ____D () C:\Program Files\PasswordBox
2014-04-06 08:36 - 2014-04-20 15:22 - 01016261 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT_NEW.exe
2014-04-02 17:29 - 2014-04-02 17:29 - 00034534 _____ () C:\Users\Ver4a\Downloads\2. část BP_Pátková.sxw
2014-03-31 15:46 - 2014-03-27 23:46 - 00000084 _____ () C:\Users\Ver4a\AppData\Roaming\WB.CFG
2014-03-31 09:35 - 2012-02-13 21:49 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 02:13 - 2014-04-09 17:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 17:50 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 16:34 - 2012-08-11 18:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 16:46 - 2014-03-29 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:30 - 2014-03-29 16:30 - 00000346 _____ () C:\Windows\Tasks\pricemeterwatcher.job
2014-03-29 16:30 - 2014-03-29 16:30 - 00000344 _____ () C:\Windows\Tasks\pricemetertask.job
2014-03-27 22:51 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\PriceMeter
2014-03-27 22:46 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-03-23 18:51 - 2013-08-19 14:32 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-23 18:51 - 2013-08-19 14:31 - 00003749 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
Some content of TEMP:
====================
C:\Users\Ver4a\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\pricemetertask.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\Ver4a\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\pricemeterwatcher.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Ver4a\Desktop" je 1011 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
"C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ
"C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe
"C:\Program Files\Sony\ISB Utility\ISBMgr.exe" zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\playnowradio
C:\Users\Ver4a\AppData\Local\playnowradio\playnowradio\1.3.2.11\playnowradio.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair Search Scope Monitor
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair_89 Browser Plugin Loader
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89brmon.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile CManager
"C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive
"C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
"C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ver4a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk
C:\Users\Ver4a\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE zipperformer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ver4a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V��ezy obrazovky a spu�t�n� aplikace OneNote 2007.lnk
C:\PROGRA~1\MIF5BA~1\Office12\ONENOTEM.EXE /tsr [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
zde je log z JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Ver4a on ne 20.04.2014 at 15:23:51,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-85045441-3859974231-1480163339-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{50813CE3-DE06-4038-BFF7-D7A3B00D31D3}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Ver4a\appdata\local\{02B9A07E-6CE2-4CBE-A64C-5F3A5F2D38D9}
Successfully deleted: [Empty Folder] C:\Users\Ver4a\appdata\local\{0CC98B85-2DFE-49C9-9138-245150A79AC3}
Successfully deleted: [Empty Folder] C:\Users\Ver4a\appdata\local\{505E7DBC-7F0C-41EC-AAF9-1F8A4BC32BFE}
Successfully deleted: [Empty Folder] C:\Users\Ver4a\appdata\local\{54E84239-CEAC-43EF-A776-7FE3ECBD45C4}
Successfully deleted: [Empty Folder] C:\Users\Ver4a\appdata\local\{74D56B4B-B25E-471F-B102-1B18B5C27052}
Successfully deleted: [Empty Folder] C:\Users\Ver4a\appdata\local\{C0007EEC-84A5-42B4-9937-3848CC09AE3D}
~~~ FireFox
Successfully deleted the following from C:\Users\Ver4a\AppData\Roaming\mozilla\firefox\profiles\wavbsgy3.default\prefs.js
user_pref("browser.newtab.url", "hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrI ... 3&tsp=5199");
user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5199");
user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5199");
user_pref("extensions.toolbar.mindspark._89Members_.BUTTON_STRUCTURE", "[{\"b\":221337215,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221337216,\"c\":\"mindspark.enterse
user_pref("extensions.toolbar.mindspark._89Members_.firstKnownVersion", "6.33.3.53560");
user_pref("extensions.toolbar.mindspark._89Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=780bd79f&p2=^AW7^xpi000^YYA^");
user_pref("extensions.toolbar.mindspark._89Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._89Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._89Members_.installation.installDate", "2014042015");
user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerId", "^AW7^xpi000^YYA^");
user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerSubId", "");
user_pref("extensions.toolbar.mindspark._89Members_.installation.success", false);
user_pref("extensions.toolbar.mindspark._89Members_.isCompliantUninstallImplementation", true);
user_pref("extensions.toolbar.mindspark._89Members_.lastKnownVersion", "6.33.3.53560");
user_pref("extensions.toolbar.mindspark._89Members_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._89Members_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._89Members_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._89Members_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._89Members_.successUrl", "hxxp://safepcrepair.dl.tb.ask.com/installComplete.jhtml");
user_pref("extensions.toolbar.mindspark._89Members_.toolbarCollapsed", false);
user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");
Emptied folder: C:\Users\Ver4a\AppData\Roaming\mozilla\firefox\profiles\wavbsgy3.default\minidumps [117 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Ver4a\appdata\local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 20.04.2014 at 15:32:29,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
a zde log z ADW c.
# AdwCleaner v3.100 - Report created 20/04/2014 at 15:01:00
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ver4a - VER4A-VAIO
# Running from : C:\Users\Ver4a\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : ICQ Service
[#] Service Deleted : pricemeterliveUpdate
[#] Service Deleted : pricemeterliveUpdatem
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
[!] Folder Deleted : C:\ProgramData\PriceMeterLiveUpdate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\buenosearch LTD
Folder Deleted : C:\Program Files\Complitly
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Gophoto.it
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\Mobogenie
[!] Folder Deleted : C:\Program Files\PriceMeterLiveUpdate
Folder Deleted : C:\Program Files\SafePCRepair
Folder Deleted : C:\Program Files\SafePCRepair_89
Folder Deleted : C:\Program Files\Torntv V9.0
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\Program Files\uTorrentControl_v2
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Ver4a\.android
[!] Folder Deleted : C:\Users\Ver4a\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Ver4a\AppData\Local\Conduit
Folder Deleted : C:\Users\Ver4a\AppData\Local\genienext
Folder Deleted : C:\Users\Ver4a\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Ver4a\AppData\Local\playnowradio
Folder Deleted : C:\Users\Ver4a\AppData\Local\PriceMeterLiveUpdate
Folder Deleted : C:\Users\Ver4a\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ver4a\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Ver4a\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ver4a\AppData\LocalLow\Torntv V9.0
Folder Deleted : C:\Users\Ver4a\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Ver4a\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\buenosearch LTD
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\PriceMeterUpdater
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Ver4a\Documents\Mobogenie
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\SafePCRepair_89
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\ffxtlbr@buenosearch.com
Folder Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com
Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn
[!] Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Ver4a\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.xpi
File Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\gophoto@gophoto.it.xpi
File Deleted : C:\Users\Public\Desktop\TornTV.lnk
File Deleted : C:\Users\Ver4a\daemonprocess.txt
File Deleted : C:\Users\Ver4a\Desktop\Mobogenie.lnk
File Deleted : C:\Users\Ver4a\Desktop\TornTV.lnk
File Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\searchplugins\buenosearch.xml
File Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Torntv V9.0-chromeinstaller
File Deleted : C:\Windows\Tasks\Torntv V9.0-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Torntv V9.0-codedownloader
File Deleted : C:\Windows\Tasks\Torntv V9.0-enabler.job
File Deleted : C:\Windows\System32\Tasks\Torntv V9.0-enabler
File Deleted : C:\Windows\Tasks\Torntv V9.0-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Torntv V9.0-firefoxinstaller
File Deleted : C:\Windows\Tasks\Torntv V9.0-updater.job
File Deleted : C:\Windows\System32\Tasks\Torntv V9.0-updater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23ED98A4-97DA-4052-85B6-57328EAEC28A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23ED98A4-97DA-4052-85B6-57328EAEC28A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6124CDBF-7561-4492-B1FE-1FDCF3FC9CF1}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6124CDBF-7561-4492-B1FE-1FDCF3FC9CF1}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{316DACA3-38E7-4DA4-B769-68CC50C27E8F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0278C14D-7F00-4079-BC17-2361242B4FDD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0278C14D-7F00-4079-BC17-2361242B4FDD}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22C7E6A2-6DCE-4BA9-B2AD-5B3A39E0CC56}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C7E6A2-6DCE-4BA9-B2AD-5B3A39E0CC56}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC171CCD-5FEA-4416-BBDA-2D83338495EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC171CCD-5FEA-4416-BBDA-2D83338495EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16F98B3F-0272-4520-A51F-6CFCF9BC6ACA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16F98B3F-0272-4520-A51F-6CFCF9BC6ACA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0ECE756A-66E8-488A-8303-85083963923B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ECE756A-66E8-488A-8303-85083963923B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchHlpr
