Dobry den, mama ma totalne zavirovany pocitac, porad to vyhazuje nejaka okna, odkazuje to na nejake webove stranky, pise ruzne hlasky... Proste katastrofalni stav. Mela tam microsoft essencials antivir, ten jsem ji odinstalovala, dala jsem tam avast, adblock a projela to ccleanerem. Avast jsem spustila uplny test systemu, pry to naslo spoustu hrozeb, ale pak asi na 97% se to zaseklo, a od te doby je na tom pocitac jeste hur. Takze pisu Vam, jestli se na to nemuzete podivat a pomoct ji. Ona se toho boji, tak ji to budu s vami delat vzdycky po vecerech pres Teamviewer.Tak to delam i ted. Diky za pomoc
Logfile of random's system information tool 1.10 (written by random/random)
Run by Katerina Rod at 2014-11-04 20:51:59
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 337 GB (73%) free of 462 GB
Total RAM: 3986 MB (35% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:52:07 PM, on 4/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WinFLTray.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\UMStor\Res.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe
C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\trend micro\Katerina Rod.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1 ... X22MAF1J4S
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid ... 272&lng=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1 ... X22MAF1J4S
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1 ... X22MAF1J4S
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O3 - Toolbar: (no name) - {a3a8ba13-8b56-46e6-8bc6-2746089b6cb2} - (no file)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [WinFLTray] C:\windows\SysWow64\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Price-Horse] C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLService - New Softwares.net - C:\windows\SysWow64\WinFLService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MaintainerSvc2.48.1114611 - Unknown owner - C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update Klip Pal - Unknown owner - C:\Program Files (x86)\Klip Pal\updateKlipPal.exe (file missing)
O23 - Service: Util Klip Pal - Unknown owner - C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13364 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\GFNEXSrv.exe
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
"taskhost.exe"
C:\windows\System32\spoolsv.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Windows\SysWOW64\WinFLTray.exe"
C:\windows\SysWow64\WinFLService.exe
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe"
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe" -Embedding
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe"
C:\windows\system32\svchost.exe -k regsvc
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Windows\UMStor\Res.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
C:\windows\system32\TODDSrv.exe
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
taskeng.exe {75DD2F82-B406-4FE6-B982-AD5182328319}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.sweet-page.com/?type=sc&ts=1 ... X22MAF1J4S
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
ngservice.exe pipeserver
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --channel="3208.0.76857714\27213838" /prefetch:3
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=gpu-process --channel="3208.1.1507449131\1938264586" --no-sandbox --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2752 --ignored=" --type=renderer " --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable /prefetch:12
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\vssvc.exe
"C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe"
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1548.2138bbc0.1621906810 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1548 "\\.\pipe\gecko-crash-server-pipe.1548" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash5892.65E7AAA0.3282 --host-broker-channel=Flash5892.65E7AAA0.26 --host-pid=5892 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=5620.0014F8C0.1147549294 --proxy-stub-channel=Flash5892.65E7AAA0.3282 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"c:\users\kateri~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe" --IPCport 5939
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Katerina Rod\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
=========Mozilla firefox=========
ProfilePath - C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppluginrichmediaplayer.dll
C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\
ask-search.xml
askcom.xml
bs-player-controlbar-customized-web-search.xml
my-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-03 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03 700800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\SupTab\SupTab.dll [2014-11-03 514016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-03 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03 534400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{99079a25-328f-4bd4-be04-00955acaa0a7}
{a3a8ba13-8b56-46e6-8bc6-2746089b6cb2}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-02-01 12446824]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-12-14 712096]
"TPSCMain"=C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [2011-12-21 740792]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-11-26 710560]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-05-10 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-05-10 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-05-10 440088]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"=C:\windows\SysWow64\WinFLTray.exe [2012-10-19 321736]
"FLBackup"=C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [2012-10-19 275656]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
"Price-Horse"=C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe [2014-11-03 627560]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-05 291608]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-12 1298816]
"USB Storage Toolbox"=C:\windows\UMStor\Res.EXE [2005-09-14 65536]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"WireLessKeyboard"=C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22 2694040]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-03 5223016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-05-10 436224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-04 20:51:59 ----D---- C:\rsit
2014-11-04 20:51:59 ----D---- C:\Program Files\trend micro
2014-11-04 20:11:17 ----D---- C:\windows\SYSWOW64\vbox
2014-11-04 20:11:17 ----D---- C:\windows\system32\vbox
2014-11-03 22:18:28 ----D---- C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51
2014-11-03 21:48:29 ----A---- C:\windows\system32\drivers\{e0c89f91-0178-4464-8daf-bec566dd2d9a}Gw64.sys
2014-11-03 20:29:17 ----D---- C:\Users\Katerina Rod\AppData\Roaming\AVAST Software
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswVmm.sys
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswStm.sys
2014-11-03 20:28:47 ----A---- C:\windows\system32\drivers\aswSP.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswmonflt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswHwid.sys
2014-11-03 20:28:43 ----A---- C:\windows\system32\drivers\aswsnx.sys
2014-11-03 20:28:41 ----A---- C:\windows\system32\aswBoot.exe
2014-11-03 20:28:40 ----A---- C:\windows\avastSS.scr
2014-11-03 20:27:32 ----D---- C:\Program Files\AVAST Software
2014-11-03 20:20:09 ----D---- C:\ProgramData\374311380
2014-11-03 20:13:22 ----D---- C:\ProgramData\IePluginServices
2014-11-03 20:13:15 ----D---- C:\Program Files (x86)\SupTab
2014-11-03 20:13:07 ----D---- C:\ProgramData\WindowsMangerProtect
2014-11-03 20:12:57 ----D---- C:\Users\Katerina Rod\AppData\Roaming\sweet-page
2014-11-03 20:12:11 ----D---- C:\Program Files (x86)\Klip Pal
2014-11-02 16:45:10 ----A---- C:\windows\SYSWOW64\mstscax.dll
2014-11-02 16:45:06 ----A---- C:\windows\system32\mstscax.dll
2014-11-02 11:12:25 ----A---- C:\windows\system32\TsUsbGDCoInstaller.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-02 11:12:20 ----A---- C:\windows\system32\drivers\TsUsbFlt.sys
2014-11-02 11:12:19 ----A---- C:\windows\system32\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\MsRdpWebAccess.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\TSWbPrxy.exe
2014-11-02 11:12:18 ----A---- C:\windows\system32\MsRdpWebAccess.dll
2014-11-02 11:12:17 ----A---- C:\windows\system32\wksprt.exe
2014-11-02 11:12:16 ----A---- C:\windows\SYSWOW64\mstsc.exe
2014-11-02 11:12:15 ----A---- C:\windows\system32\mstsc.exe
2014-11-02 11:12:14 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2014-11-02 11:12:14 ----A---- C:\windows\system32\rdvidcrl.dll
2014-10-15 14:20:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-10-15 06:40:56 ----A---- C:\windows\system32\win32k.sys
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\mscorier.dll
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\dfshim.dll
2014-10-15 06:40:53 ----A---- C:\windows\system32\mscorier.dll
2014-10-15 06:40:52 ----A---- C:\windows\SYSWOW64\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\dfshim.dll
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDBASH.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDBASH.DLL
2014-10-15 06:40:38 ----A---- C:\windows\system32\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\SYSWOW64\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\system32\drmv2clt.dll
2014-10-15 06:40:36 ----A---- C:\windows\SYSWOW64\drmv2clt.dll
2014-10-15 06:40:34 ----A---- C:\windows\system32\wmp.dll
2014-10-15 06:40:30 ----A---- C:\windows\SYSWOW64\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\mf.dll
2014-10-15 06:40:29 ----A---- C:\windows\SYSWOW64\wmp.dll
2014-10-15 06:40:29 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-10-15 06:40:28 ----A---- C:\windows\system32\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\mf.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-10-15 06:40:27 ----A---- C:\windows\system32\drivers\PEAuth.sys
2014-10-15 06:40:27 ----A---- C:\windows\system32\ci.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\winload.exe
2014-10-15 06:40:26 ----A---- C:\windows\system32\quartz.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\AudioEng.dll
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\wintrust.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\winresume.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\ntoskrnl.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\evr.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\EncDump.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\crypt32.dll
2014-10-15 06:40:23 ----A---- C:\windows\SYSWOW64\wintrust.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\cryptui.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\AudioSes.dll
2014-10-15 06:40:22 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2014-10-15 06:40:21 ----A---- C:\windows\SYSWOW64\evr.dll
2014-10-15 06:40:21 ----A---- C:\windows\system32\audiosrv.dll
2014-10-15 06:40:20 ----A---- C:\windows\SYSWOW64\quartz.dll
2014-10-15 06:40:20 ----A---- C:\windows\system32\mfplat.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\cryptui.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\crypt32.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\srcore.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\pcasvc.dll
2014-10-15 06:40:17 ----A---- C:\windows\SYSWOW64\mfplat.dll
2014-10-15 06:40:16 ----A---- C:\windows\system32\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\rstrui.exe
2014-10-15 06:40:15 ----A---- C:\windows\system32\msscp.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\msnetobj.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\appidsvc.dll
2014-10-15 06:40:14 ----A---- C:\windows\SYSWOW64\msscp.dll
2014-10-15 06:40:14 ----A---- C:\windows\system32\drivers\appid.sys
2014-10-15 06:40:14 ----A---- C:\windows\system32\audiodg.exe
2014-10-15 06:40:14 ----A---- C:\windows\system32\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\msnetobj.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\mfps.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\system32\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\system32\mfps.dll
2014-10-15 06:40:12 ----A---- C:\windows\SYSWOW64\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\setbcdlocale.dll
2014-10-15 06:40:12 ----A---- C:\windows\system32\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\appidpolicyconverter.exe
2014-10-15 06:40:11 ----A---- C:\windows\SYSWOW64\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\appidcertstorecheck.exe
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\dxmasf.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\system32\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\dxmasf.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\generaltel.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\aepdu.dll
2014-10-15 06:39:58 ----A---- C:\windows\system32\aeinv.dll
2014-10-15 06:39:57 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\iernonce.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ie4uinit.exe
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-10-15 06:39:54 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:39:52 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-10-15 06:39:52 ----A---- C:\windows\system32\iedkcs32.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\urlmon.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\msfeeds.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\ieetwcollector.exe
2014-10-15 06:39:50 ----A---- C:\windows\system32\dxtmsft.dll
2014-10-15 06:39:49 ----A---- C:\windows\system32\iesetup.dll
2014-10-15 06:39:48 ----A---- C:\windows\system32\iertutil.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-10-15 06:39:45 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-10-15 06:39:45 ----A---- C:\windows\system32\jsproxy.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\ieui.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\dxtrans.dll
2014-10-15 06:39:42 ----A---- C:\windows\system32\ieframe.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmled.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\jscript9diag.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\ieUnatt.exe
2014-10-15 06:39:39 ----A---- C:\windows\system32\jscript9.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\wininet.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\vbscript.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\ieapfltr.dll
2014-10-15 06:39:37 ----A---- C:\windows\system32\MshtmlDac.dll
2014-10-15 06:39:36 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:39:36 ----A---- C:\windows\system32\msrating.dll
2014-10-15 06:39:35 ----A---- C:\windows\system32\mshtml.dll
2014-10-15 06:39:17 ----A---- C:\windows\system32\msi.dll
2014-10-15 06:39:16 ----A---- C:\windows\SYSWOW64\msi.dll
2014-10-15 06:39:03 ----A---- C:\windows\system32\rdpcorets.dll
2014-10-15 06:38:58 ----A---- C:\windows\SYSWOW64\rastls.dll
2014-10-15 06:38:58 ----A---- C:\windows\system32\rastls.dll
2014-10-15 06:38:50 ----A---- C:\windows\system32\termsrv.dll
2014-10-15 06:38:49 ----A---- C:\windows\SYSWOW64\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winlogon.exe
2014-10-15 06:38:49 ----A---- C:\windows\system32\rdpcorekmts.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\drivers\rdpwd.sys
2014-10-15 06:38:48 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-10-15 06:38:48 ----A---- C:\windows\system32\TSpkg.dll
2014-10-15 06:38:47 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-10-15 06:38:47 ----A---- C:\windows\system32\drivers\tssecsrv.sys
2014-10-15 06:38:47 ----A---- C:\windows\system32\credssp.dll
2014-10-15 06:38:33 ----A---- C:\windows\SYSWOW64\packager.dll
2014-10-15 06:38:33 ----A---- C:\windows\system32\packager.dll
2014-10-13 14:52:32 ----D---- C:\Program Files (x86)\Microsoft XNA
2014-10-10 09:53:56 ----D---- C:\Users\Katerina Rod\AppData\Roaming\SpaceEngineers
2014-10-08 20:45:31 ----D---- C:\Program Files (x86)\Origin Games
2014-10-08 20:45:13 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Origin
2014-10-08 20:41:40 ----D---- C:\ProgramData\Origin
2014-10-08 20:41:39 ----D---- C:\ProgramData\Electronic Arts
2014-10-08 20:41:35 ----D---- C:\Program Files (x86)\Origin
======List of files/folders modified in the last 1 month======
2014-11-04 20:52:03 ----D---- C:\windows\Temp
2014-11-04 20:51:59 ----RD---- C:\Program Files
2014-11-04 20:42:22 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Skype
2014-11-04 20:30:09 ----AD---- C:\windows\System32
2014-11-04 20:27:48 ----D---- C:\windows\system32\config
2014-11-04 20:12:06 ----SHD---- C:\System Volume Information
2014-11-04 20:11:27 ----A---- C:\windows\SYSWOW64\log.txt
2014-11-04 20:11:17 ----D---- C:\windows\SysWOW64
2014-11-04 20:10:33 ----A---- C:\IFRToolLog.txt
2014-11-04 20:06:56 ----AD---- C:\Windows
2014-11-04 20:01:45 ----D---- C:\windows\system32\drivers
2014-11-04 09:25:09 ----HD---- C:\ProgramData
2014-11-04 04:21:28 ----D---- C:\windows\system32\LogFiles
2014-11-04 04:20:56 ----D---- C:\windows\system32\GroupPolicy
2014-11-03 21:48:30 ----A---- C:\windows\win.ini
2014-11-03 20:49:46 ----HD---- C:\windows\system32\CanonIJ Uninstaller Information
2014-11-03 20:49:04 ----D---- C:\Program Files (x86)
2014-11-03 20:46:03 ----D---- C:\windows\twain_32
2014-11-03 20:46:03 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Canon
2014-11-03 20:45:51 ----D---- C:\windows\system32\DriverStore
2014-11-03 20:45:51 ----D---- C:\windows\inf
2014-11-03 20:45:16 ----D---- C:\Program Files (x86)\Canon
2014-11-03 20:28:59 ----D---- C:\windows\system32\Tasks
2014-11-03 20:28:43 ----D---- C:\windows\winsxs
2014-11-03 20:27:32 ----D---- C:\ProgramData\AVAST Software
2014-11-03 20:26:15 ----D---- C:\Program Files\CCleaner
2014-11-03 20:21:15 ----D---- C:\Users\Katerina Rod\AppData\Roaming\BSplayer
2014-11-03 20:19:43 ----D---- C:\Program Files (x86)\Steam
2014-11-03 20:19:41 ----D---- C:\windows\Logs
2014-11-03 20:19:41 ----D---- C:\windows\debug
2014-11-03 20:18:06 ----SHD---- C:\windows\Installer
2014-11-03 20:16:06 ----D---- C:\Program Files (x86)\Common Files
2014-11-03 20:14:00 ----D---- C:\windows\Prefetch
2014-11-03 19:41:43 ----D---- C:\windows\Tasks
2014-11-03 05:40:16 ----D---- C:\windows\rescache
2014-11-02 22:21:52 ----D---- C:\windows\SYSWOW64\en-US
2014-11-02 22:21:52 ----D---- C:\windows\system32\en-US
2014-11-02 16:42:45 ----D---- C:\windows\system32\catroot2
2014-11-02 11:24:21 ----D---- C:\Users\Katerina Rod\AppData\Roaming\TS3Client
2014-11-02 11:16:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 11:15:21 ----D---- C:\windows\SYSWOW64\wbem
2014-11-02 11:15:21 ----D---- C:\windows\system32\drivers\en-US
2014-11-02 11:15:20 ----D---- C:\windows\system32\wbem
2014-11-01 19:50:20 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-10-28 23:07:32 ----D---- C:\Program Files\TOSHIBA
2014-10-28 23:07:32 ----D---- C:\Program Files (x86)\Toshiba
2014-10-28 23:03:03 ----D---- C:\windows\Microsoft.NET
2014-10-28 05:34:58 ----N---- C:\windows\system32\MpSigStub.exe
2014-10-20 07:05:02 ----D---- C:\Program Files (x86)\Google
2014-10-19 09:31:11 ----RSD---- C:\windows\assembly
2014-10-16 16:10:56 ----RSD---- C:\windows\Fonts
2014-10-16 16:10:53 ----D---- C:\windows\SYSWOW64\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\CodeIntegrity
2014-10-16 16:10:53 ----D---- C:\windows\system32\Boot
2014-10-16 16:10:53 ----D---- C:\Program Files\Windows Media Player
2014-10-16 16:10:53 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-16 16:10:52 ----SD---- C:\windows\system32\CompatTel
2014-10-16 16:10:52 ----D---- C:\Program Files\Internet Explorer
2014-10-16 16:10:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 14:27:18 ----D---- C:\windows\system32\MRT
2014-10-16 14:16:22 ----A---- C:\windows\system32\MRT.exe
2014-10-15 06:38:28 ----D---- C:\windows\system32\catroot
2014-10-10 16:07:49 ----D---- C:\Users\Katerina Rod\AppData\Roaming\.minecraft
2014-10-07 07:56:35 ----D---- C:\windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-11-03 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-11-03 267632]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-11-03 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-03 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-11-03 436624]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R1 WinFLAdrv;WinFLAdrv; C:\windows\SysWOW64\WinFLAdrv.sys [2012-10-19 34816]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-11-03 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-11-03 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-11-03 116728]
R2 NEWDRIVER;NEWDRIVER; \??\C:\windows\SysWow64\WinVDEdrv6.sys [2012-10-19 197648]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-03 270728]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2012-02-01 4739304]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2011-08-17 251496]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-31 27784]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-19 18872]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TDEIO;TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2012-01-30 304696]
S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-12-17 79040]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;USB Scanner Driver; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-03 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2011-03-01 27648]
R2 FLService;FLService; C:\windows\SysWow64\WinFLService.exe [2012-10-19 91336]
R2 GFNEXSrv;GFNEX Service; C:\Windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-01-21 277784]
R2 MaintainerSvc2.48.1114611;MaintainerSvc2.48.1114611; C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe [2014-11-04 123632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2014-11-03 530408]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-03 4012248]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S2 Update Klip Pal;Update Klip Pal; C:\Program Files (x86)\Klip Pal\updateKlipPal.exe []
S2 Util Klip Pal;Util Klip Pal; C:\Program Files (x86)\Klip Pal\bin\utilKlipPal.exe [2014-11-03 523504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2011-03-01 27648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-10 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-31 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-09-23 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-02 198064]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-17 1255736]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zavirovany pocitac
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovany pocitac
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovany pocitac
Ten avast nasel i nejaky rootkit a celkove asi 17 hrozeb, jsem nenapsala.... 
# AdwCleaner v3.311 - Report created 04/11/2014 at 21:10:31
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Katerina Rod - KATERINAROD-PC
# Running from : C:\Users\Katerina Rod\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : WindowsMangerProtect
[#] Service Deleted : Update Klip Pal
[#] Service Deleted : Util Klip Pal
Service Deleted : {e0c89f91-0178-4464-8daf-bec566dd2d9a}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Folder Deleted : C:\Program Files (x86)\Free Video Converter
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\wiseconvert
Folder Deleted : C:\Program Files (x86)\Klip Pal
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\Conduit
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\torch
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\Wajam
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\wiseconvert
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\sweet-page
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Katerina Rod\Documents\Optimizer Pro
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\Smartbar
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\ValueApps
File Deleted : C:\END
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\drivers\{e0c89f91-0178-4464-8daf-bec566dd2d9a}Gw64.sys
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\my-web-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Klip Pal
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Klip Pal
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Free Video Converter
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\Klip Pal
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v33.0.2 (x86 cs)
[ File : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\prefs.js ]
Line Deleted : user_pref("CT1750559.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_city", "BRNO");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
Line Deleted : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
Line Deleted : user_pref("CT1750559.1000234.TWC_locId", "EZXX0002");
Line Deleted : user_pref("CT1750559.1000234.TWC_location", "Brno, JM, Czech Republic");
Line Deleted : user_pref("CT1750559.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.FirstTime", "true");
Line Deleted : user_pref("CT1750559.FirstTimeFF3", "true");
Line Deleted : user_pref("CT1750559.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT1750559.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN16383441571788626&UM=4&q=");
Line Deleted : user_pref("CT1750559.UserID", "UN16383441571788626");
Line Deleted : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.appOptions", "{\"129646277731078772\":{\"render\":true,\"disabled\":true,\"appGuid\":\"\",\"appClientGuid\":\"\",\"isPersonalApp\":false},\"128798613156656718\":{\"render\":true,\[...]
Line Deleted : user_pref("CT1750559.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT1750559.countryCode", "CZ");
Line Deleted : user_pref("CT1750559.dum", "2");
Line Deleted : user_pref("CT1750559.embeddedsData", "[{\"appId\":\"128520273115419467\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT1750559.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorByUser", "false");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT1750559.fullUserID", "UN16383441571788626.XP.20140908185309");
Line Deleted : user_pref("CT1750559.installType", "Unknown");
Line Deleted : user_pref("CT1750559.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.keyword", true);
Line Deleted : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovi.com/?gd=&ctid=CT1750559&octid ... Lay=1&UM=4[...]
Line Deleted : user_pref("CT1750559.lastVersion", "10.34.0.503");
Line Deleted : user_pref("CT1750559.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT1750559.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Fp%3Davast\",\"EB_MAIN_FRAME_TITLE\":\"avast%20-%20Yahoo%20Search[...]
Line Deleted : user_pref("CT1750559.originalHomepage", "about:home");
Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", false);
Line Deleted : user_pref("CT1750559.originalSearchEngine", "Google");
Line Deleted : user_pref("CT1750559.originalSearchEngineName", "Google");
Line Deleted : user_pref("CT1750559.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT1750559.search.searchAppId", "128520273115419467");
Line Deleted : user_pref("CT1750559.search.searchCount", "1");
Line Deleted : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT1750559.searchUninstallUserMode", "4");
Line Deleted : user_pref("CT1750559.searchUserMode", "4");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabledByUser", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.sendUsageEnabled", "false");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1414956874016");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1414530972633");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1414956871635");
Line Deleted : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1415039084820");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411931143225");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.34.0.503_lastUpdate", "1415039084661");
Line Deleted : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1415039084780");
Line Deleted : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1414956874140");
Line Deleted : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1414956866538");
Line Deleted : user_pref("CT1750559.serviceLayer_services_setupAPI_lastUpdate", "1410195194177");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1414956872690");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1415039085607");
Line Deleted : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1414956869627");
Line Deleted : user_pref("CT1750559.settingsINI", true);
Line Deleted : user_pref("CT1750559.showToolbarPermission", "false");
Line Deleted : user_pref("CT1750559.smartbar.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT1750559.smartbar.homepage", true);
Line Deleted : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
Line Deleted : user_pref("CT1750559.toolbarBornServerTime", "8-9-2014");
Line Deleted : user_pref("CT1750559.toolbarCurrentServerTime", "3-11-2014");
Line Deleted : user_pref("CT1750559.toolbarInstallDate", "08-09-2014 18:53:14");
Line Deleted : user_pref("CT1750559.toolbarLoginClientTime", "Mon Sep 08 2014 18:53:20 GMT+0200 (Central Europe Standard Time)");
Line Deleted : user_pref("CT1750559.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415042013324,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3196716.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "SOUTH BRISBANE");
Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "AU");
Line Deleted : user_pref("CT3196716.CBOpenMAMSettings", "0");
Line Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.Facebook_Mode", "2");
Line Deleted : user_pref("CT3196716.Facebook_User_Locale", "en");
Line Deleted : user_pref("CT3196716.FirstTime", "true");
Line Deleted : user_pref("CT3196716.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3196716.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3196716.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3196716.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3196716.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
Line Deleted : user_pref("CT3196716.UserID", "UN13281990922070497");
Line Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3196716.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3196716.cb_experience_000", "1");
Line Deleted : user_pref("CT3196716.cbcountry_001", "AU");
Line Deleted : user_pref("CT3196716.cbfirsttime", "Sun Aug 12 2012 10:46:59 GMT+1000");
Line Deleted : user_pref("CT3196716.countryCode", "CZ");
Line Deleted : user_pref("CT3196716.enableAlerts", "always");
Line Deleted : user_pref("CT3196716.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3196716.event_data", "%5B%5D");
Line Deleted : user_pref("CT3196716.fired_events", "");
Line Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3196716.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3196716.fixUrls", true);
Line Deleted : user_pref("CT3196716.fullUserID", "UN13281990922070497.UP.20130701235718");
Line Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3196716.isNewTabEnabled", true);
Line Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.key_date", "28");
Line Deleted : user_pref("CT3196716.keyword", true);
Line Deleted : user_pref("CT3196716.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT3196716&oct ... &Lay=1&UM=[...]
Line Deleted : user_pref("CT3196716.lastVersion", "10.33.0.517");
Line Deleted : user_pref("CT3196716.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3196716.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Fp%3Davast\",\"EB_MAIN_FRAME_TITLE\":\"avast%20-%20Yahoo%20Search%20Results\",\"EB_SEARCH[...]
Line Deleted : user_pref("CT3196716.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=574491EF-A4EE-4B66-8660-1F7BD239018F&n=77ee610f&ind=2012111119&id=HJxdm020YYau&ptnrS=[...]
Line Deleted : user_pref("CT3196716.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");
Line Deleted : user_pref("CT3196716.search.searchCount", "0");
Line Deleted : user_pref("CT3196716.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3196716.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3196716\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvert.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert \"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_services_Configuration_lastUpdate", "1414956874202");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344732415575");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appTracking_lastUpdate", "1344732419042");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1351405411940");
Line Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344732417144");
Line Deleted : user_pref("CT3196716.serviceLayer_services_location_lastUpdate", "1372266025025");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345715997891");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354600794384");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359787804909");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360656634541");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371392311984");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.15.2.523_lastUpdate", "1370077131537");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372266025801");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375526597337");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378451013345");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.19.2.505_lastUpdate", "1387273871593");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.23.0.822_lastUpdate", "1410189773770");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.33.0.517_lastUpdate", "1415039084148");
Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1344732415809");
Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1344732416737");
Line Deleted : user_pref("CT3196716.serviceLayer_services_optimizer_lastUpdate", "1351405413393");
Line Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344732417209");
Line Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1414956874084");
Line Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1414956872995");
Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344732417051");
Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1415039085384");
Line Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1414956864029");
Line Deleted : user_pref("CT3196716.settingsINI", true);
Line Deleted : user_pref("CT3196716.showToolbarPermission", "false");
Line Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");
Line Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3196716.smartbar.homepage", true);
Line Deleted : user_pref("CT3196716.smartbar.isHidden", true);
Line Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
Line Deleted : user_pref("CT3196716.startPage", "userChanged");
Line Deleted : user_pref("CT3196716.toolbarBornServerTime", "12-8-2012");
Line Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "3-11-2014");
Line Deleted : user_pref("CT3196716.toolbarLoginClientTime", "Wed Apr 10 2013 19:14:13 GMT+1000");
Line Deleted : user_pref("CT3196716.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3196716.url_history0001", "hxxp://serialy.herni.cz/griffinovi-serial-1:::clickhandler:::1353662199492,,,hxxp://serialy.herni.cz/futurama-serial-1:::clickhandler:::1353662228109,,,hxxp://s[...]