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.buenosearchESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.buenosearchESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{139332be-c543-496b-9601-baa87335a8ba}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29efaf3d-be25-45a4-9aa3-7983129454cc}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3eb64985-fac7-4fdd-bca8-23d0f5ad3d95}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5b3cd634-86e8-4c7d-9979-9881bc0ae2db}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b0850bfa-0072-4b71-90d3-2e4ac0ff0c25}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd2d3955-ce98-4f1b-8b84-39ad95668f77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e3516083-2083-496f-a568-9c50e99d372c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5bbf3ef-2e2b-4c90-802c-f916ea47ad49}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{500A3BCA-1C5A-44C6-B27B-B6AA82A9C356}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01D2B2B4-5ED6-48AD-8E6D-BB7487898490}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE46C25B-96F4-4CD5-9F47-229183D7927C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7586BB2-A6E0-4C65-BE58-4B23FAAFB348}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{828DC97A-2277-4E10-92A9-4907FA0922A9}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\buenosearch LTD
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Torntv V9.0
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\buenosearch LTD
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\Torntv V9.0
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\buenosearch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torntv V9.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v28.0 (cs)
[ File : C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\prefs.js ]
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376915082934,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376915082763,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN87826578210900287&UM=1&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "BS Player ControlBar Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&CUI=UN87826578210900287&UM=1&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=113DC2D8-0DED-47B9-9271-4873C73F8A07&n=77fd802b&p2=^AW7^xdm055^YYA^cz&si=YO_SAF_INTL_CZE_53");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.InstallationTime", 1393317204);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390_dbWasSet", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390_dbWasSet_FF25_FIX", true[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.active", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.addressbar", "NA");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.addressbarenhanced", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.backgroundver", 4);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.certdomaininstaller", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.changeprevious", false);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallationTime.value", "%221393317204%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001062%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie._GPL_aoi.value", "%221395239944%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie._GPL_parent_zoneid.value", "%22530583%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.au.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.au.value", "%222014-3-19%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.cm_page_views.expiration", "Mon Apr 21 2014 13:48:56 GMT+0200");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.cm_page_views.value", "31");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.cnt.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.cnt.value", "%22CZ%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.first_run.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.first_run.value", "%221%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.install.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.install.value", "%222014-2-25%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.jw_token.value", "%226d93b6e6-0998-07b5-ecbe-cdd411752809%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.partner_is_not_installed.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.partner_is_not_installed.value", "true");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.partner_last_seen.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.partner_last_seen.value", "1395134038176");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22hxxps%3A//extclickmedia-maynemyltf.netdna-ssl.com/Extensions/analyti[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.description", "The must-have App extensions for Television fans! Watch free TV channels, live spor[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.domain", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.enablesearch", false);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.homepage", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.iframe", false);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2296A51B865B42468BBA92E8FA3C9F2[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001062%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001062%22%2C%22sub_id%22%3A%220%2[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2296A51B865B42468BBA92[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_appVer.value", "42");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_lastVersion.value", "2");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_nextCheck.expiration", "Sun Apr 20 2014 19:55:58 GMT+0200");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.__defualt_browser__.value", "%22ff%22");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2296A51B86[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.lastDailyReport", "1397994955887");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.lastUpdate", "1397994954569");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.manifesturl", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.newtab", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.opensearch", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.pluginsurl", "hxxp://js.clientdemocloud.com/plugin/apps/51390/plugins/094/ff/plugins.json");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.pluginsversion", 37);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.publisher", "installdaddy");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.searchstatus", 0);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.setnewtab", false);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.thankyou", "");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.updateinterval", 360);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.ver", 42);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.FilesValidatorDueTime", "1397995013833");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.apps", "51390");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.bic", "144682f9fa3fd6c6522b8b7c08c92b28");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.cid", 51390);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.firstrun", false);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.hadappinstalled", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.installationdate", 1393317355);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.modetype", "production");
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.reportInstall", true);
Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.statsDailyCounter", 103);
Line Deleted : user_pref("extensions.crossrider.bic", "144682f9fa3fd6c6522b8b7c08c92b28");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.BUTTON_STRUCTURE", "[{\"b\":221337215,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221337216,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.defaultenginename.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.defaultenginename.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.selectedEngine.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.selectedEngine.tb", "Ask Web Search");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.homepage.prev", "hxxp://www.seznam.cz/");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.homepage.savedPrev", "true");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=113DC2D8-0DED-47B9-9271-4873C73F8A07&n=77fd802b&p2=^AW7^xdm055^YYA^cz&si=YO_SA[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.page.savedPrev", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.page.tb", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.firstKnownVersion", "5.71.2.61854");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=113DC2D8-0DED-47B9-9271-4873C73F8A07&n=77fd802b&p2=^AW7^xdm055^YYA^cz&si=YO_SAF_INTL_CZE_53");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.hp.lastGuardTime", 88827644);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.installDate", "2013102123");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerId", "^AW7^xdm055^YYA^cz");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerSubId", "YO_SAF_INTL_CZE_53");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.toolbarId", "113DC2D8-0DED-47B9-9271-4873C73F8A07");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1397994956561");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.lastKnownVersion", "6.33.3.53560");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.searchHistory", "valetino:the last emperor||Sazba pro zdravotní pojiatní\r\n\r\nPojistné na zdravotní pojiatní OSV je 13,5 % z vymYovacího zákla[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.toolbarCollapsed", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "safepcrepair@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=113DC2D8-0DED-47B9-9271-4873C73F8A07&n=77fd802b&ind=2013102123&p2=^AW7^xdm055^YYA^cz&si=YO_SAF_INTL_CZE_53&searchfor="[...]