Line Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415042013097,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3201318.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3201318.1000234.TWC_TMP_city", "MELBOURNE");
Line Deleted : user_pref("CT3201318.1000234.TWC_TMP_country", "AU");
Line Deleted : user_pref("CT3201318.1000234.TWC_locId", "ASXX0075");
Line Deleted : user_pref("CT3201318.1000234.TWC_location", "Melbourne, Australia");
Line Deleted : user_pref("CT3201318.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT3201318.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT3201318.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT3201318.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"18°C\",\"temperatureClear\":\"18°C\",\"highTemperature\":\"22ÂÂÂ[...]
Line Deleted : user_pref("CT3201318.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT3201318.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT3201318.FirstTime", "true");
Line Deleted : user_pref("CT3201318.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3201318.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3201318.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3201318.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3201318.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&q=");
Line Deleted : user_pref("CT3201318.UserID", "UN35491707202422040");
Line Deleted : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3201318.cbcountry_001.enc", "QVU=");
Line Deleted : user_pref("CT3201318.cbfirsttime.enc", "V2VkIEphbiAwOSAyMDEzIDE5OjI4OjUwIEdNVCsxMDAw");
Line Deleted : user_pref("CT3201318.countryCode", "CZ");
Line Deleted : user_pref("CT3201318.enableAlerts", "always");
Line Deleted : user_pref("CT3201318.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3201318.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3201318.fired_events.enc", "AA==");
Line Deleted : user_pref("CT3201318.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3201318.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3201318.fixUrls", true);
Line Deleted : user_pref("CT3201318.fullUserID", "UN35491707202422040.UP.20130701235718");
Line Deleted : user_pref("CT3201318.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT3201318.installType", "Unknown");
Line Deleted : user_pref("CT3201318.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3201318.isNewTabEnabled", true);
Line Deleted : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.key_date.enc", "MTk=");
Line Deleted : user_pref("CT3201318.keyword", true);
Line Deleted : user_pref("CT3201318.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3201318&octid=CT3201318&ISID=ISID_ID&SearchSource=15&CUI=UN35491707202422040&Lay=1&[...]
Line Deleted : user_pref("CT3201318.lastVersion", "10.34.0.503");
Line Deleted : user_pref("CT3201318.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Fp%3Davast\",\"EB_MAIN_FRAME_TITLE\":\"avast%20-%20Yahoo%20Search[...]
Line Deleted : user_pref("CT3201318.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
Line Deleted : user_pref("CT3201318.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT3201318.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"01\\\\/09\\\\/2013 12\\\"}\"}");
Line Deleted : user_pref("CT3201318.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3201318.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Line Deleted : user_pref("CT3201318.search.searchCount", "0");
Line Deleted : user_pref("CT3201318.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3201318.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3201318.searchUserMode", "4");
Line Deleted : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3201318\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FLVRunner.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FLV Runner \"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_services_Configuration_lastUpdate", "1414956874246");
Line Deleted : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357723726103");
Line Deleted : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1358554245406");
Line Deleted : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357723727171");
Line Deleted : user_pref("CT3201318.serviceLayer_services_location_lastUpdate", "1372266025793");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359113324709");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359787805049");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360656635536");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.15.0.562_lastUpdate", "1368551384381");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.15.2.523_lastUpdate", "1371392313317");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372266026033");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375526596849");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378451014018");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.19.2.505_lastUpdate", "1387273869501");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.23.0.822_lastUpdate", "1410189772679");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411931143623");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.34.0.503_lastUpdate", "1415039083392");
Line Deleted : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1358457569472");
Line Deleted : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1358457569434");
Line Deleted : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357723727217");
Line Deleted : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1414956874111");
Line Deleted : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1414956873300");
Line Deleted : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357723727126");
Line Deleted : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1415039085205");
Line Deleted : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1414956872297");
Line Deleted : user_pref("CT3201318.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1357812196725");
Line Deleted : user_pref("CT3201318.serviceLayer_services_userApps_lastUpdate", "1357812196734");
Line Deleted : user_pref("CT3201318.settingsINI", true);
Line Deleted : user_pref("CT3201318.showToolbarPermission", "false");
Line Deleted : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Line Deleted : user_pref("CT3201318.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3201318.smartbar.homepage", true);
Line Deleted : user_pref("CT3201318.smartbar.isHidden", true);
Line Deleted : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Line Deleted : user_pref("CT3201318.startPage", "userChanged");
Line Deleted : user_pref("CT3201318.toolbarBornServerTime", "9-1-2013");
Line Deleted : user_pref("CT3201318.toolbarCurrentServerTime", "3-11-2014");
Line Deleted : user_pref("CT3201318.toolbarLoginClientTime", "Wed Apr 10 2013 19:14:14 GMT+1000");
Line Deleted : user_pref("CT3201318.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNTg1MDEwMDcyNTYsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM1ODUwMTAwOTI2MSwsLGh0dHBz[...]
Line Deleted : user_pref("CT3201318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415042013222,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN16383441571788626");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_3&babsrc=KW_ss&mntrId=2228bac5000000000000e840f2cc3123&q=");
Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN16383441571788626");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "sweet-page");
Line Deleted : user_pref("extensions.508cd20a87311.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "2228bac5000000000000e840f2cc3123");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15556");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010812_ctrl_3112_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_3&babsrc=NT_ss&mntrId=2228bac5000000000000e840f2cc3123");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.117:31:03");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Seznam");
Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=574491EF-A4EE-4B66-8660-1F7BD239018F&n=77ee610f&ptnrS=HJxdm020YYau&si=pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", -286656657);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012111119");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm020YYau");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "574491EF-A4EE-4B66-8660-1F7BD239018F");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1376340490605");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13&CUI=SB_CUI,hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN19530297652941611&UM=1&SearchSource=13,h[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&Search[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13&CUI=SB_CUI,hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN19530297652941611&UM=1&SearchSource=13,hxxp://t[...]
Line Deleted : user_pref("smartbar.machineId", "KS/T1/UKZVKZNEJQCBC5KHZLPZZQ0BGPGMOQY7AAZXLQAFXMUIVHEQKND6UXYTG3RURBWMH9KVCKKQRKAJXA5A");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.com.au/");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=574491EF-A4EE-4B66-8660-1F7BD239018F&n=77ee610f&ind=2012111119&id=HJxdm020YYau&ptnrS=H[...]
Line Deleted : user_pref("smartbar.originalSearchEngine", "Google");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=[...]
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [55157 octets] - [04/11/2014 21:09:10]
AdwCleaner[S0].txt - [52944 octets] - [04/11/2014 21:10:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [53005 octets] ##########
# AdwCleaner v3.311 - Report created 04/11/2014 at 21:10:31
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Katerina Rod - KATERINAROD-PC
# Running from : C:\Users\Katerina Rod\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : WindowsMangerProtect
[#] Service Deleted : Update Klip Pal
[#] Service Deleted : Util Klip Pal
Service Deleted : {e0c89f91-0178-4464-8daf-bec566dd2d9a}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Folder Deleted : C:\Program Files (x86)\Free Video Converter
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\wiseconvert
Folder Deleted : C:\Program Files (x86)\Klip Pal
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\Conduit
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\torch
Folder Deleted : C:\Users\Katerina Rod\AppData\Local\Wajam
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Katerina Rod\AppData\LocalLow\wiseconvert
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\sweet-page
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Katerina Rod\Documents\Optimizer Pro
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\Smartbar
Folder Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\ValueApps
File Deleted : C:\END
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\drivers\{e0c89f91-0178-4464-8daf-bec566dd2d9a}Gw64.sys
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\my-web-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
File Deleted : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Katerina Rod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Klip Pal
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Klip Pal
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A3A8BA13-8B56-46E6-8BC6-2746089B6CB2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Free Video Converter
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\Klip Pal
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v33.0.2 (x86 cs)
[ File : C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\prefs.js ]
Line Deleted : user_pref("CT1750559.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energydance128k?MSWMExt=.asf\"}");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_city", "BRNO");
Line Deleted : user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
Line Deleted : user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
Line Deleted : user_pref("CT1750559.1000234.TWC_locId", "EZXX0002");
Line Deleted : user_pref("CT1750559.1000234.TWC_location", "Brno, JM, Czech Republic");
Line Deleted : user_pref("CT1750559.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT1750559.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.FirstTime", "true");
Line Deleted : user_pref("CT1750559.FirstTimeFF3", "true");
Line Deleted : user_pref("CT1750559.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT1750559.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN16383441571788626&UM=4&q=");
Line Deleted : user_pref("CT1750559.UserID", "UN16383441571788626");
Line Deleted : user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.appOptions", "{\"129646277731078772\":{\"render\":true,\"disabled\":true,\"appGuid\":\"\",\"appClientGuid\":\"\",\"isPersonalApp\":false},\"128798613156656718\":{\"render\":true,\[...]
Line Deleted : user_pref("CT1750559.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT1750559.countryCode", "CZ");
Line Deleted : user_pref("CT1750559.dum", "2");
Line Deleted : user_pref("CT1750559.embeddedsData", "[{\"appId\":\"128520273115419467\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT1750559.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorByUser", "false");
Line Deleted : user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT1750559.fullUserID", "UN16383441571788626.XP.20140908185309");
Line Deleted : user_pref("CT1750559.installType", "Unknown");
Line Deleted : user_pref("CT1750559.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.keyword", true);
Line Deleted : user_pref("CT1750559.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovi.com/?gd=&ctid=CT1750559&octid ... Lay=1&UM=4[...]
Line Deleted : user_pref("CT1750559.lastVersion", "10.34.0.503");
Line Deleted : user_pref("CT1750559.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT1750559.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Fp%3Davast\",\"EB_MAIN_FRAME_TITLE\":\"avast%20-%20Yahoo%20Search[...]
Line Deleted : user_pref("CT1750559.originalHomepage", "about:home");
Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", false);
Line Deleted : user_pref("CT1750559.originalSearchEngine", "Google");
Line Deleted : user_pref("CT1750559.originalSearchEngineName", "Google");
Line Deleted : user_pref("CT1750559.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT1750559.search.searchAppId", "128520273115419467");
Line Deleted : user_pref("CT1750559.search.searchCount", "1");
Line Deleted : user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT1750559.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT1750559.searchUninstallUserMode", "4");
Line Deleted : user_pref("CT1750559.searchUserMode", "4");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1750559.selectToSearchBoxEnabledByUser", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.sendUsageEnabled", "false");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://BSPlayerControlBar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1414956874016");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1414530972633");
Line Deleted : user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1414956871635");
Line Deleted : user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1415039084820");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411931143225");
Line Deleted : user_pref("CT1750559.serviceLayer_services_login_10.34.0.503_lastUpdate", "1415039084661");
Line Deleted : user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1415039084780");
Line Deleted : user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1414956874140");
Line Deleted : user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1414956866538");
Line Deleted : user_pref("CT1750559.serviceLayer_services_setupAPI_lastUpdate", "1410195194177");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1414956872690");
Line Deleted : user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1415039085607");
Line Deleted : user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1414956869627");
Line Deleted : user_pref("CT1750559.settingsINI", true);
Line Deleted : user_pref("CT1750559.showToolbarPermission", "false");
Line Deleted : user_pref("CT1750559.smartbar.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT1750559.smartbar.homepage", true);
Line Deleted : user_pref("CT1750559.smartbar.toolbarName", "BS Player ControlBar ");
Line Deleted : user_pref("CT1750559.toolbarBornServerTime", "8-9-2014");
Line Deleted : user_pref("CT1750559.toolbarCurrentServerTime", "3-11-2014");
Line Deleted : user_pref("CT1750559.toolbarInstallDate", "08-09-2014 18:53:14");
Line Deleted : user_pref("CT1750559.toolbarLoginClientTime", "Mon Sep 08 2014 18:53:20 GMT+0200 (Central Europe Standard Time)");
Line Deleted : user_pref("CT1750559.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415042013324,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3196716.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "SOUTH BRISBANE");
Line Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "AU");
Line Deleted : user_pref("CT3196716.CBOpenMAMSettings", "0");
Line Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.Facebook_Mode", "2");
Line Deleted : user_pref("CT3196716.Facebook_User_Locale", "en");
Line Deleted : user_pref("CT3196716.FirstTime", "true");
Line Deleted : user_pref("CT3196716.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3196716.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3196716.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3196716.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3196716.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
Line Deleted : user_pref("CT3196716.UserID", "UN13281990922070497");
Line Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3196716.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3196716.cb_experience_000", "1");
Line Deleted : user_pref("CT3196716.cbcountry_001", "AU");
Line Deleted : user_pref("CT3196716.cbfirsttime", "Sun Aug 12 2012 10:46:59 GMT+1000");
Line Deleted : user_pref("CT3196716.countryCode", "CZ");
Line Deleted : user_pref("CT3196716.enableAlerts", "always");
Line Deleted : user_pref("CT3196716.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3196716.event_data", "%5B%5D");
Line Deleted : user_pref("CT3196716.fired_events", "");
Line Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3196716.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3196716.fixUrls", true);
Line Deleted : user_pref("CT3196716.fullUserID", "UN13281990922070497.UP.20130701235718");
Line Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3196716.isNewTabEnabled", true);
Line Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.key_date", "28");
Line Deleted : user_pref("CT3196716.keyword", true);
Line Deleted : user_pref("CT3196716.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT3196716&oct ... &Lay=1&UM=[...]