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN87826578210900287&UM=1&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CU[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.machineId", "P1VTWBOJWPUMHOJTT5SSI2WPVNULK3LD2DU6VTLC0DAENAKDJBXLDCUHIUFKNALCOE5HYZDM0/KDGCFKZQKTSW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.seznam.cz/");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");
*************************
AdwCleaner[R0].txt - [57602 octets] - [20/04/2014 14:57:52]
AdwCleaner[S0].txt - [52954 octets] - [20/04/2014 15:01:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [53015 octets] ##########
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zasekaný NB- prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekaný NB- prosim o kontrolu logu
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
C:\Program Files\GrabRez
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {186f068c-533b-11e3-a104-f0bf978d0915} - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {1f754777-393d-11e2-a10a-f0bf978d0915} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {3205294e-7208-11e2-8426-90004ed7a618} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {b0389aee-89ac-11e2-b74d-f0bf978d0915} - E:\setup.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {d9c52ceb-3226-11e2-9aa4-f0bf978d0915} - F:\Autorun.exe
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0AAA889C-4B45-4F35-889D-C65571E79FB3} URL = http://services.zinio.com/search?s={sea ... sonyslices
SearchScopes: HKCU - {D7D808DE-7E92-4875-9BF8-FF39837E22B0} URL = http://rover.ebay.com/rover/1/14361-113 ... 4?satitle={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
BHO: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\PROGRA~1\SAFEPC~2\bar\1.bin\89bar.dll No File
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
C:\Program Files\SafePCRepair_89\bar
C:\Program Files\Microsoft\BingBar
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
C:\Program Files\Skype\Toolbars
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezBHO.dll (GrabRez)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll No File
FF Extension: SafePCRepair - C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\89ffxtbr@SafePCRepair_89.com [2014-04-20]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
C:\Windows\Tasks\pricemeterwatcher.job
C:\Windows\Tasks\pricemetertask.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
C:\Windows\Tasks\PriceMeterUpdater.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job
C:\Users\Ver4a\AppData\Local\Temp
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\pricemetertask.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\Ver4a\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\pricemeterwatcher.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair Search Scope Monitor
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair_89 Browser Plugin Loader
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89brmon.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE zipperformer
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekaný NB- prosim o kontrolu logu
proved jsem dle instrukcí. NB se jeví více zpomaleně než před touto akcí
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2014
Ran by Ver4a at 2014-04-20 19:59:23 Run:1
Running from C:\Users\Ver4a\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
C:\Program Files\GrabRez
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {186f068c-533b-11e3-a104-f0bf978d0915} - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {1f754777-393d-11e2-a10a-f0bf978d0915} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {3205294e-7208-11e2-8426-90004ed7a618} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {b0389aee-89ac-11e2-b74d-f0bf978d0915} - E:\setup.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {d9c52ceb-3226-11e2-9aa4-f0bf978d0915} - F:\Autorun.exe
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0AAA889C-4B45-4F35-889D-C65571E79FB3} URL = http://services.zinio.com/search?s={sea ... sonyslices
SearchScopes: HKCU - {D7D808DE-7E92-4875-9BF8-FF39837E22B0} URL = http://rover.ebay.com/rover/1/14361-113 ... 4?satitle={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
BHO: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\PROGRA~1\SAFEPC~2\bar\1.bin\89bar.dll No File
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
C:\Program Files\SafePCRepair_89\bar
C:\Program Files\Microsoft\BingBar
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
C:\Program Files\Skype\Toolbars
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezBHO.dll (GrabRez)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll No File
FF Extension: SafePCRepair - C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\89ffxtbr@SafePCRepair_89.com [2014-04-20]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
C:\Windows\Tasks\pricemeterwatcher.job
C:\Windows\Tasks\pricemetertask.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
C:\Windows\Tasks\PriceMeterUpdater.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job
C:\Users\Ver4a\AppData\Local\Temp
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\pricemetertask.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\Ver4a\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\pricemeterwatcher.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair Search Scope Monitor
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair_89 Browser Plugin Loader
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89brmon.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE zipperformer
End
*****************
"C:\Program Files\GrabRez" directory move:
C:\Program Files\GrabRez\0 => Moved successfully.
C:\Program Files\GrabRez\7za.exe => Moved successfully.
C:\Program Files\GrabRez\GrabRez.ico => Moved successfully.
C:\Program Files\GrabRez\GrabRezBHO.dll => Moved successfully.
C:\Program Files\GrabRez\GrabRezUninstall.exe => Moved successfully.
C:\Program Files\GrabRez\updateGrabRez.exe => Moved successfully.
C:\Program Files\GrabRez\updateGrabRez.InstallState => Moved successfully.
C:\Program Files\GrabRez\bin\7za.exe => Moved successfully.
C:\Program Files\GrabRez\bin\BrowserAdapterS.7z => Moved successfully.
C:\Program Files\GrabRez\bin\FilterApp_C.exe => Moved successfully.
C:\Program Files\GrabRez\bin\GrabRez.BrowserAdapter.exe => Moved successfully.
C:\Program Files\GrabRez\bin\GrabRezBAApp.dll => Moved successfully.
C:\Program Files\GrabRez\bin\sqlite3.dll => Moved successfully.
C:\Program Files\GrabRez\bin\tmpB7E5.tmp => Moved successfully.
C:\Program Files\GrabRez\bin\utilGrabRez.exe => Moved successfully.
C:\Program Files\GrabRez\bin\utilGrabRez.InstallState => Moved successfully.
C:\Program Files\GrabRez\bin\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.Bromon.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.BrowserAdapterS.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.CompatibilityChecker.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.FFUpdate.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.IEUpdate.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.PurBrowseG.dll => Moved successfully.
Could not move "C:\Program Files\GrabRez" directory. => Scheduled to move on reboot.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-85045441-3859974231-1480163339-1001 => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186f068c-533b-11e3-a104-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{186f068c-533b-11e3-a104-f0bf978d0915} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f754777-393d-11e2-a10a-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{1f754777-393d-11e2-a10a-f0bf978d0915} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3205294e-7208-11e2-8426-90004ed7a618} => Key deleted successfully.
HKCR\CLSID\{3205294e-7208-11e2-8426-90004ed7a618} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0389aee-89ac-11e2-b74d-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{b0389aee-89ac-11e2-b74d-f0bf978d0915} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9c52ceb-3226-11e2-9aa4-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{d9c52ceb-3226-11e2-9aa4-f0bf978d0915} => Key deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{be823b8c-a7ec-4078-a321-0f8046cbb48a} => Value deleted successfully.
HKCR\CLSID\{be823b8c-a7ec-4078-a321-0f8046cbb48a} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AAA889C-4B45-4F35-889D-C65571E79FB3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0AAA889C-4B45-4F35-889D-C65571E79FB3} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7D808DE-7E92-4875-9BF8-FF39837E22B0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D7D808DE-7E92-4875-9BF8-FF39837E22B0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
C:\Program Files\McAfee Security Scan => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fc509df-4b29-4ab3-96e6-47c178d60287} => Key deleted successfully.
HKCR\CLSID\{1fc509df-4b29-4ab3-96e6-47c178d60287} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9} => Key deleted successfully.
HKCR\CLSID\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9} => Key deleted successfully.
"C:\Program Files\SafePCRepair_89\bar" => File/Directory not found.
C:\Program Files\Microsoft\BingBar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
C:\Program Files\Skype\Toolbars => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key deleted successfully.
HKCR\CLSID\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} => Value deleted successfully.
HKCR\CLSID\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} => Key deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key deleted successfully.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\MozillaPlugins\@SafePCRepair_89.com/Plugin => Key deleted successfully.
C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll not found.
C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\89ffxtbr@SafePCRepair_89.com => Moved successfully.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service stopped successfully.
c2cpnrsvc => Service deleted successfully.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\pricemeterwatcher.job => Moved successfully.
C:\Windows\Tasks\pricemetertask.job => Moved successfully.
"C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job" => File/Directory not found.
"C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job" => File/Directory not found.
C:\Windows\Tasks\PriceMeterUpdater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job => Moved successfully.
"C:\Users\Ver4a\AppData\Local\Temp" directory move:
C:\Users\Ver4a\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Ver4a\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Ver4a\AppData\Local\Temp\JRT.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\modules00 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\modules11 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\preferences => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\toolbar_log.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7223.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7281.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7282.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7283.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7284.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C26.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C46.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C47.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C48.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C49.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9ECD.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9EDE.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9EDF.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9EE0.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9F10.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA7B8.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA869.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA95F.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA9ED.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA9EE.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\~B654.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\~B654.tmp => Moved successfully.
Could not move "C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies" => Scheduled to move on reboot.
Could not move "C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies-journal" => Scheduled to move on reboot.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_0 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_1 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_2 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_3 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000001 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000002 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000003 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000004 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000005 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\index => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\Cookies => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\Cookies-journal => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_0 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_1 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_2 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_3 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000001 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000002 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000003 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000004 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000005 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\index => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\OICE_2D5C4FCB-EF55-4C3F-9448-449AA9FD97B4.0\EA115E4C. not found.
C:\Users\Ver4a\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPID_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPID_files.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPPATHS.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHR_open_x64.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHR_open_x86.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CLSID_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\delorphans.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\ELEVATIONPOLICY_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\EXT.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FF_open_x64.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FF_open_x86.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FWCLSID.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FWPolicy.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IE_open_x64.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IE_open_x86.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\INTERFACE_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\JRT.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\MENUEXT.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\modules.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\modules.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\moduleservices.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\NOTIFY.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\PREAPPROVED_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\PRODUCTS.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhcr.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_and_hklm_allow.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_software_appdatalow.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhklm_software_classes.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGISTRYUSERSID.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\S1518COMPONENTS.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\SETTINGS_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\STATS_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\TRACING.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\TYPELIB_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\UNINSTALL.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\UpgradeCodes.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\WOW6432NODE.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERDNT.E_E => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERUNT.LOC => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\README.TXT => Moved successfully.