Line Deleted : user_pref("CT3196716.lastVersion", "10.33.0.517");
Line Deleted : user_pref("CT3196716.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3196716.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Fp%3Davast\",\"EB_MAIN_FRAME_TITLE\":\"avast%20-%20Yahoo%20Search%20Results\",\"EB_SEARCH[...]
Line Deleted : user_pref("CT3196716.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=574491EF-A4EE-4B66-8660-1F7BD239018F&n=77ee610f&ind=2012111119&id=HJxdm020YYau&ptnrS=[...]
Line Deleted : user_pref("CT3196716.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");
Line Deleted : user_pref("CT3196716.search.searchCount", "0");
Line Deleted : user_pref("CT3196716.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3196716.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3196716\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvert.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert \"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3196716.serviceLayer_services_Configuration_lastUpdate", "1414956874202");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344732415575");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appTracking_lastUpdate", "1344732419042");
Line Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1351405411940");
Line Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344732417144");
Line Deleted : user_pref("CT3196716.serviceLayer_services_location_lastUpdate", "1372266025025");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345715997891");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354600794384");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359787804909");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360656634541");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371392311984");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.15.2.523_lastUpdate", "1370077131537");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372266025801");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375526597337");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378451013345");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.19.2.505_lastUpdate", "1387273871593");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.23.0.822_lastUpdate", "1410189773770");
Line Deleted : user_pref("CT3196716.serviceLayer_services_login_10.33.0.517_lastUpdate", "1415039084148");
Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1344732415809");
Line Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1344732416737");
Line Deleted : user_pref("CT3196716.serviceLayer_services_optimizer_lastUpdate", "1351405413393");
Line Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344732417209");
Line Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1414956874084");
Line Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1414956872995");
Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344732417051");
Line Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1415039085384");
Line Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1414956864029");
Line Deleted : user_pref("CT3196716.settingsINI", true);
Line Deleted : user_pref("CT3196716.showToolbarPermission", "false");
Line Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");
Line Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3196716.smartbar.homepage", true);
Line Deleted : user_pref("CT3196716.smartbar.isHidden", true);
Line Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
Line Deleted : user_pref("CT3196716.startPage", "userChanged");
Line Deleted : user_pref("CT3196716.toolbarBornServerTime", "12-8-2012");
Line Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "3-11-2014");
Line Deleted : user_pref("CT3196716.toolbarLoginClientTime", "Wed Apr 10 2013 19:14:13 GMT+1000");
Line Deleted : user_pref("CT3196716.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3196716.url_history0001", "hxxp://serialy.herni.cz/griffinovi-serial-1:::clickhandler:::1353662199492,,,hxxp://serialy.herni.cz/futurama-serial-1:::clickhandler:::1353662228109,,,hxxp://s[...]
Line Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415042013097,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3201318.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3201318.1000234.TWC_TMP_city", "MELBOURNE");
Line Deleted : user_pref("CT3201318.1000234.TWC_TMP_country", "AU");
Line Deleted : user_pref("CT3201318.1000234.TWC_locId", "ASXX0075");
Line Deleted : user_pref("CT3201318.1000234.TWC_location", "Melbourne, Australia");
Line Deleted : user_pref("CT3201318.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT3201318.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT3201318.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT3201318.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"18°C\",\"temperatureClear\":\"18°C\",\"highTemperature\":\"22ÂÂÂ[...]
Line Deleted : user_pref("CT3201318.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT3201318.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT3201318.FirstTime", "true");
Line Deleted : user_pref("CT3201318.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3201318.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3201318.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT3201318.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT3201318.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3201318.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&q=");
Line Deleted : user_pref("CT3201318.UserID", "UN35491707202422040");
Line Deleted : user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3201318.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3201318.cbcountry_001.enc", "QVU=");
Line Deleted : user_pref("CT3201318.cbfirsttime.enc", "V2VkIEphbiAwOSAyMDEzIDE5OjI4OjUwIEdNVCsxMDAw");
Line Deleted : user_pref("CT3201318.countryCode", "CZ");
Line Deleted : user_pref("CT3201318.enableAlerts", "always");
Line Deleted : user_pref("CT3201318.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3201318.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3201318.fired_events.enc", "AA==");
Line Deleted : user_pref("CT3201318.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3201318.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3201318.fixUrls", true);
Line Deleted : user_pref("CT3201318.fullUserID", "UN35491707202422040.UP.20130701235718");
Line Deleted : user_pref("CT3201318.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT3201318.installType", "Unknown");
Line Deleted : user_pref("CT3201318.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3201318.isNewTabEnabled", true);
Line Deleted : user_pref("CT3201318.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.key_date.enc", "MTk=");
Line Deleted : user_pref("CT3201318.keyword", true);
Line Deleted : user_pref("CT3201318.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3201318&octid=CT3201318&ISID=ISID_ID&SearchSource=15&CUI=UN35491707202422040&Lay=1&[...]
Line Deleted : user_pref("CT3201318.lastVersion", "10.34.0.503");
Line Deleted : user_pref("CT3201318.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Fp%3Davast\",\"EB_MAIN_FRAME_TITLE\":\"avast%20-%20Yahoo%20Search[...]
Line Deleted : user_pref("CT3201318.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q=");
Line Deleted : user_pref("CT3201318.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT3201318.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT3201318.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"01\\\\/09\\\\/2013 12\\\"}\"}");
Line Deleted : user_pref("CT3201318.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3201318.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3201318.search.searchAppId", "129768733323172459");
Line Deleted : user_pref("CT3201318.search.searchCount", "0");
Line Deleted : user_pref("CT3201318.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3201318.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3201318.searchUserMode", "4");
Line Deleted : user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3201318\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FLVRunner.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FLV Runner \"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3201318.serviceLayer_services_Configuration_lastUpdate", "1414956874246");
Line Deleted : user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357723726103");
Line Deleted : user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1358554245406");
Line Deleted : user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357723727171");
Line Deleted : user_pref("CT3201318.serviceLayer_services_location_lastUpdate", "1372266025793");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359113324709");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359787805049");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360656635536");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.15.0.562_lastUpdate", "1368551384381");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.15.2.523_lastUpdate", "1371392313317");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372266026033");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375526596849");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378451014018");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.19.2.505_lastUpdate", "1387273869501");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.23.0.822_lastUpdate", "1410189772679");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411931143623");
Line Deleted : user_pref("CT3201318.serviceLayer_services_login_10.34.0.503_lastUpdate", "1415039083392");
Line Deleted : user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1358457569472");
Line Deleted : user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1358457569434");
Line Deleted : user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357723727217");
Line Deleted : user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1414956874111");
Line Deleted : user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1414956873300");
Line Deleted : user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357723727126");
Line Deleted : user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1415039085205");
Line Deleted : user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1414956872297");
Line Deleted : user_pref("CT3201318.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1357812196725");
Line Deleted : user_pref("CT3201318.serviceLayer_services_userApps_lastUpdate", "1357812196734");
Line Deleted : user_pref("CT3201318.settingsINI", true);
Line Deleted : user_pref("CT3201318.showToolbarPermission", "false");
Line Deleted : user_pref("CT3201318.smartbar.CTID", "CT3201318");
Line Deleted : user_pref("CT3201318.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3201318.smartbar.homepage", true);
Line Deleted : user_pref("CT3201318.smartbar.isHidden", true);
Line Deleted : user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
Line Deleted : user_pref("CT3201318.startPage", "userChanged");
Line Deleted : user_pref("CT3201318.toolbarBornServerTime", "9-1-2013");
Line Deleted : user_pref("CT3201318.toolbarCurrentServerTime", "3-11-2014");
Line Deleted : user_pref("CT3201318.toolbarLoginClientTime", "Wed Apr 10 2013 19:14:14 GMT+1000");
Line Deleted : user_pref("CT3201318.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNTg1MDEwMDcyNTYsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM1ODUwMTAwOTI2MSwsLGh0dHBz[...]
Line Deleted : user_pref("CT3201318_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415042013222,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN16383441571788626");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_3&babsrc=KW_ss&mntrId=2228bac5000000000000e840f2cc3123&q=");
Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://trovi.com/?ctid=CT1750559&SearchSource=13&CUI=UN16383441571788626");
Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");
Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT1750559");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "sweet-page");
Line Deleted : user_pref("extensions.508cd20a87311.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"su[...]
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "2228bac5000000000000e840f2cc3123");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15556");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010812_ctrl_3112_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=010812_ctrl_3112_3&babsrc=NT_ss&mntrId=2228bac5000000000000e840f2cc3123");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.117:31:03");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Seznam");
Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=574491EF-A4EE-4B66-8660-1F7BD239018F&n=77ee610f&ptnrS=HJxdm020YYau&si=pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", -286656657);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012111119");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm020YYau");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "574491EF-A4EE-4B66-8660-1F7BD239018F");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1376340490605");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13&CUI=SB_CUI,hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN19530297652941611&UM=1&SearchSource=13,h[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&Search[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13&CUI=SB_CUI,hxxp://search.conduit.com/?ctid=CT1750559&CUI=UN19530297652941611&UM=1&SearchSource=13,hxxp://t[...]
Line Deleted : user_pref("smartbar.machineId", "KS/T1/UKZVKZNEJQCBC5KHZLPZZQ0BGPGMOQY7AAZXLQAFXMUIVHEQKND6UXYTG3RURBWMH9KVCKKQRKAJXA5A");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.com.au/");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=574491EF-A4EE-4B66-8660-1F7BD239018F&n=77ee610f&ind=2012111119&id=HJxdm020YYau&ptnrS=H[...]
Line Deleted : user_pref("smartbar.originalSearchEngine", "Google");
Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&CUI=SB_CUI&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=[...]