Could not move "C:\Users\Ver4a\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\pricemetertask.job not found.
C:\Windows\Tasks\PriceMeterUpdater.job not found.
C:\Windows\Tasks\pricemeterwatcher.job not found.
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe /m=2 /w /h [x]" => File/Directory not found.
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89brmon.exe [x]" => File/Directory not found.
"C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE zipperformer" => File/Directory not found.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-20 20:02:14)<=
C:\Program Files\GrabRez => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies => Is moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies-journal => Is moved successfully.
C:\Users\Ver4a\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2014
Ran by Ver4a at 2014-04-20 19:59:23 Run:1
Running from C:\Users\Ver4a\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
C:\Program Files\GrabRez
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {186f068c-533b-11e3-a104-f0bf978d0915} - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {1f754777-393d-11e2-a10a-f0bf978d0915} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {3205294e-7208-11e2-8426-90004ed7a618} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {b0389aee-89ac-11e2-b74d-f0bf978d0915} - E:\setup.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {d9c52ceb-3226-11e2-9aa4-f0bf978d0915} - F:\Autorun.exe
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0AAA889C-4B45-4F35-889D-C65571E79FB3} URL = http://services.zinio.com/search?s={sea ... sonyslices
SearchScopes: HKCU - {D7D808DE-7E92-4875-9BF8-FF39837E22B0} URL = http://rover.ebay.com/rover/1/14361-113 ... 4?satitle={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
BHO: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\PROGRA~1\SAFEPC~2\bar\1.bin\89bar.dll No File
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll No File
C:\Program Files\SafePCRepair_89\bar
C:\Program Files\Microsoft\BingBar
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
C:\Program Files\Skype\Toolbars
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezBHO.dll (GrabRez)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll No File
FF Extension: SafePCRepair - C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\89ffxtbr@SafePCRepair_89.com [2014-04-20]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
C:\Windows\Tasks\pricemeterwatcher.job
C:\Windows\Tasks\pricemetertask.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
C:\Windows\Tasks\PriceMeterUpdater.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job
C:\Users\Ver4a\AppData\Local\Temp
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job => C:\Users\Ver4a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
Task: C:\Windows\Tasks\pricemetertask.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
Task: C:\Windows\Tasks\PriceMeterUpdater.job => C:\Users\Ver4a\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\pricemeterwatcher.job => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair Search Scope Monitor
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe" /m=2 /w /h [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafePCRepair_89 Browser Plugin Loader
C:\PROGRA~1\SAFEPC~2\bar\1.bin\89brmon.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE zipperformer
End
*****************
"C:\Program Files\GrabRez" directory move:
C:\Program Files\GrabRez\0 => Moved successfully.
C:\Program Files\GrabRez\7za.exe => Moved successfully.
C:\Program Files\GrabRez\GrabRez.ico => Moved successfully.
C:\Program Files\GrabRez\GrabRezBHO.dll => Moved successfully.
C:\Program Files\GrabRez\GrabRezUninstall.exe => Moved successfully.
C:\Program Files\GrabRez\updateGrabRez.exe => Moved successfully.
C:\Program Files\GrabRez\updateGrabRez.InstallState => Moved successfully.
C:\Program Files\GrabRez\bin\7za.exe => Moved successfully.
C:\Program Files\GrabRez\bin\BrowserAdapterS.7z => Moved successfully.
C:\Program Files\GrabRez\bin\FilterApp_C.exe => Moved successfully.
C:\Program Files\GrabRez\bin\GrabRez.BrowserAdapter.exe => Moved successfully.
C:\Program Files\GrabRez\bin\GrabRezBAApp.dll => Moved successfully.
C:\Program Files\GrabRez\bin\sqlite3.dll => Moved successfully.
C:\Program Files\GrabRez\bin\tmpB7E5.tmp => Moved successfully.
C:\Program Files\GrabRez\bin\utilGrabRez.exe => Moved successfully.
C:\Program Files\GrabRez\bin\utilGrabRez.InstallState => Moved successfully.
C:\Program Files\GrabRez\bin\{0602868e-3e6e-4d93-81e8-5b2290f620ba}.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.Bromon.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.BrowserAdapterS.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.CompatibilityChecker.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.FFUpdate.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.IEUpdate.dll => Moved successfully.
C:\Program Files\GrabRez\bin\plugins\GrabRez.PurBrowseG.dll => Moved successfully.
Could not move "C:\Program Files\GrabRez" directory. => Scheduled to move on reboot.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-85045441-3859974231-1480163339-1001 => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{186f068c-533b-11e3-a104-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{186f068c-533b-11e3-a104-f0bf978d0915} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f754777-393d-11e2-a10a-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{1f754777-393d-11e2-a10a-f0bf978d0915} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3205294e-7208-11e2-8426-90004ed7a618} => Key deleted successfully.
HKCR\CLSID\{3205294e-7208-11e2-8426-90004ed7a618} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0389aee-89ac-11e2-b74d-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{b0389aee-89ac-11e2-b74d-f0bf978d0915} => Key deleted successfully.
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9c52ceb-3226-11e2-9aa4-f0bf978d0915} => Key deleted successfully.
HKCR\CLSID\{d9c52ceb-3226-11e2-9aa4-f0bf978d0915} => Key deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{be823b8c-a7ec-4078-a321-0f8046cbb48a} => Value deleted successfully.
HKCR\CLSID\{be823b8c-a7ec-4078-a321-0f8046cbb48a} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AAA889C-4B45-4F35-889D-C65571E79FB3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0AAA889C-4B45-4F35-889D-C65571E79FB3} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7D808DE-7E92-4875-9BF8-FF39837E22B0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D7D808DE-7E92-4875-9BF8-FF39837E22B0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
C:\Program Files\McAfee Security Scan => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fc509df-4b29-4ab3-96e6-47c178d60287} => Key deleted successfully.
HKCR\CLSID\{1fc509df-4b29-4ab3-96e6-47c178d60287} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9} => Key deleted successfully.
HKCR\CLSID\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9} => Key deleted successfully.
"C:\Program Files\SafePCRepair_89\bar" => File/Directory not found.
C:\Program Files\Microsoft\BingBar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
C:\Program Files\Skype\Toolbars => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key deleted successfully.
HKCR\CLSID\{e1420d09-acc8-4efd-9965-e7ae3c5b977c} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} => Value deleted successfully.
HKCR\CLSID\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} => Key deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key deleted successfully.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\MozillaPlugins\@SafePCRepair_89.com/Plugin => Key deleted successfully.
C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll not found.
C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default\Extensions\89ffxtbr@SafePCRepair_89.com => Moved successfully.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service stopped successfully.
c2cpnrsvc => Service deleted successfully.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\pricemeterwatcher.job => Moved successfully.
C:\Windows\Tasks\pricemetertask.job => Moved successfully.
"C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job" => File/Directory not found.
"C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job" => File/Directory not found.
C:\Windows\Tasks\PriceMeterUpdater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job => Moved successfully.
"C:\Users\Ver4a\AppData\Local\Temp" directory move:
C:\Users\Ver4a\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Ver4a\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Ver4a\AppData\Local\Temp\JRT.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\modules00 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\modules11 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\preferences => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\toolbar_log.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7223.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7281.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7282.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7283.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7284.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C26.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C46.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C47.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C48.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt7C49.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9ECD.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9EDE.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9EDF.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9EE0.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\utt9F10.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA7B8.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA869.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA95F.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA9ED.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\uttA9EE.tmp => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\~B654.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\~B654.tmp => Moved successfully.
Could not move "C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies" => Scheduled to move on reboot.