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT1750559.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3196716.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3201318.mam_gk_userBornDate.storedInFile", false);
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [55157 octets] - [04/11/2014 21:09:10]
AdwCleaner[S0].txt - [52944 octets] - [04/11/2014 21:10:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [53005 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovany pocitac
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovany pocitac
Logfile of random's system information tool 1.10 (written by random/random)
Run by Katerina Rod at 2014-11-04 21:50:18
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 337 GB (73%) free of 462 GB
Total RAM: 3986 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:22 PM, on 4/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WinFLTray.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\UMStor\Res.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\trend micro\Katerina Rod.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid ... 272&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [WinFLTray] C:\windows\SysWow64\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Price-Horse] C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLService - New Softwares.net - C:\windows\SysWow64\WinFLService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MaintainerSvc2.48.1114611 - Unknown owner - C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11799 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\windows\SysWow64\WinFLService.exe
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe"
C:\windows\system32\svchost.exe -k regsvc
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\windows\system32\TODDSrv.exe
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\WinFLTray.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe"
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
ngservice.exe pipeserver
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe" -Embedding
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[S0].txt
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Windows\UMStor\Res.exe"
taskeng.exe {747E47F6-5E9E-4622-A88B-C0B8E2D0151E}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --channel="6104.0.1202615241\1443479011" /prefetch:3
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=gpu-process --channel="6104.1.1968876484\167585971" --no-sandbox --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2752 --ignored=" --type=renderer " --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable /prefetch:12
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4476.3344e4c0.1748728936 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4476 "\\.\pipe\gecko-crash-server-pipe.4476" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash6504.5FBAAAA0.16942 --host-broker-channel=Flash6504.5FBAAAA0.11294 --host-pid=6504 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=6540.0019F1DC.710220833 --proxy-stub-channel=Flash6504.5FBAAAA0.16942 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe"
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"c:\users\kateri~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Users\Katerina Rod\Desktop\RSITx64.exe"
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
=========Mozilla firefox=========
ProfilePath - C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppluginrichmediaplayer.dll
C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\
bs-player-controlbar-customized-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-03 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03 700800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-03 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03 534400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-02-01 12446824]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-12-14 712096]
"TPSCMain"=C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [2011-12-21 740792]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-11-26 710560]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-05-10 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-05-10 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-05-10 440088]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"=C:\windows\SysWow64\WinFLTray.exe [2012-10-19 321736]
"FLBackup"=C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [2012-10-19 275656]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
"Price-Horse"=C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe [2014-11-03 627560]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [2014-09-09 854192]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-05 291608]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-12 1298816]
"USB Storage Toolbox"=C:\windows\UMStor\Res.EXE [2005-09-14 65536]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"WireLessKeyboard"=C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22 2694040]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-03 5223016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-05-10 436224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-04 21:10:02 ----A---- C:\windows\SYSWOW64\sqlite3.dll
2014-11-04 21:09:07 ----D---- C:\AdwCleaner
2014-11-04 20:51:59 ----D---- C:\rsit
2014-11-04 20:51:59 ----D---- C:\Program Files\trend micro
2014-11-04 20:11:17 ----D---- C:\windows\SYSWOW64\vbox
2014-11-04 20:11:17 ----D---- C:\windows\system32\vbox
2014-11-03 22:18:28 ----D---- C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51
2014-11-03 20:29:17 ----D---- C:\Users\Katerina Rod\AppData\Roaming\AVAST Software
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswVmm.sys
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswStm.sys
2014-11-03 20:28:47 ----A---- C:\windows\system32\drivers\aswSP.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswmonflt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswHwid.sys
2014-11-03 20:28:43 ----A---- C:\windows\system32\drivers\aswsnx.sys
2014-11-03 20:28:41 ----A---- C:\windows\system32\aswBoot.exe
2014-11-03 20:28:40 ----A---- C:\windows\avastSS.scr
2014-11-03 20:27:32 ----D---- C:\Program Files\AVAST Software
2014-11-02 16:45:10 ----A---- C:\windows\SYSWOW64\mstscax.dll
2014-11-02 16:45:06 ----A---- C:\windows\system32\mstscax.dll
2014-11-02 11:12:25 ----A---- C:\windows\system32\TsUsbGDCoInstaller.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-02 11:12:20 ----A---- C:\windows\system32\drivers\TsUsbFlt.sys
2014-11-02 11:12:19 ----A---- C:\windows\system32\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\MsRdpWebAccess.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\TSWbPrxy.exe
2014-11-02 11:12:18 ----A---- C:\windows\system32\MsRdpWebAccess.dll
2014-11-02 11:12:17 ----A---- C:\windows\system32\wksprt.exe
2014-11-02 11:12:16 ----A---- C:\windows\SYSWOW64\mstsc.exe
2014-11-02 11:12:15 ----A---- C:\windows\system32\mstsc.exe
2014-11-02 11:12:14 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2014-11-02 11:12:14 ----A---- C:\windows\system32\rdvidcrl.dll
2014-10-15 14:20:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-10-15 06:40:56 ----A---- C:\windows\system32\win32k.sys
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\mscorier.dll
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\dfshim.dll
2014-10-15 06:40:53 ----A---- C:\windows\system32\mscorier.dll
2014-10-15 06:40:52 ----A---- C:\windows\SYSWOW64\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\dfshim.dll
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDBASH.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDBASH.DLL
2014-10-15 06:40:38 ----A---- C:\windows\system32\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\SYSWOW64\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\system32\drmv2clt.dll
2014-10-15 06:40:36 ----A---- C:\windows\SYSWOW64\drmv2clt.dll
2014-10-15 06:40:34 ----A---- C:\windows\system32\wmp.dll
2014-10-15 06:40:30 ----A---- C:\windows\SYSWOW64\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\mf.dll
2014-10-15 06:40:29 ----A---- C:\windows\SYSWOW64\wmp.dll
2014-10-15 06:40:29 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-10-15 06:40:28 ----A---- C:\windows\system32\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\mf.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-10-15 06:40:27 ----A---- C:\windows\system32\drivers\PEAuth.sys
2014-10-15 06:40:27 ----A---- C:\windows\system32\ci.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\winload.exe
2014-10-15 06:40:26 ----A---- C:\windows\system32\quartz.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\AudioEng.dll
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\wintrust.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\winresume.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\ntoskrnl.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\evr.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\EncDump.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\crypt32.dll
2014-10-15 06:40:23 ----A---- C:\windows\SYSWOW64\wintrust.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\cryptui.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\AudioSes.dll
2014-10-15 06:40:22 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2014-10-15 06:40:21 ----A---- C:\windows\SYSWOW64\evr.dll
2014-10-15 06:40:21 ----A---- C:\windows\system32\audiosrv.dll
2014-10-15 06:40:20 ----A---- C:\windows\SYSWOW64\quartz.dll
2014-10-15 06:40:20 ----A---- C:\windows\system32\mfplat.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\cryptui.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\crypt32.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\srcore.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\pcasvc.dll
2014-10-15 06:40:17 ----A---- C:\windows\SYSWOW64\mfplat.dll
2014-10-15 06:40:16 ----A---- C:\windows\system32\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\rstrui.exe
2014-10-15 06:40:15 ----A---- C:\windows\system32\msscp.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\msnetobj.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\appidsvc.dll
2014-10-15 06:40:14 ----A---- C:\windows\SYSWOW64\msscp.dll
2014-10-15 06:40:14 ----A---- C:\windows\system32\drivers\appid.sys
2014-10-15 06:40:14 ----A---- C:\windows\system32\audiodg.exe
2014-10-15 06:40:14 ----A---- C:\windows\system32\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\msnetobj.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\mfps.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\system32\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\system32\mfps.dll
2014-10-15 06:40:12 ----A---- C:\windows\SYSWOW64\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\setbcdlocale.dll
2014-10-15 06:40:12 ----A---- C:\windows\system32\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\appidpolicyconverter.exe
2014-10-15 06:40:11 ----A---- C:\windows\SYSWOW64\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\appidcertstorecheck.exe
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\dxmasf.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\system32\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\dxmasf.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\generaltel.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\aepdu.dll
2014-10-15 06:39:58 ----A---- C:\windows\system32\aeinv.dll
2014-10-15 06:39:57 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\iernonce.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ie4uinit.exe
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-10-15 06:39:54 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:39:52 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-10-15 06:39:52 ----A---- C:\windows\system32\iedkcs32.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\urlmon.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\msfeeds.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\ieetwcollector.exe
2014-10-15 06:39:50 ----A---- C:\windows\system32\dxtmsft.dll
2014-10-15 06:39:49 ----A---- C:\windows\system32\iesetup.dll
2014-10-15 06:39:48 ----A---- C:\windows\system32\iertutil.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-10-15 06:39:45 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-10-15 06:39:45 ----A---- C:\windows\system32\jsproxy.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\ieui.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\dxtrans.dll
2014-10-15 06:39:42 ----A---- C:\windows\system32\ieframe.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmled.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\jscript9diag.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\ieUnatt.exe
2014-10-15 06:39:39 ----A---- C:\windows\system32\jscript9.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\wininet.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\vbscript.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\ieapfltr.dll
2014-10-15 06:39:37 ----A---- C:\windows\system32\MshtmlDac.dll
2014-10-15 06:39:36 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:39:36 ----A---- C:\windows\system32\msrating.dll
2014-10-15 06:39:35 ----A---- C:\windows\system32\mshtml.dll
2014-10-15 06:39:17 ----A---- C:\windows\system32\msi.dll
2014-10-15 06:39:16 ----A---- C:\windows\SYSWOW64\msi.dll
2014-10-15 06:39:03 ----A---- C:\windows\system32\rdpcorets.dll
2014-10-15 06:38:58 ----A---- C:\windows\SYSWOW64\rastls.dll
2014-10-15 06:38:58 ----A---- C:\windows\system32\rastls.dll
2014-10-15 06:38:50 ----A---- C:\windows\system32\termsrv.dll
2014-10-15 06:38:49 ----A---- C:\windows\SYSWOW64\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winlogon.exe
2014-10-15 06:38:49 ----A---- C:\windows\system32\rdpcorekmts.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\drivers\rdpwd.sys
2014-10-15 06:38:48 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-10-15 06:38:48 ----A---- C:\windows\system32\TSpkg.dll
2014-10-15 06:38:47 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-10-15 06:38:47 ----A---- C:\windows\system32\drivers\tssecsrv.sys
2014-10-15 06:38:47 ----A---- C:\windows\system32\credssp.dll
2014-10-15 06:38:33 ----A---- C:\windows\SYSWOW64\packager.dll
2014-10-15 06:38:33 ----A---- C:\windows\system32\packager.dll
2014-10-13 14:52:32 ----D---- C:\Program Files (x86)\Microsoft XNA
2014-10-10 09:53:56 ----D---- C:\Users\Katerina Rod\AppData\Roaming\SpaceEngineers
2014-10-08 20:45:31 ----D---- C:\Program Files (x86)\Origin Games
2014-10-08 20:45:13 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Origin
2014-10-08 20:41:40 ----D---- C:\ProgramData\Origin
2014-10-08 20:41:39 ----D---- C:\ProgramData\Electronic Arts
2014-10-08 20:41:35 ----D---- C:\Program Files (x86)\Origin
======List of files/folders modified in the last 1 month======
2014-11-04 21:50:20 ----D---- C:\windows\Temp
2014-11-04 21:30:51 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Skype
2014-11-04 21:28:51 ----D---- C:\windows\system32\config
2014-11-04 21:14:44 ----AD---- C:\windows\System32
2014-11-04 21:14:33 ----A---- C:\windows\SYSWOW64\log.txt
2014-11-04 21:13:34 ----A---- C:\IFRToolLog.txt
2014-11-04 21:10:46 ----D---- C:\windows\system32\drivers
2014-11-04 21:10:38 ----D---- C:\Program Files (x86)
2014-11-04 21:10:36 ----HD---- C:\ProgramData
2014-11-04 21:10:02 ----D---- C:\windows\SysWOW64
2014-11-04 20:51:59 ----RD---- C:\Program Files
2014-11-04 20:12:06 ----SHD---- C:\System Volume Information
2014-11-04 20:06:56 ----AD---- C:\Windows
2014-11-04 04:21:28 ----D---- C:\windows\system32\LogFiles
2014-11-04 04:20:56 ----D---- C:\windows\system32\GroupPolicy
2014-11-03 21:48:30 ----A---- C:\windows\win.ini
2014-11-03 20:49:46 ----HD---- C:\windows\system32\CanonIJ Uninstaller Information
2014-11-03 20:46:03 ----HD---- C:\ProgramData\CanonIJScan
2014-11-03 20:46:03 ----D---- C:\windows\twain_32
2014-11-03 20:46:03 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Canon
2014-11-03 20:45:51 ----D---- C:\windows\system32\DriverStore
2014-11-03 20:45:51 ----D---- C:\windows\inf
2014-11-03 20:45:16 ----D---- C:\Program Files (x86)\Canon
2014-11-03 20:28:59 ----D---- C:\windows\system32\Tasks
2014-11-03 20:28:43 ----D---- C:\windows\winsxs
2014-11-03 20:27:32 ----D---- C:\ProgramData\AVAST Software
2014-11-03 20:26:15 ----D---- C:\Program Files\CCleaner
2014-11-03 20:21:15 ----D---- C:\Users\Katerina Rod\AppData\Roaming\BSplayer
2014-11-03 20:19:43 ----D---- C:\Program Files (x86)\Steam
2014-11-03 20:19:41 ----D---- C:\windows\Logs
2014-11-03 20:19:41 ----D---- C:\windows\debug
2014-11-03 20:18:06 ----SHD---- C:\windows\Installer
2014-11-03 20:16:06 ----D---- C:\Program Files (x86)\Common Files
2014-11-03 20:14:00 ----D---- C:\windows\Prefetch
2014-11-03 19:41:43 ----D---- C:\windows\Tasks
2014-11-03 05:40:16 ----D---- C:\windows\rescache
2014-11-02 22:21:52 ----D---- C:\windows\SYSWOW64\en-US
2014-11-02 22:21:52 ----D---- C:\windows\system32\en-US
2014-11-02 16:42:45 ----D---- C:\windows\system32\catroot2
2014-11-02 11:24:21 ----D---- C:\Users\Katerina Rod\AppData\Roaming\TS3Client
2014-11-02 11:16:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 11:15:21 ----D---- C:\windows\SYSWOW64\wbem
2014-11-02 11:15:21 ----D---- C:\windows\system32\drivers\en-US
2014-11-02 11:15:20 ----D---- C:\windows\system32\wbem
2014-11-01 19:50:20 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-10-28 23:07:32 ----D---- C:\Program Files\TOSHIBA
2014-10-28 23:07:32 ----D---- C:\Program Files (x86)\Toshiba
2014-10-28 23:03:03 ----D---- C:\windows\Microsoft.NET
2014-10-28 05:34:58 ----N---- C:\windows\system32\MpSigStub.exe
2014-10-20 07:05:02 ----D---- C:\Program Files (x86)\Google
2014-10-19 09:31:11 ----RSD---- C:\windows\assembly
2014-10-16 16:10:56 ----RSD---- C:\windows\Fonts
2014-10-16 16:10:53 ----D---- C:\windows\SYSWOW64\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\CodeIntegrity
2014-10-16 16:10:53 ----D---- C:\windows\system32\Boot
2014-10-16 16:10:53 ----D---- C:\Program Files\Windows Media Player
2014-10-16 16:10:53 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-16 16:10:52 ----SD---- C:\windows\system32\CompatTel
2014-10-16 16:10:52 ----D---- C:\Program Files\Internet Explorer
2014-10-16 16:10:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 14:27:18 ----D---- C:\windows\system32\MRT
2014-10-16 14:16:22 ----A---- C:\windows\system32\MRT.exe
2014-10-15 06:38:28 ----D---- C:\windows\system32\catroot
2014-10-10 16:07:49 ----D---- C:\Users\Katerina Rod\AppData\Roaming\.minecraft
2014-10-07 07:56:35 ----D---- C:\windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-11-03 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-11-03 267632]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-11-03 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-03 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-11-03 436624]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R1 WinFLAdrv;WinFLAdrv; C:\windows\SysWOW64\WinFLAdrv.sys [2012-10-19 34816]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-11-03 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-11-03 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-11-03 116728]
R2 NEWDRIVER;NEWDRIVER; \??\C:\windows\SysWow64\WinVDEdrv6.sys [2012-10-19 197648]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-03 270728]
R2 WinVDEDrv;WinVDEDrv; \??\C:\windows\SysWow64\WinVDEdrv.sys [2012-10-19 225680]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2012-02-01 4739304]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2011-08-17 251496]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-31 27784]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-19 18872]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TDEIO;TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2012-01-30 304696]
S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-12-17 79040]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;USB Scanner Driver; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-03 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2011-03-01 27648]
R2 FLService;FLService; C:\windows\SysWow64\WinFLService.exe [2012-10-19 91336]
R2 GFNEXSrv;GFNEX Service; C:\Windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-01-21 277784]
R2 MaintainerSvc2.48.1114611;MaintainerSvc2.48.1114611; C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe [2014-11-04 123632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-03 4012248]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2011-03-01 27648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-10 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-31 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-09-23 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-02 198064]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-17 1255736]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Run by Katerina Rod at 2014-11-04 21:50:18
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 337 GB (73%) free of 462 GB
Total RAM: 3986 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:22 PM, on 4/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WinFLTray.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\UMStor\Res.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\trend micro\Katerina Rod.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid ... 272&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [WinFLTray] C:\windows\SysWow64\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Price-Horse] C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLService - New Softwares.net - C:\windows\SysWow64\WinFLService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MaintainerSvc2.48.1114611 - Unknown owner - C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11799 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\windows\SysWow64\WinFLService.exe
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe"
C:\windows\system32\svchost.exe -k regsvc
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\windows\system32\TODDSrv.exe
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\SysWOW64\WinFLTray.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe"
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
ngservice.exe pipeserver
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe" -Embedding
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[S0].txt
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Windows\UMStor\Res.exe"
taskeng.exe {747E47F6-5E9E-4622-A88B-C0B8E2D0151E}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --channel="6104.0.1202615241\1443479011" /prefetch:3
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=gpu-process --channel="6104.1.1968876484\167585971" --no-sandbox --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2752 --ignored=" --type=renderer " --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable /prefetch:12
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4476.3344e4c0.1748728936 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4476 "\\.\pipe\gecko-crash-server-pipe.4476" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash6504.5FBAAAA0.16942 --host-broker-channel=Flash6504.5FBAAAA0.11294 --host-pid=6504 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=6540.0019F1DC.710220833 --proxy-stub-channel=Flash6504.5FBAAAA0.16942 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Users\Katerina Rod\Desktop\TeamViewerQS_en.exe"
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"c:\users\kateri~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Users\Katerina Rod\Desktop\RSITx64.exe"
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
=========Mozilla firefox=========
ProfilePath - C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppluginrichmediaplayer.dll
C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\
bs-player-controlbar-customized-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-03 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03 700800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-03 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03 534400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-02-01 12446824]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-12-14 712096]
"TPSCMain"=C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [2011-12-21 740792]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-11-26 710560]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-05-10 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-05-10 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-05-10 440088]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"=C:\windows\SysWow64\WinFLTray.exe [2012-10-19 321736]
"FLBackup"=C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [2012-10-19 275656]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
"Price-Horse"=C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe [2014-11-03 627560]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [2014-09-09 854192]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-05 291608]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-12 1298816]
"USB Storage Toolbox"=C:\windows\UMStor\Res.EXE [2005-09-14 65536]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"WireLessKeyboard"=C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22 2694040]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-03 5223016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-05-10 436224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-04 21:10:02 ----A---- C:\windows\SYSWOW64\sqlite3.dll
2014-11-04 21:09:07 ----D---- C:\AdwCleaner
2014-11-04 20:51:59 ----D---- C:\rsit
2014-11-04 20:51:59 ----D---- C:\Program Files\trend micro
2014-11-04 20:11:17 ----D---- C:\windows\SYSWOW64\vbox
2014-11-04 20:11:17 ----D---- C:\windows\system32\vbox
2014-11-03 22:18:28 ----D---- C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51
2014-11-03 20:29:17 ----D---- C:\Users\Katerina Rod\AppData\Roaming\AVAST Software
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswVmm.sys
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswStm.sys
2014-11-03 20:28:47 ----A---- C:\windows\system32\drivers\aswSP.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswmonflt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswHwid.sys
2014-11-03 20:28:43 ----A---- C:\windows\system32\drivers\aswsnx.sys
2014-11-03 20:28:41 ----A---- C:\windows\system32\aswBoot.exe
2014-11-03 20:28:40 ----A---- C:\windows\avastSS.scr
2014-11-03 20:27:32 ----D---- C:\Program Files\AVAST Software
2014-11-02 16:45:10 ----A---- C:\windows\SYSWOW64\mstscax.dll
2014-11-02 16:45:06 ----A---- C:\windows\system32\mstscax.dll
2014-11-02 11:12:25 ----A---- C:\windows\system32\TsUsbGDCoInstaller.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-02 11:12:20 ----A---- C:\windows\system32\drivers\TsUsbFlt.sys
2014-11-02 11:12:19 ----A---- C:\windows\system32\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\MsRdpWebAccess.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\TSWbPrxy.exe
2014-11-02 11:12:18 ----A---- C:\windows\system32\MsRdpWebAccess.dll
2014-11-02 11:12:17 ----A---- C:\windows\system32\wksprt.exe
2014-11-02 11:12:16 ----A---- C:\windows\SYSWOW64\mstsc.exe
2014-11-02 11:12:15 ----A---- C:\windows\system32\mstsc.exe
2014-11-02 11:12:14 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2014-11-02 11:12:14 ----A---- C:\windows\system32\rdvidcrl.dll
2014-10-15 14:20:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-10-15 06:40:56 ----A---- C:\windows\system32\win32k.sys
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\mscorier.dll
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\dfshim.dll
2014-10-15 06:40:53 ----A---- C:\windows\system32\mscorier.dll
2014-10-15 06:40:52 ----A---- C:\windows\SYSWOW64\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\dfshim.dll
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDBASH.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDBASH.DLL
2014-10-15 06:40:38 ----A---- C:\windows\system32\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\SYSWOW64\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\system32\drmv2clt.dll
2014-10-15 06:40:36 ----A---- C:\windows\SYSWOW64\drmv2clt.dll
2014-10-15 06:40:34 ----A---- C:\windows\system32\wmp.dll
2014-10-15 06:40:30 ----A---- C:\windows\SYSWOW64\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\mf.dll
2014-10-15 06:40:29 ----A---- C:\windows\SYSWOW64\wmp.dll
2014-10-15 06:40:29 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-10-15 06:40:28 ----A---- C:\windows\system32\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\mf.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-10-15 06:40:27 ----A---- C:\windows\system32\drivers\PEAuth.sys
2014-10-15 06:40:27 ----A---- C:\windows\system32\ci.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\winload.exe
2014-10-15 06:40:26 ----A---- C:\windows\system32\quartz.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\AudioEng.dll
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\wintrust.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\winresume.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\ntoskrnl.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\evr.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\EncDump.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\crypt32.dll
2014-10-15 06:40:23 ----A---- C:\windows\SYSWOW64\wintrust.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\cryptui.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\AudioSes.dll
2014-10-15 06:40:22 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2014-10-15 06:40:21 ----A---- C:\windows\SYSWOW64\evr.dll
2014-10-15 06:40:21 ----A---- C:\windows\system32\audiosrv.dll
2014-10-15 06:40:20 ----A---- C:\windows\SYSWOW64\quartz.dll
2014-10-15 06:40:20 ----A---- C:\windows\system32\mfplat.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\cryptui.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\crypt32.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\srcore.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\pcasvc.dll
2014-10-15 06:40:17 ----A---- C:\windows\SYSWOW64\mfplat.dll
2014-10-15 06:40:16 ----A---- C:\windows\system32\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\rstrui.exe
2014-10-15 06:40:15 ----A---- C:\windows\system32\msscp.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\msnetobj.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\appidsvc.dll
2014-10-15 06:40:14 ----A---- C:\windows\SYSWOW64\msscp.dll
2014-10-15 06:40:14 ----A---- C:\windows\system32\drivers\appid.sys
2014-10-15 06:40:14 ----A---- C:\windows\system32\audiodg.exe
2014-10-15 06:40:14 ----A---- C:\windows\system32\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\msnetobj.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\mfps.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\system32\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\system32\mfps.dll
2014-10-15 06:40:12 ----A---- C:\windows\SYSWOW64\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\setbcdlocale.dll
2014-10-15 06:40:12 ----A---- C:\windows\system32\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\appidpolicyconverter.exe
2014-10-15 06:40:11 ----A---- C:\windows\SYSWOW64\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\appidcertstorecheck.exe
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\dxmasf.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\system32\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\dxmasf.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\generaltel.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\aepdu.dll
2014-10-15 06:39:58 ----A---- C:\windows\system32\aeinv.dll
2014-10-15 06:39:57 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\iernonce.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ie4uinit.exe
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-10-15 06:39:54 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:39:52 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-10-15 06:39:52 ----A---- C:\windows\system32\iedkcs32.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\urlmon.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\msfeeds.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\ieetwcollector.exe
2014-10-15 06:39:50 ----A---- C:\windows\system32\dxtmsft.dll
2014-10-15 06:39:49 ----A---- C:\windows\system32\iesetup.dll
2014-10-15 06:39:48 ----A---- C:\windows\system32\iertutil.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-10-15 06:39:45 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-10-15 06:39:45 ----A---- C:\windows\system32\jsproxy.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\ieui.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\dxtrans.dll
2014-10-15 06:39:42 ----A---- C:\windows\system32\ieframe.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmled.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\jscript9diag.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\ieUnatt.exe
2014-10-15 06:39:39 ----A---- C:\windows\system32\jscript9.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\wininet.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\vbscript.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\ieapfltr.dll
2014-10-15 06:39:37 ----A---- C:\windows\system32\MshtmlDac.dll
2014-10-15 06:39:36 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:39:36 ----A---- C:\windows\system32\msrating.dll
2014-10-15 06:39:35 ----A---- C:\windows\system32\mshtml.dll
2014-10-15 06:39:17 ----A---- C:\windows\system32\msi.dll
2014-10-15 06:39:16 ----A---- C:\windows\SYSWOW64\msi.dll
2014-10-15 06:39:03 ----A---- C:\windows\system32\rdpcorets.dll
2014-10-15 06:38:58 ----A---- C:\windows\SYSWOW64\rastls.dll
2014-10-15 06:38:58 ----A---- C:\windows\system32\rastls.dll
2014-10-15 06:38:50 ----A---- C:\windows\system32\termsrv.dll
2014-10-15 06:38:49 ----A---- C:\windows\SYSWOW64\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winlogon.exe
2014-10-15 06:38:49 ----A---- C:\windows\system32\rdpcorekmts.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\drivers\rdpwd.sys
2014-10-15 06:38:48 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-10-15 06:38:48 ----A---- C:\windows\system32\TSpkg.dll
2014-10-15 06:38:47 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-10-15 06:38:47 ----A---- C:\windows\system32\drivers\tssecsrv.sys
2014-10-15 06:38:47 ----A---- C:\windows\system32\credssp.dll
2014-10-15 06:38:33 ----A---- C:\windows\SYSWOW64\packager.dll
2014-10-15 06:38:33 ----A---- C:\windows\system32\packager.dll
2014-10-13 14:52:32 ----D---- C:\Program Files (x86)\Microsoft XNA
2014-10-10 09:53:56 ----D---- C:\Users\Katerina Rod\AppData\Roaming\SpaceEngineers
2014-10-08 20:45:31 ----D---- C:\Program Files (x86)\Origin Games
2014-10-08 20:45:13 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Origin
2014-10-08 20:41:40 ----D---- C:\ProgramData\Origin
2014-10-08 20:41:39 ----D---- C:\ProgramData\Electronic Arts