Could not move "C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies-journal" => Scheduled to move on reboot.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_0 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_1 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_2 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\data_3 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000001 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000002 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000003 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000004 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\f_000005 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\index => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\Cookies => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\Cookies-journal => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_0 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_1 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_2 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\data_3 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000001 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000002 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000003 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000004 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\f_000005 => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir4424_3151\index => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\OICE_2D5C4FCB-EF55-4C3F-9448-449AA9FD97B4.0\EA115E4C. not found.
C:\Users\Ver4a\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPID_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPID_files.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPPATHS.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHR_open_x64.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CHR_open_x86.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CLSID_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\delorphans.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\ELEVATIONPOLICY_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\EXT.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FF_open_x64.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FF_open_x86.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FWCLSID.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\FWPolicy.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IE_open_x64.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IE_open_x86.reg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\INTERFACE_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\JRT.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\MENUEXT.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\modules.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\modules.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\moduleservices.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\NOTIFY.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\PREAPPROVED_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\PRODUCTS.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhcr.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_and_hklm_allow.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_software_appdatalow.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGhklm_software_classes.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\REGISTRYUSERSID.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\S1518COMPONENTS.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\SETTINGS_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\STATS_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\TRACING.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\TYPELIB_clsid.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\UNINSTALL.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\UpgradeCodes.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\WOW6432NODE.dat => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERDNT.E_E => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\ERUNT.LOC => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\jrt\erunt\README.TXT => Moved successfully.
Could not move "C:\Users\Ver4a\AppData\Local\Temp" directory. => Scheduled to move on reboot.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\pricemetertask.job not found.
C:\Windows\Tasks\PriceMeterUpdater.job not found.
C:\Windows\Tasks\pricemeterwatcher.job not found.
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89srchmn.exe /m=2 /w /h [x]" => File/Directory not found.
"C:\PROGRA~1\SAFEPC~2\bar\1.bin\89brmon.exe [x]" => File/Directory not found.
"C:\PROGRA~1\MCAFEE~1\307523~1.318\SSSCHE~1.EXE zipperformer" => File/Directory not found.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-20 20:02:14)<=
C:\Program Files\GrabRez => Moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies => Is moved successfully.
C:\Users\Ver4a\AppData\Local\Temp\scoped_dir6124_22042\Cookies-journal => Is moved successfully.
C:\Users\Ver4a\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekaný NB- prosim o kontrolu logu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekaný NB- prosim o kontrolu logu
před tímto smazáním to bylo celkem OK, ale po tomto smazaní system startuje pomaleji a celkově vše trvá poměrně dlouho než něco naběhne :/ co stím?
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekaný NB- prosim o kontrolu logu
Byly mázány pouze AdWary a zbytečnosti. Zkuste obnovu systému k datu, kdy korektně fungoval.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zasekaný NB- prosim o kontrolu logu
OK jdu na to jen malá technická když přejdu na bod obnovení před smazaním nezůstane tam i ta havěť?
Re: Zasekaný NB- prosim o kontrolu logu
obnova hotova...změna nic moc :/ procistil jsem znova adw cleanerem a JRT a udělal log prosím ještě o kontrolu zda to je v pořádku. Moc děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014 02
Ran by Ver4a (administrator) on VER4A-VAIO on 20-04-2014 22:39:18
Running from C:\Users\Ver4a\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(PasswordBox, Inc.) C:\Program Files\PasswordBox\pbbtnService.exe
(Sony Corporation) c:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Program Files\GrabRez\updateGrabRez.exe
() C:\Program Files\GrabRez\bin\utilGrabRez.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(PriceMeter) C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
() C:\Program Files\GrabRez\bin\FilterApp_C.exe
() C:\Program Files\GrabRez\bin\GrabRez.BrowserAdapter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-11-01] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-11-01] (Synaptics Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => c:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [1022352 2012-09-04] (BitTorrent, Inc.)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\Run: [PriceMeterW] => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe [309768 2014-03-13] (PriceMeter)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {186f068c-533b-11e3-a104-f0bf978d0915} - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {1f754777-393d-11e2-a10a-f0bf978d0915} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {3205294e-7208-11e2-8426-90004ed7a618} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {b0389aee-89ac-11e2-b74d-f0bf978d0915} - E:\setup.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {d9c52ceb-3226-11e2-9aa4-f0bf978d0915} - F:\Autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5199
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0AAA889C-4B45-4F35-889D-C65571E79FB3} URL = http://services.zinio.com/search?s={sea ... sonyslices
SearchScopes: HKCU - {50813CE3-DE06-4038-BFF7-D7A3B00D31D3} URL = http://search.conduit.com/ResultsExt.as ... =CT3220468
SearchScopes: HKCU - {D7D808DE-7E92-4875-9BF8-FF39837E22B0} URL = http://rover.ebay.com/rover/1/14361-113 ... earchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll (MindSpark)
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll (MindSpark)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezBHO.dll (GrabRez)
BHO: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
BHO: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll (MindSpark)
Toolbar: HKLM - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0F9FD977-63B0-43C5-9626-B7A7C2080744}: [NameServer]
Tcpip\..\Interfaces\{3811ACE0-8FA2-FB76-B150-F42917A9776E}: [NameServer]93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{5E142FD9-AAA9-448D-A0F3-83E0058B46CE}: [NameServer]
Tcpip\..\Interfaces\{80496C92-D6E3-4BF8-83BF-23E360EFE280}: [NameServer]93.153.117.1 93.153.117.33
FireFox:
========
FF ProfilePath: C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default
FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrI ... 3&tsp=5199
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @richmediaplayer.com/nppluginrichmediaplayer - C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Ver4a\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-17]
FF HKLM\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}
FF Extension: Rich Media Player extension - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013-08-19]
FF HKLM\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files\PasswordBox\Firefox [2013-11-22]
========================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2011-01-06] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