2014-10-08 20:41:35 ----D---- C:\Program Files (x86)\Origin
======List of files/folders modified in the last 1 month======
2014-11-04 21:50:20 ----D---- C:\windows\Temp
2014-11-04 21:30:51 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Skype
2014-11-04 21:28:51 ----D---- C:\windows\system32\config
2014-11-04 21:14:44 ----AD---- C:\windows\System32
2014-11-04 21:14:33 ----A---- C:\windows\SYSWOW64\log.txt
2014-11-04 21:13:34 ----A---- C:\IFRToolLog.txt
2014-11-04 21:10:46 ----D---- C:\windows\system32\drivers
2014-11-04 21:10:38 ----D---- C:\Program Files (x86)
2014-11-04 21:10:36 ----HD---- C:\ProgramData
2014-11-04 21:10:02 ----D---- C:\windows\SysWOW64
2014-11-04 20:51:59 ----RD---- C:\Program Files
2014-11-04 20:12:06 ----SHD---- C:\System Volume Information
2014-11-04 20:06:56 ----AD---- C:\Windows
2014-11-04 04:21:28 ----D---- C:\windows\system32\LogFiles
2014-11-04 04:20:56 ----D---- C:\windows\system32\GroupPolicy
2014-11-03 21:48:30 ----A---- C:\windows\win.ini
2014-11-03 20:49:46 ----HD---- C:\windows\system32\CanonIJ Uninstaller Information
2014-11-03 20:46:03 ----HD---- C:\ProgramData\CanonIJScan
2014-11-03 20:46:03 ----D---- C:\windows\twain_32
2014-11-03 20:46:03 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Canon
2014-11-03 20:45:51 ----D---- C:\windows\system32\DriverStore
2014-11-03 20:45:51 ----D---- C:\windows\inf
2014-11-03 20:45:16 ----D---- C:\Program Files (x86)\Canon
2014-11-03 20:28:59 ----D---- C:\windows\system32\Tasks
2014-11-03 20:28:43 ----D---- C:\windows\winsxs
2014-11-03 20:27:32 ----D---- C:\ProgramData\AVAST Software
2014-11-03 20:26:15 ----D---- C:\Program Files\CCleaner
2014-11-03 20:21:15 ----D---- C:\Users\Katerina Rod\AppData\Roaming\BSplayer
2014-11-03 20:19:43 ----D---- C:\Program Files (x86)\Steam
2014-11-03 20:19:41 ----D---- C:\windows\Logs
2014-11-03 20:19:41 ----D---- C:\windows\debug
2014-11-03 20:18:06 ----SHD---- C:\windows\Installer
2014-11-03 20:16:06 ----D---- C:\Program Files (x86)\Common Files
2014-11-03 20:14:00 ----D---- C:\windows\Prefetch
2014-11-03 19:41:43 ----D---- C:\windows\Tasks
2014-11-03 05:40:16 ----D---- C:\windows\rescache
2014-11-02 22:21:52 ----D---- C:\windows\SYSWOW64\en-US
2014-11-02 22:21:52 ----D---- C:\windows\system32\en-US
2014-11-02 16:42:45 ----D---- C:\windows\system32\catroot2
2014-11-02 11:24:21 ----D---- C:\Users\Katerina Rod\AppData\Roaming\TS3Client
2014-11-02 11:16:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 11:15:21 ----D---- C:\windows\SYSWOW64\wbem
2014-11-02 11:15:21 ----D---- C:\windows\system32\drivers\en-US
2014-11-02 11:15:20 ----D---- C:\windows\system32\wbem
2014-11-01 19:50:20 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-10-28 23:07:32 ----D---- C:\Program Files\TOSHIBA
2014-10-28 23:07:32 ----D---- C:\Program Files (x86)\Toshiba
2014-10-28 23:03:03 ----D---- C:\windows\Microsoft.NET
2014-10-28 05:34:58 ----N---- C:\windows\system32\MpSigStub.exe
2014-10-20 07:05:02 ----D---- C:\Program Files (x86)\Google
2014-10-19 09:31:11 ----RSD---- C:\windows\assembly
2014-10-16 16:10:56 ----RSD---- C:\windows\Fonts
2014-10-16 16:10:53 ----D---- C:\windows\SYSWOW64\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\CodeIntegrity
2014-10-16 16:10:53 ----D---- C:\windows\system32\Boot
2014-10-16 16:10:53 ----D---- C:\Program Files\Windows Media Player
2014-10-16 16:10:53 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-16 16:10:52 ----SD---- C:\windows\system32\CompatTel
2014-10-16 16:10:52 ----D---- C:\Program Files\Internet Explorer
2014-10-16 16:10:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 14:27:18 ----D---- C:\windows\system32\MRT
2014-10-16 14:16:22 ----A---- C:\windows\system32\MRT.exe
2014-10-15 06:38:28 ----D---- C:\windows\system32\catroot
2014-10-10 16:07:49 ----D---- C:\Users\Katerina Rod\AppData\Roaming\.minecraft
2014-10-07 07:56:35 ----D---- C:\windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-11-03 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-11-03 267632]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-11-03 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-03 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-11-03 436624]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R1 WinFLAdrv;WinFLAdrv; C:\windows\SysWOW64\WinFLAdrv.sys [2012-10-19 34816]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-11-03 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-11-03 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-11-03 116728]
R2 NEWDRIVER;NEWDRIVER; \??\C:\windows\SysWow64\WinVDEdrv6.sys [2012-10-19 197648]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-03 270728]
R2 WinVDEDrv;WinVDEDrv; \??\C:\windows\SysWow64\WinVDEdrv.sys [2012-10-19 225680]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2012-02-01 4739304]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2011-08-17 251496]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-31 27784]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-19 18872]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TDEIO;TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2012-01-30 304696]
S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-12-17 79040]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;USB Scanner Driver; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-03 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2011-03-01 27648]
R2 FLService;FLService; C:\windows\SysWow64\WinFLService.exe [2012-10-19 91336]
R2 GFNEXSrv;GFNEX Service; C:\Windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-01-21 277784]
R2 MaintainerSvc2.48.1114611;MaintainerSvc2.48.1114611; C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe [2014-11-04 123632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-03 4012248]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2011-03-01 27648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-10 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-31 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-09-23 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-02 198064]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-17 1255736]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovany pocitac
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Program Files (x86)\Skype\Toolbars
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
:services
c2cautoupdatesvc
c2cpnrsvc
:services
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovany pocitac
Logfile of random's system information tool 1.10 (written by random/random)
Run by Katerina Rod at 2014-11-04 22:14:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 337 GB (73%) free of 462 GB
Total RAM: 3986 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:35 PM, on 4/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WinFLTray.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\UMStor\Res.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\trend micro\Katerina Rod.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid ... 272&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [WinFLTray] C:\windows\SysWow64\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Price-Horse] C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLService - New Softwares.net - C:\windows\SysWow64\WinFLService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MaintainerSvc2.48.1114611 - Unknown owner - C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11315 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\windows\system32\Dwm.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\Explorer.EXE
C:\Windows\System32\GFNEXSrv.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\SysWow64\WinFLService.exe
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
taskeng.exe {0473BD4A-1580-4230-A444-634EF4DA2AD6}
"C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe"
C:\windows\system32\svchost.exe -k regsvc
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\windows\system32\TODDSrv.exe
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\System32\alg.exe
C:\windows\System32\svchost.exe -k secsvcs
"C:\Windows\SysWOW64\WinFLTray.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe"
ngservice.exe pipeserver
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe" -Embedding
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
taskeng.exe {D0F551F9-C0D5-4A4D-B288-DEA2EE841EDE}
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Windows\UMStor\Res.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --channel="3736.0.630403665\641352991" /prefetch:3
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=gpu-process --channel="3736.1.1017387258\433567127" --no-sandbox --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2752 --ignored=" --type=renderer " --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable /prefetch:12
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\sppsvc.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1504.b1c8100.1904131807 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1504 "\\.\pipe\gecko-crash-server-pipe.1504" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash6908.5D6FAAA0.27514 --host-broker-channel=Flash6908.5D6FAAA0.3574 --host-pid=6908 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=6944.0040F83C.1474809233 --proxy-stub-channel=Flash6908.5D6FAAA0.27514 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"c:\users\kateri~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe" --IPCport 5939
C:\windows\servicing\TrustedInstaller.exe
C:\Windows\system32\PrintIsolationHost.exe -Embedding
"C:\Users\Katerina Rod\Desktop\RSITx64.exe"
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
=========Mozilla firefox=========
ProfilePath - C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppluginrichmediaplayer.dll
C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\
bs-player-controlbar-customized-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-03 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03 700800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-03 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03 534400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-02-01 12446824]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-12-14 712096]
"TPSCMain"=C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [2011-12-21 740792]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-11-26 710560]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-05-10 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-05-10 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-05-10 440088]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"=C:\windows\SysWow64\WinFLTray.exe [2012-10-19 321736]
"FLBackup"=C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [2012-10-19 275656]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
"Price-Horse"=C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe [2014-11-03 627560]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-05 291608]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-12 1298816]
"USB Storage Toolbox"=C:\windows\UMStor\Res.EXE [2005-09-14 65536]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"WireLessKeyboard"=C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22 2694040]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-03 5223016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-05-10 436224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-04 22:03:50 ----D---- C:\_OTM
2014-11-04 21:10:02 ----A---- C:\windows\SYSWOW64\sqlite3.dll
2014-11-04 21:09:07 ----D---- C:\AdwCleaner
2014-11-04 20:51:59 ----D---- C:\rsit
2014-11-04 20:51:59 ----D---- C:\Program Files\trend micro
2014-11-04 20:11:17 ----D---- C:\windows\SYSWOW64\vbox
2014-11-04 20:11:17 ----D---- C:\windows\system32\vbox
2014-11-03 22:18:28 ----D---- C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51
2014-11-03 20:29:17 ----D---- C:\Users\Katerina Rod\AppData\Roaming\AVAST Software
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswVmm.sys
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswStm.sys
2014-11-03 20:28:47 ----A---- C:\windows\system32\drivers\aswSP.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswmonflt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswHwid.sys
2014-11-03 20:28:43 ----A---- C:\windows\system32\drivers\aswsnx.sys
2014-11-03 20:28:41 ----A---- C:\windows\system32\aswBoot.exe
2014-11-03 20:28:40 ----A---- C:\windows\avastSS.scr
2014-11-03 20:27:32 ----D---- C:\Program Files\AVAST Software
2014-11-02 16:45:10 ----A---- C:\windows\SYSWOW64\mstscax.dll
2014-11-02 16:45:06 ----A---- C:\windows\system32\mstscax.dll
2014-11-02 11:12:25 ----A---- C:\windows\system32\TsUsbGDCoInstaller.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-02 11:12:20 ----A---- C:\windows\system32\drivers\TsUsbFlt.sys
2014-11-02 11:12:19 ----A---- C:\windows\system32\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\MsRdpWebAccess.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\TSWbPrxy.exe
2014-11-02 11:12:18 ----A---- C:\windows\system32\MsRdpWebAccess.dll
2014-11-02 11:12:17 ----A---- C:\windows\system32\wksprt.exe
2014-11-02 11:12:16 ----A---- C:\windows\SYSWOW64\mstsc.exe
2014-11-02 11:12:15 ----A---- C:\windows\system32\mstsc.exe
2014-11-02 11:12:14 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2014-11-02 11:12:14 ----A---- C:\windows\system32\rdvidcrl.dll
2014-10-15 14:20:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-10-15 06:40:56 ----A---- C:\windows\system32\win32k.sys
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\mscorier.dll
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\dfshim.dll
2014-10-15 06:40:53 ----A---- C:\windows\system32\mscorier.dll
2014-10-15 06:40:52 ----A---- C:\windows\SYSWOW64\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\dfshim.dll
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDBASH.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDBASH.DLL
2014-10-15 06:40:38 ----A---- C:\windows\system32\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\SYSWOW64\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\system32\drmv2clt.dll
2014-10-15 06:40:36 ----A---- C:\windows\SYSWOW64\drmv2clt.dll
2014-10-15 06:40:34 ----A---- C:\windows\system32\wmp.dll
2014-10-15 06:40:30 ----A---- C:\windows\SYSWOW64\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\mf.dll
2014-10-15 06:40:29 ----A---- C:\windows\SYSWOW64\wmp.dll
2014-10-15 06:40:29 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-10-15 06:40:28 ----A---- C:\windows\system32\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\mf.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-10-15 06:40:27 ----A---- C:\windows\system32\drivers\PEAuth.sys
2014-10-15 06:40:27 ----A---- C:\windows\system32\ci.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\winload.exe
2014-10-15 06:40:26 ----A---- C:\windows\system32\quartz.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\AudioEng.dll
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\wintrust.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\winresume.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\ntoskrnl.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\evr.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\EncDump.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\crypt32.dll
2014-10-15 06:40:23 ----A---- C:\windows\SYSWOW64\wintrust.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\cryptui.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\AudioSes.dll
2014-10-15 06:40:22 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2014-10-15 06:40:21 ----A---- C:\windows\SYSWOW64\evr.dll
2014-10-15 06:40:21 ----A---- C:\windows\system32\audiosrv.dll
2014-10-15 06:40:20 ----A---- C:\windows\SYSWOW64\quartz.dll
2014-10-15 06:40:20 ----A---- C:\windows\system32\mfplat.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\cryptui.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\crypt32.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\srcore.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\pcasvc.dll
2014-10-15 06:40:17 ----A---- C:\windows\SYSWOW64\mfplat.dll
2014-10-15 06:40:16 ----A---- C:\windows\system32\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\rstrui.exe
2014-10-15 06:40:15 ----A---- C:\windows\system32\msscp.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\msnetobj.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\appidsvc.dll
2014-10-15 06:40:14 ----A---- C:\windows\SYSWOW64\msscp.dll
2014-10-15 06:40:14 ----A---- C:\windows\system32\drivers\appid.sys
2014-10-15 06:40:14 ----A---- C:\windows\system32\audiodg.exe
2014-10-15 06:40:14 ----A---- C:\windows\system32\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\msnetobj.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\mfps.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\system32\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\system32\mfps.dll
2014-10-15 06:40:12 ----A---- C:\windows\SYSWOW64\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\setbcdlocale.dll
2014-10-15 06:40:12 ----A---- C:\windows\system32\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\appidpolicyconverter.exe
2014-10-15 06:40:11 ----A---- C:\windows\SYSWOW64\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\appidcertstorecheck.exe
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\dxmasf.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\system32\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\dxmasf.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\generaltel.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\aepdu.dll