S2 pricemeterliveUpdate; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-03-27] (PriceMeter)
S3 pricemeterliveUpdatem; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-03-27] (PriceMeter)
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-10-21] (COMPANYVERS_NAME)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [189048 2011-01-29] (Sony Corporation)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-11-09] (Crawler.com)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-11-02] (TuneUp Software)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R2 Update GrabRez; C:\Program Files\GrabRez\updateGrabRez.exe [350488 2014-04-18] ()
R2 Util GrabRez; C:\Program Files\GrabRez\bin\utilGrabRez.exe [350488 2014-04-17] ()
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [64704 2011-03-05] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [546608 2011-02-18] (Sony Corporation)
S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [385336 2011-02-18] (Sony Corporation)
R3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [44736 2011-02-14] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [772800 2011-02-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [957056 2012-10-26] (Sony Corporation)
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [64128 2011-02-17] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [32384 2011-02-17] (Advanced Micro Devices)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2011-02-15] (ATI Technologies, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-23] (AVG Technologies)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-11-01] (Broadcom Corporation.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-02-25] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 22:37 - 2014-04-20 22:37 - 01044480 _____ (Farbar) C:\Users\Ver4a\Desktop\FRST.exe
2014-04-20 22:22 - 2014-04-20 22:22 - 01037278 _____ () C:\Users\Ver4a\Desktop\adwcleaner.exe
2014-04-20 22:21 - 2014-04-20 22:21 - 01032220 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT.exe
2014-04-20 22:17 - 2014-04-20 22:17 - 00000000 _____ () C:\Users\Ver4a\daemonprocess.txt
2014-04-20 22:16 - 2014-04-20 22:16 - 00002039 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-20 22:15 - 2014-04-20 22:15 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-20 15:43 - 2014-04-20 15:44 - 00035763 _____ () C:\Users\Ver4a\Desktop\Addition.txt
2014-04-20 15:42 - 2014-04-20 22:39 - 00020473 _____ () C:\Users\Ver4a\Desktop\FRST.txt
2014-04-20 15:41 - 2014-04-20 22:39 - 00000000 ____D () C:\FRST
2014-04-20 15:23 - 2014-04-20 15:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 15:22 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT_NEW.exe
2014-04-20 14:56 - 2014-04-20 22:32 - 00000000 ____D () C:\AdwCleaner
2014-04-09 17:50 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 17:50 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 17:50 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:50 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 17:50 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 17:50 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 17:50 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 17:50 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-02 17:29 - 2014-04-02 17:29 - 00034534 _____ () C:\Users\Ver4a\Downloads\2. část BP_Pátková.sxw
2014-03-29 16:46 - 2014-03-29 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:30 - 2014-03-29 16:30 - 00000346 _____ () C:\Windows\Tasks\pricemeterwatcher.job
2014-03-29 16:30 - 2014-03-29 16:30 - 00000344 _____ () C:\Windows\Tasks\pricemetertask.job
2014-03-27 23:46 - 2014-03-31 15:46 - 00000084 _____ () C:\Users\Ver4a\AppData\Roaming\WB.CFG
2014-03-27 22:46 - 2014-04-20 22:33 - 00000948 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-03-27 22:46 - 2014-04-20 22:15 - 00000000 ____D () C:\Program Files\PriceMeterLiveUpdate
2014-03-27 22:46 - 2014-04-20 22:13 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\PriceMeterUpdater
2014-03-27 22:46 - 2014-04-20 22:13 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\buenosearch LTD
2014-03-27 22:46 - 2014-04-20 22:12 - 00000000 ____D () C:\Program Files\buenosearch LTD
2014-03-27 22:46 - 2014-04-20 10:51 - 00000952 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-03-27 22:46 - 2014-04-20 10:47 - 00000292 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-03-27 22:46 - 2014-03-27 22:51 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\PriceMeter
2014-03-27 22:46 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
==================== One Month Modified Files and Folders =======
2014-04-20 22:39 - 2014-04-20 15:42 - 00020473 _____ () C:\Users\Ver4a\Desktop\FRST.txt
2014-04-20 22:39 - 2014-04-20 15:41 - 00000000 ____D () C:\FRST
2014-04-20 22:39 - 2012-02-22 20:35 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\uTorrent
2014-04-20 22:37 - 2014-04-20 22:37 - 01044480 _____ (Farbar) C:\Users\Ver4a\Desktop\FRST.exe
2014-04-20 22:37 - 2011-09-10 19:49 - 01451235 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 22:34 - 2014-02-25 10:34 - 00001494 _____ () C:\Windows\Tasks\Torntv V9.0-updater.job
2014-04-20 22:34 - 2014-02-25 10:33 - 00003080 _____ () C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job
2014-04-20 22:34 - 2014-02-25 10:33 - 00002398 _____ () C:\Windows\Tasks\Torntv V9.0-firefoxinstaller.job
2014-04-20 22:34 - 2009-07-14 04:04 - 00000678 _____ () C:\Windows\win.ini
2014-04-20 22:33 - 2014-03-27 22:46 - 00000948 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-04-20 22:33 - 2014-02-25 10:34 - 00001438 _____ () C:\Windows\Tasks\Torntv V9.0-codedownloader.job
2014-04-20 22:33 - 2014-02-25 10:34 - 00001328 _____ () C:\Windows\Tasks\Torntv V9.0-enabler.job
2014-04-20 22:33 - 2014-02-20 14:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-20 22:33 - 2014-02-09 12:52 - 00007062 _____ () C:\Windows\setupact.log
2014-04-20 22:33 - 2012-03-17 09:43 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 22:33 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 22:32 - 2014-04-20 14:56 - 00000000 ____D () C:\AdwCleaner
2014-04-20 22:32 - 2009-07-14 06:34 - 00020608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 22:32 - 2009-07-14 06:34 - 00020608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 22:28 - 2014-02-25 10:37 - 00000000 ____D () C:\Program Files\Mobogenie
2014-04-20 22:25 - 2012-04-11 10:15 - 00000982 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job
2014-04-20 22:22 - 2014-04-20 22:22 - 01037278 _____ () C:\Users\Ver4a\Desktop\adwcleaner.exe
2014-04-20 22:21 - 2014-04-20 22:21 - 01032220 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT.exe
2014-04-20 22:18 - 2014-02-25 10:38 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\newnext.me
2014-04-20 22:17 - 2014-04-20 22:17 - 00000000 _____ () C:\Users\Ver4a\daemonprocess.txt
2014-04-20 22:17 - 2014-02-25 10:38 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\Mobogenie
2014-04-20 22:17 - 2011-09-10 20:27 - 00000000 ____D () C:\Users\Ver4a
2014-04-20 22:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-04-20 22:16 - 2014-04-20 22:16 - 00002039 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-20 22:16 - 2009-07-14 04:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-04-20 22:15 - 2014-04-20 22:15 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-20 22:15 - 2014-03-27 22:46 - 00000000 ____D () C:\Program Files\PriceMeterLiveUpdate
2014-04-20 22:15 - 2014-02-25 10:33 - 00000000 ____D () C:\Program Files\Torntv V9.0
2014-04-20 22:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-20 22:13 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\PriceMeterUpdater
2014-04-20 22:13 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\buenosearch LTD
2014-04-20 22:13 - 2014-02-25 10:38 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\genienext
2014-04-20 22:13 - 2014-02-25 10:37 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-04-20 22:13 - 2013-12-15 14:22 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\playnowradio
2014-04-20 22:13 - 2013-10-21 20:59 - 00000000 ____D () C:\Program Files\SafePCRepair
2014-04-20 22:13 - 2013-10-21 20:58 - 00000000 ____D () C:\Program Files\SafePCRepair_89
2014-04-20 22:13 - 2013-08-19 14:31 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-20 22:13 - 2013-05-05 10:38 - 00000000 ___RD () C:\Program Files\Skype
2014-04-20 22:13 - 2012-08-11 20:19 - 00000000 ____D () C:\Users\Veronica
2014-04-20 22:13 - 2011-09-10 19:54 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-20 22:12 - 2014-03-27 22:46 - 00000000 ____D () C:\Program Files\buenosearch LTD
2014-04-20 22:12 - 2014-02-25 10:34 - 00000000 ____D () C:\Program Files\GrabRez
2014-04-20 22:12 - 2013-08-19 14:31 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-04-20 22:12 - 2013-01-25 18:53 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-20 22:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-20 15:44 - 2014-04-20 15:43 - 00035763 _____ () C:\Users\Ver4a\Desktop\Addition.txt
2014-04-20 15:23 - 2014-04-20 15:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 14:45 - 2013-01-26 19:26 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\CrashDumps
2014-04-20 11:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-20 10:54 - 2013-01-25 18:53 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 10:51 - 2014-03-27 22:46 - 00000952 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-04-20 10:50 - 2012-03-17 09:43 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 10:47 - 2014-03-27 22:46 - 00000292 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-04-20 09:55 - 2012-11-03 14:41 - 00000000 ____D () C:\Users\Ver4a\Desktop\na vyvolání
2014-04-18 13:25 - 2012-04-11 10:15 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job
2014-04-17 12:41 - 2009-07-14 06:53 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-13 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-12 18:20 - 2010-11-20 23:01 - 01586106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 22:17 - 2011-11-14 13:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 12:23 - 2012-03-14 12:02 - 00754588 _____ () C:\test.xml
2014-04-06 17:38 - 2013-11-22 08:01 - 00000000 ____D () C:\Program Files\PasswordBox
2014-04-06 08:36 - 2014-04-20 15:22 - 01016261 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT_NEW.exe
2014-04-02 17:29 - 2014-04-02 17:29 - 00034534 _____ () C:\Users\Ver4a\Downloads\2. část BP_Pátková.sxw
2014-03-31 15:46 - 2014-03-27 23:46 - 00000084 _____ () C:\Users\Ver4a\AppData\Roaming\WB.CFG
2014-03-31 09:35 - 2012-02-13 21:49 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 02:13 - 2014-04-09 17:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 17:50 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 16:34 - 2012-08-11 18:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 16:46 - 2014-03-29 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:30 - 2014-03-29 16:30 - 00000346 _____ () C:\Windows\Tasks\pricemeterwatcher.job
2014-03-29 16:30 - 2014-03-29 16:30 - 00000344 _____ () C:\Windows\Tasks\pricemetertask.job
2014-03-28 11:13 - 2014-02-25 18:03 - 00005120 _____ () C:\Windows\PFRO.log
2014-03-27 22:51 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\PriceMeter
2014-03-27 22:46 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-03-23 18:51 - 2013-08-19 14:32 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-23 18:51 - 2013-08-19 14:31 - 00003749 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
Some content of TEMP:
====================
C:\Users\Ver4a\AppData\Local\Temp\Quarantine.exe
C:\Users\Ver4a\AppData\Local\Temp\setup__6272.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 15:32
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2014 02
Ran by Ver4a (administrator) on VER4A-VAIO on 20-04-2014 22:39:18
Running from C:\Users\Ver4a\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(PasswordBox, Inc.) C:\Program Files\PasswordBox\pbbtnService.exe
(Sony Corporation) c:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
() C:\Program Files\GrabRez\updateGrabRez.exe
() C:\Program Files\GrabRez\bin\utilGrabRez.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(PriceMeter) C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
() C:\Program Files\GrabRez\bin\FilterApp_C.exe
() C:\Program Files\GrabRez\bin\GrabRez.BrowserAdapter.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(PriceMeter) C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeter.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-11-01] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1873192 2010-11-01] (Synaptics Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => c:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [1022352 2012-09-04] (BitTorrent, Inc.)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\Run: [PriceMeterW] => C:\Users\Ver4a\AppData\Local\PriceMeter\pricemeterw.exe [309768 2014-03-13] (PriceMeter)
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {186f068c-533b-11e3-a104-f0bf978d0915} - F:\LaunchU3.exe -a
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {1f754777-393d-11e2-a10a-f0bf978d0915} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {3205294e-7208-11e2-8426-90004ed7a618} - F:\Autorun.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {b0389aee-89ac-11e2-b74d-f0bf978d0915} - E:\setup.exe
HKU\S-1-5-21-85045441-3859974231-1480163339-1001\...\MountPoints2: {d9c52ceb-3226-11e2-9aa4-f0bf978d0915} - F:\Autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5199
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.eu/vaioportal
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - (No Name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0AAA889C-4B45-4F35-889D-C65571E79FB3} URL = http://services.zinio.com/search?s={sea ... sonyslices
SearchScopes: HKCU - {50813CE3-DE06-4038-BFF7-D7A3B00D31D3} URL = http://search.conduit.com/ResultsExt.as ... =CT3220468
SearchScopes: HKCU - {D7D808DE-7E92-4875-9BF8-FF39837E22B0} URL = http://rover.ebay.com/rover/1/14361-113 ... earchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll (MindSpark)
BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll (MindSpark)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: GrabRez - {e1420d09-acc8-4efd-9965-e7ae3c5b977c} - C:\Program Files\GrabRez\GrabRezBHO.dll (GrabRez)
BHO: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)
BHO: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll (MindSpark)
Toolbar: HKLM - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0F9FD977-63B0-43C5-9626-B7A7C2080744}: [NameServer]
Tcpip\..\Interfaces\{3811ACE0-8FA2-FB76-B150-F42917A9776E}: [NameServer]93.153.117.1 93.153.117.33
Tcpip\..\Interfaces\{5E142FD9-AAA9-448D-A0F3-83E0058B46CE}: [NameServer]
Tcpip\..\Interfaces\{80496C92-D6E3-4BF8-83BF-23E360EFE280}: [NameServer]93.153.117.1 93.153.117.33
FireFox:
========
FF ProfilePath: C:\Users\Ver4a\AppData\Roaming\Mozilla\Firefox\Profiles\wavbsgy3.default
FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrI ... 3&tsp=5199
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @richmediaplayer.com/nppluginrichmediaplayer - C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Ver4a\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-17]
FF HKLM\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}
FF Extension: Rich Media Player extension - C:\Users\Ver4a\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013-08-19]
FF HKLM\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files\PasswordBox\Firefox [2013-11-22]
========================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [284160 2011-01-06] (Advanced Micro Devices, Inc.)
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [140224 2010-06-17] (Advanced Micro Devices)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
S2 pricemeterliveUpdate; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-03-27] (PriceMeter)
S3 pricemeterliveUpdatem; C:\Program Files\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-03-27] (PriceMeter)
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-10-21] (COMPANYVERS_NAME)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [189048 2011-01-29] (Sony Corporation)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587472 2012-11-09] (Crawler.com)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-11-02] (TuneUp Software)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R2 Update GrabRez; C:\Program Files\GrabRez\updateGrabRez.exe [350488 2014-04-18] ()
R2 Util GrabRez; C:\Program Files\GrabRez\bin\utilGrabRez.exe [350488 2014-04-17] ()
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [64704 2011-03-05] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [546608 2011-02-18] (Sony Corporation)
S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [385336 2011-02-18] (Sony Corporation)
R3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [44736 2011-02-14] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [772800 2011-02-28] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [957056 2012-10-26] (Sony Corporation)
S2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [X]
==================== Drivers (Whitelisted) ====================
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [64128 2011-02-17] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [32384 2011-02-17] (Advanced Micro Devices)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [102416 2011-02-15] (ATI Technologies, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-23] (AVG Technologies)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [297000 2010-11-01] (Broadcom Corporation.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
R1 wStLibG; C:\Windows\System32\drivers\wStLibG.sys [52920 2014-02-25] (StdLib)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 22:37 - 2014-04-20 22:37 - 01044480 _____ (Farbar) C:\Users\Ver4a\Desktop\FRST.exe
2014-04-20 22:22 - 2014-04-20 22:22 - 01037278 _____ () C:\Users\Ver4a\Desktop\adwcleaner.exe
2014-04-20 22:21 - 2014-04-20 22:21 - 01032220 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT.exe
2014-04-20 22:17 - 2014-04-20 22:17 - 00000000 _____ () C:\Users\Ver4a\daemonprocess.txt
2014-04-20 22:16 - 2014-04-20 22:16 - 00002039 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-20 22:15 - 2014-04-20 22:15 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-20 15:43 - 2014-04-20 15:44 - 00035763 _____ () C:\Users\Ver4a\Desktop\Addition.txt
2014-04-20 15:42 - 2014-04-20 22:39 - 00020473 _____ () C:\Users\Ver4a\Desktop\FRST.txt
2014-04-20 15:41 - 2014-04-20 22:39 - 00000000 ____D () C:\FRST
2014-04-20 15:23 - 2014-04-20 15:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 15:22 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT_NEW.exe
2014-04-20 14:56 - 2014-04-20 22:32 - 00000000 ____D () C:\AdwCleaner
2014-04-09 17:50 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 17:50 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 17:50 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:50 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 17:50 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 17:50 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 17:50 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 17:50 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-02 17:29 - 2014-04-02 17:29 - 00034534 _____ () C:\Users\Ver4a\Downloads\2. část BP_Pátková.sxw
2014-03-29 16:46 - 2014-03-29 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:30 - 2014-03-29 16:30 - 00000346 _____ () C:\Windows\Tasks\pricemeterwatcher.job
2014-03-29 16:30 - 2014-03-29 16:30 - 00000344 _____ () C:\Windows\Tasks\pricemetertask.job
2014-03-27 23:46 - 2014-03-31 15:46 - 00000084 _____ () C:\Users\Ver4a\AppData\Roaming\WB.CFG
2014-03-27 22:46 - 2014-04-20 22:33 - 00000948 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-03-27 22:46 - 2014-04-20 22:15 - 00000000 ____D () C:\Program Files\PriceMeterLiveUpdate
2014-03-27 22:46 - 2014-04-20 22:13 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\PriceMeterUpdater
2014-03-27 22:46 - 2014-04-20 22:13 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\buenosearch LTD
2014-03-27 22:46 - 2014-04-20 22:12 - 00000000 ____D () C:\Program Files\buenosearch LTD
2014-03-27 22:46 - 2014-04-20 10:51 - 00000952 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-03-27 22:46 - 2014-04-20 10:47 - 00000292 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-03-27 22:46 - 2014-03-27 22:51 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\PriceMeter
2014-03-27 22:46 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
==================== One Month Modified Files and Folders =======
2014-04-20 22:39 - 2014-04-20 15:42 - 00020473 _____ () C:\Users\Ver4a\Desktop\FRST.txt
2014-04-20 22:39 - 2014-04-20 15:41 - 00000000 ____D () C:\FRST
2014-04-20 22:39 - 2012-02-22 20:35 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\uTorrent
2014-04-20 22:37 - 2014-04-20 22:37 - 01044480 _____ (Farbar) C:\Users\Ver4a\Desktop\FRST.exe
2014-04-20 22:37 - 2011-09-10 19:49 - 01451235 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 22:34 - 2014-02-25 10:34 - 00001494 _____ () C:\Windows\Tasks\Torntv V9.0-updater.job
2014-04-20 22:34 - 2014-02-25 10:33 - 00003080 _____ () C:\Windows\Tasks\Torntv V9.0-chromeinstaller.job
2014-04-20 22:34 - 2014-02-25 10:33 - 00002398 _____ () C:\Windows\Tasks\Torntv V9.0-firefoxinstaller.job
2014-04-20 22:34 - 2009-07-14 04:04 - 00000678 _____ () C:\Windows\win.ini
2014-04-20 22:33 - 2014-03-27 22:46 - 00000948 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-04-20 22:33 - 2014-02-25 10:34 - 00001438 _____ () C:\Windows\Tasks\Torntv V9.0-codedownloader.job
2014-04-20 22:33 - 2014-02-25 10:34 - 00001328 _____ () C:\Windows\Tasks\Torntv V9.0-enabler.job
2014-04-20 22:33 - 2014-02-20 14:28 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-04-20 22:33 - 2014-02-09 12:52 - 00007062 _____ () C:\Windows\setupact.log
2014-04-20 22:33 - 2012-03-17 09:43 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 22:33 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 22:32 - 2014-04-20 14:56 - 00000000 ____D () C:\AdwCleaner
2014-04-20 22:32 - 2009-07-14 06:34 - 00020608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 22:32 - 2009-07-14 06:34 - 00020608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 22:28 - 2014-02-25 10:37 - 00000000 ____D () C:\Program Files\Mobogenie
2014-04-20 22:25 - 2012-04-11 10:15 - 00000982 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001UA.job
2014-04-20 22:22 - 2014-04-20 22:22 - 01037278 _____ () C:\Users\Ver4a\Desktop\adwcleaner.exe
2014-04-20 22:21 - 2014-04-20 22:21 - 01032220 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT.exe
2014-04-20 22:18 - 2014-02-25 10:38 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\newnext.me
2014-04-20 22:17 - 2014-04-20 22:17 - 00000000 _____ () C:\Users\Ver4a\daemonprocess.txt
2014-04-20 22:17 - 2014-02-25 10:38 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\Mobogenie
2014-04-20 22:17 - 2011-09-10 20:27 - 00000000 ____D () C:\Users\Ver4a
2014-04-20 22:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\tracing
2014-04-20 22:16 - 2014-04-20 22:16 - 00002039 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-20 22:16 - 2009-07-14 04:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-04-20 22:15 - 2014-04-20 22:15 - 00000000 ____D () C:\ProgramData\PriceMeterLiveUpdate
2014-04-20 22:15 - 2014-03-27 22:46 - 00000000 ____D () C:\Program Files\PriceMeterLiveUpdate
2014-04-20 22:15 - 2014-02-25 10:33 - 00000000 ____D () C:\Program Files\Torntv V9.0
2014-04-20 22:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-20 22:13 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\PriceMeterUpdater
2014-04-20 22:13 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\buenosearch LTD
2014-04-20 22:13 - 2014-02-25 10:38 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\genienext
2014-04-20 22:13 - 2014-02-25 10:37 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-04-20 22:13 - 2013-12-15 14:22 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\playnowradio
2014-04-20 22:13 - 2013-10-21 20:59 - 00000000 ____D () C:\Program Files\SafePCRepair
2014-04-20 22:13 - 2013-10-21 20:58 - 00000000 ____D () C:\Program Files\SafePCRepair_89
2014-04-20 22:13 - 2013-08-19 14:31 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-04-20 22:13 - 2013-05-05 10:38 - 00000000 ___RD () C:\Program Files\Skype
2014-04-20 22:13 - 2012-08-11 20:19 - 00000000 ____D () C:\Users\Veronica
2014-04-20 22:13 - 2011-09-10 19:54 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-04-20 22:12 - 2014-03-27 22:46 - 00000000 ____D () C:\Program Files\buenosearch LTD
2014-04-20 22:12 - 2014-02-25 10:34 - 00000000 ____D () C:\Program Files\GrabRez
2014-04-20 22:12 - 2013-08-19 14:31 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-04-20 22:12 - 2013-01-25 18:53 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-20 22:11 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-20 15:44 - 2014-04-20 15:43 - 00035763 _____ () C:\Users\Ver4a\Desktop\Addition.txt
2014-04-20 15:23 - 2014-04-20 15:23 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 14:45 - 2013-01-26 19:26 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\CrashDumps
2014-04-20 11:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-20 10:54 - 2013-01-25 18:53 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 10:51 - 2014-03-27 22:46 - 00000952 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-04-20 10:50 - 2012-03-17 09:43 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 10:47 - 2014-03-27 22:46 - 00000292 _____ () C:\Windows\Tasks\PriceMeterUpdater.job
2014-04-20 09:55 - 2012-11-03 14:41 - 00000000 ____D () C:\Users\Ver4a\Desktop\na vyvolání
2014-04-18 13:25 - 2012-04-11 10:15 - 00000960 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85045441-3859974231-1480163339-1001Core.job
2014-04-17 12:41 - 2009-07-14 06:53 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-13 14:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-12 18:20 - 2010-11-20 23:01 - 01586106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 22:17 - 2011-11-14 13:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 12:23 - 2012-03-14 12:02 - 00754588 _____ () C:\test.xml
2014-04-06 17:38 - 2013-11-22 08:01 - 00000000 ____D () C:\Program Files\PasswordBox
2014-04-06 08:36 - 2014-04-20 15:22 - 01016261 _____ (Thisisu) C:\Users\Ver4a\Desktop\JRT_NEW.exe
2014-04-02 17:29 - 2014-04-02 17:29 - 00034534 _____ () C:\Users\Ver4a\Downloads\2. část BP_Pátková.sxw
2014-03-31 15:46 - 2014-03-27 23:46 - 00000084 _____ () C:\Users\Ver4a\AppData\Roaming\WB.CFG
2014-03-31 09:35 - 2012-02-13 21:49 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 02:13 - 2014-04-09 17:50 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 17:50 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 16:34 - 2012-08-11 18:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-29 16:46 - 2014-03-29 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-29 16:30 - 2014-03-29 16:30 - 00000346 _____ () C:\Windows\Tasks\pricemeterwatcher.job
2014-03-29 16:30 - 2014-03-29 16:30 - 00000344 _____ () C:\Windows\Tasks\pricemetertask.job
2014-03-28 11:13 - 2014-02-25 18:03 - 00005120 _____ () C:\Windows\PFRO.log
2014-03-27 22:51 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Local\PriceMeter
2014-03-27 22:46 - 2014-03-27 22:46 - 00000000 ____D () C:\Users\Ver4a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
2014-03-23 18:51 - 2013-08-19 14:32 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys
2014-03-23 18:51 - 2013-08-19 14:31 - 00003749 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
Some content of TEMP:
====================
C:\Users\Ver4a\AppData\Local\Temp\Quarantine.exe
C:\Users\Ver4a\AppData\Local\Temp\setup__6272.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 15:32
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zasekaný NB- prosim o kontrolu logu
Log je OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?