2014-10-15 06:39:58 ----A---- C:\windows\system32\aeinv.dll
2014-10-15 06:39:57 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\iernonce.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ie4uinit.exe
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-10-15 06:39:54 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:39:52 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-10-15 06:39:52 ----A---- C:\windows\system32\iedkcs32.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\urlmon.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\msfeeds.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\ieetwcollector.exe
2014-10-15 06:39:50 ----A---- C:\windows\system32\dxtmsft.dll
2014-10-15 06:39:49 ----A---- C:\windows\system32\iesetup.dll
2014-10-15 06:39:48 ----A---- C:\windows\system32\iertutil.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-10-15 06:39:45 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-10-15 06:39:45 ----A---- C:\windows\system32\jsproxy.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\ieui.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\dxtrans.dll
2014-10-15 06:39:42 ----A---- C:\windows\system32\ieframe.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmled.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\jscript9diag.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\ieUnatt.exe
2014-10-15 06:39:39 ----A---- C:\windows\system32\jscript9.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\wininet.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\vbscript.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\ieapfltr.dll
2014-10-15 06:39:37 ----A---- C:\windows\system32\MshtmlDac.dll
2014-10-15 06:39:36 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:39:36 ----A---- C:\windows\system32\msrating.dll
2014-10-15 06:39:35 ----A---- C:\windows\system32\mshtml.dll
2014-10-15 06:39:17 ----A---- C:\windows\system32\msi.dll
2014-10-15 06:39:16 ----A---- C:\windows\SYSWOW64\msi.dll
2014-10-15 06:39:03 ----A---- C:\windows\system32\rdpcorets.dll
2014-10-15 06:38:58 ----A---- C:\windows\SYSWOW64\rastls.dll
2014-10-15 06:38:58 ----A---- C:\windows\system32\rastls.dll
2014-10-15 06:38:50 ----A---- C:\windows\system32\termsrv.dll
2014-10-15 06:38:49 ----A---- C:\windows\SYSWOW64\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winlogon.exe
2014-10-15 06:38:49 ----A---- C:\windows\system32\rdpcorekmts.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\drivers\rdpwd.sys
2014-10-15 06:38:48 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-10-15 06:38:48 ----A---- C:\windows\system32\TSpkg.dll
2014-10-15 06:38:47 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-10-15 06:38:47 ----A---- C:\windows\system32\drivers\tssecsrv.sys
2014-10-15 06:38:47 ----A---- C:\windows\system32\credssp.dll
2014-10-15 06:38:33 ----A---- C:\windows\SYSWOW64\packager.dll
2014-10-15 06:38:33 ----A---- C:\windows\system32\packager.dll
2014-10-13 14:52:32 ----D---- C:\Program Files (x86)\Microsoft XNA
2014-10-10 09:53:56 ----D---- C:\Users\Katerina Rod\AppData\Roaming\SpaceEngineers
2014-10-08 20:45:31 ----D---- C:\Program Files (x86)\Origin Games
2014-10-08 20:45:13 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Origin
2014-10-08 20:41:40 ----D---- C:\ProgramData\Origin
2014-10-08 20:41:39 ----D---- C:\ProgramData\Electronic Arts
2014-10-08 20:41:35 ----D---- C:\Program Files (x86)\Origin
======List of files/folders modified in the last 1 month======
2014-11-04 22:14:32 ----D---- C:\windows\Temp
2014-11-04 22:12:41 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Skype
2014-11-04 22:11:31 ----D---- C:\windows\system32\config
2014-11-04 22:10:11 ----AD---- C:\windows\System32
2014-11-04 22:10:07 ----A---- C:\windows\SYSWOW64\log.txt
2014-11-04 22:09:13 ----A---- C:\IFRToolLog.txt
2014-11-04 22:03:51 ----RD---- C:\Program Files (x86)\Skype
2014-11-04 21:10:46 ----D---- C:\windows\system32\drivers
2014-11-04 21:10:38 ----D---- C:\Program Files (x86)
2014-11-04 21:10:36 ----HD---- C:\ProgramData
2014-11-04 21:10:02 ----D---- C:\windows\SysWOW64
2014-11-04 20:51:59 ----RD---- C:\Program Files
2014-11-04 20:12:06 ----SHD---- C:\System Volume Information
2014-11-04 20:06:56 ----AD---- C:\Windows
2014-11-04 04:21:28 ----D---- C:\windows\system32\LogFiles
2014-11-04 04:20:56 ----D---- C:\windows\system32\GroupPolicy
2014-11-03 21:48:30 ----A---- C:\windows\win.ini
2014-11-03 20:49:46 ----HD---- C:\windows\system32\CanonIJ Uninstaller Information
2014-11-03 20:46:03 ----HD---- C:\ProgramData\CanonIJScan
2014-11-03 20:46:03 ----D---- C:\windows\twain_32
2014-11-03 20:46:03 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Canon
2014-11-03 20:45:51 ----D---- C:\windows\system32\DriverStore
2014-11-03 20:45:51 ----D---- C:\windows\inf
2014-11-03 20:45:16 ----D---- C:\Program Files (x86)\Canon
2014-11-03 20:28:59 ----D---- C:\windows\system32\Tasks
2014-11-03 20:28:43 ----D---- C:\windows\winsxs
2014-11-03 20:27:32 ----D---- C:\ProgramData\AVAST Software
2014-11-03 20:26:15 ----D---- C:\Program Files\CCleaner
2014-11-03 20:21:15 ----D---- C:\Users\Katerina Rod\AppData\Roaming\BSplayer
2014-11-03 20:19:43 ----D---- C:\Program Files (x86)\Steam
2014-11-03 20:19:41 ----D---- C:\windows\Logs
2014-11-03 20:19:41 ----D---- C:\windows\debug
2014-11-03 20:18:06 ----SHD---- C:\windows\Installer
2014-11-03 20:16:06 ----D---- C:\Program Files (x86)\Common Files
2014-11-03 20:14:00 ----D---- C:\windows\Prefetch
2014-11-03 19:41:43 ----D---- C:\windows\Tasks
2014-11-03 05:40:16 ----D---- C:\windows\rescache
2014-11-02 22:21:52 ----D---- C:\windows\SYSWOW64\en-US
2014-11-02 22:21:52 ----D---- C:\windows\system32\en-US
2014-11-02 16:42:45 ----D---- C:\windows\system32\catroot2
2014-11-02 11:24:21 ----D---- C:\Users\Katerina Rod\AppData\Roaming\TS3Client
2014-11-02 11:16:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 11:15:21 ----D---- C:\windows\SYSWOW64\wbem
2014-11-02 11:15:21 ----D---- C:\windows\system32\drivers\en-US
2014-11-02 11:15:20 ----D---- C:\windows\system32\wbem
2014-11-01 19:50:20 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-10-28 23:07:32 ----D---- C:\Program Files\TOSHIBA
2014-10-28 23:07:32 ----D---- C:\Program Files (x86)\Toshiba
2014-10-28 23:03:03 ----D---- C:\windows\Microsoft.NET
2014-10-28 05:34:58 ----N---- C:\windows\system32\MpSigStub.exe
2014-10-20 07:05:02 ----D---- C:\Program Files (x86)\Google
2014-10-19 09:31:11 ----RSD---- C:\windows\assembly
2014-10-16 16:10:56 ----RSD---- C:\windows\Fonts
2014-10-16 16:10:53 ----D---- C:\windows\SYSWOW64\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\CodeIntegrity
2014-10-16 16:10:53 ----D---- C:\windows\system32\Boot
2014-10-16 16:10:53 ----D---- C:\Program Files\Windows Media Player
2014-10-16 16:10:53 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-16 16:10:52 ----SD---- C:\windows\system32\CompatTel
2014-10-16 16:10:52 ----D---- C:\Program Files\Internet Explorer
2014-10-16 16:10:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 14:27:18 ----D---- C:\windows\system32\MRT
2014-10-16 14:16:22 ----A---- C:\windows\system32\MRT.exe
2014-10-15 06:38:28 ----D---- C:\windows\system32\catroot
2014-10-10 16:07:49 ----D---- C:\Users\Katerina Rod\AppData\Roaming\.minecraft
2014-10-07 07:56:35 ----D---- C:\windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-11-03 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-11-03 267632]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-11-03 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-03 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-11-03 436624]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R1 WinFLAdrv;WinFLAdrv; C:\windows\SysWOW64\WinFLAdrv.sys [2012-10-19 34816]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-11-03 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-11-03 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-11-03 116728]
R2 NEWDRIVER;NEWDRIVER; \??\C:\windows\SysWow64\WinVDEdrv6.sys [2012-10-19 197648]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-03 270728]
R2 WinVDEDrv;WinVDEDrv; \??\C:\windows\SysWow64\WinVDEdrv.sys [2012-10-19 225680]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2012-02-01 4739304]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2011-08-17 251496]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-31 27784]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-19 18872]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TDEIO;TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2012-01-30 304696]
S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-12-17 79040]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;USB Scanner Driver; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-03 50344]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2011-03-01 27648]
R2 FLService;FLService; C:\windows\SysWow64\WinFLService.exe [2012-10-19 91336]
R2 GFNEXSrv;GFNEX Service; C:\Windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-01-21 277784]
R2 MaintainerSvc2.48.1114611;MaintainerSvc2.48.1114611; C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe [2014-11-04 123632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-03 4012248]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2011-03-01 27648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-10 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-31 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-09-23 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-02 198064]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-17 1255736]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Run by Katerina Rod at 2014-11-04 22:14:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 337 GB (73%) free of 462 GB
Total RAM: 3986 MB (33% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:35 PM, on 4/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\WinFLTray.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\UMStor\Res.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\trend micro\Katerina Rod.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid ... 272&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [WinFLTray] C:\windows\SysWow64\WinFLTray.exe
O4 - HKCU\..\Run: [FLBackup] C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Price-Horse] C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLService - New Softwares.net - C:\windows\SysWow64\WinFLService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MaintainerSvc2.48.1114611 - Unknown owner - C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11315 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\windows\system32\Dwm.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\Explorer.EXE
C:\Windows\System32\GFNEXSrv.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\SysWow64\WinFLService.exe
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
taskeng.exe {0473BD4A-1580-4230-A444-634EF4DA2AD6}
"C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe"
C:\windows\system32\svchost.exe -k regsvc
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\windows\system32\TODDSrv.exe
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
"C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\System32\alg.exe
C:\windows\System32\svchost.exe -k secsvcs
"C:\Windows\SysWOW64\WinFLTray.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe"
ngservice.exe pipeserver
"C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe" -Embedding
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
"C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
taskeng.exe {D0F551F9-C0D5-4A4D-B288-DEA2EE841EDE}
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Windows\UMStor\Res.exe"
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --channel="3736.0.630403665\641352991" /prefetch:3
"C:\Users\KATERI~1\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=gpu-process --channel="3736.1.1017387258\433567127" --no-sandbox --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2752 --ignored=" --type=renderer " --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable /prefetch:12
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\sppsvc.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1504.b1c8100.1904131807 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1504 "\\.\pipe\gecko-crash-server-pipe.1504" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash6908.5D6FAAA0.27514 --host-broker-channel=Flash6908.5D6FAAA0.3574 --host-pid=6908 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=6944.0040F83C.1474809233 --proxy-stub-channel=Flash6908.5D6FAAA0.27514 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"c:\users\kateri~1\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe" --IPCport 5939
C:\windows\servicing\TrustedInstaller.exe
C:\Windows\system32\PrintIsolationHost.exe -Embedding
"C:\Users\Katerina Rod\Desktop\RSITx64.exe"
C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate
C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate
=========Mozilla firefox=========
ProfilePath - C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppluginrichmediaplayer.dll
C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\
bs-player-controlbar-customized-web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-03 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-11-03 700800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-03 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-11-03 534400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-02-01 12446824]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-11-24 1548208]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-12-14 712096]
"TPSCMain"=C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [2011-12-21 740792]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-11-26 710560]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-05-10 170264]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-05-10 398616]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-05-10 440088]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"=C:\windows\SysWow64\WinFLTray.exe [2012-10-19 321736]
"FLBackup"=C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [2012-10-19 275656]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-08-27 248208]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
"Price-Horse"=C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe [2014-11-03 627560]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-05 291608]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-12 1298816]
"USB Storage Toolbox"=C:\windows\UMStor\Res.EXE [2005-09-14 65536]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"WireLessKeyboard"=C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe [2005-11-30 94208]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22 2694040]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-03 5223016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-05-10 436224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-04 22:03:50 ----D---- C:\_OTM
2014-11-04 21:10:02 ----A---- C:\windows\SYSWOW64\sqlite3.dll
2014-11-04 21:09:07 ----D---- C:\AdwCleaner
2014-11-04 20:51:59 ----D---- C:\rsit
2014-11-04 20:51:59 ----D---- C:\Program Files\trend micro
2014-11-04 20:11:17 ----D---- C:\windows\SYSWOW64\vbox
2014-11-04 20:11:17 ----D---- C:\windows\system32\vbox
2014-11-03 22:18:28 ----D---- C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51
2014-11-03 20:29:17 ----D---- C:\Users\Katerina Rod\AppData\Roaming\AVAST Software
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswVmm.sys
2014-11-03 20:28:48 ----A---- C:\windows\system32\drivers\aswStm.sys
2014-11-03 20:28:47 ----A---- C:\windows\system32\drivers\aswSP.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswmonflt.sys
2014-11-03 20:28:46 ----A---- C:\windows\system32\drivers\aswHwid.sys
2014-11-03 20:28:43 ----A---- C:\windows\system32\drivers\aswsnx.sys
2014-11-03 20:28:41 ----A---- C:\windows\system32\aswBoot.exe
2014-11-03 20:28:40 ----A---- C:\windows\avastSS.scr
2014-11-03 20:27:32 ----D---- C:\Program Files\AVAST Software
2014-11-02 16:45:10 ----A---- C:\windows\SYSWOW64\mstscax.dll
2014-11-02 16:45:06 ----A---- C:\windows\system32\mstscax.dll
2014-11-02 11:12:25 ----A---- C:\windows\system32\TsUsbGDCoInstaller.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-02 11:12:20 ----A---- C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-02 11:12:20 ----A---- C:\windows\system32\drivers\TsUsbFlt.sys
2014-11-02 11:12:19 ----A---- C:\windows\system32\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2014-11-02 11:12:18 ----A---- C:\windows\SYSWOW64\MsRdpWebAccess.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\wksprtPS.dll
2014-11-02 11:12:18 ----A---- C:\windows\system32\TSWbPrxy.exe
2014-11-02 11:12:18 ----A---- C:\windows\system32\MsRdpWebAccess.dll
2014-11-02 11:12:17 ----A---- C:\windows\system32\wksprt.exe
2014-11-02 11:12:16 ----A---- C:\windows\SYSWOW64\mstsc.exe
2014-11-02 11:12:15 ----A---- C:\windows\system32\mstsc.exe
2014-11-02 11:12:14 ----A---- C:\windows\SYSWOW64\rdvidcrl.dll
2014-11-02 11:12:14 ----A---- C:\windows\system32\rdvidcrl.dll
2014-10-15 14:20:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-10-15 06:40:56 ----A---- C:\windows\system32\win32k.sys
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\mscorier.dll
2014-10-15 06:40:53 ----A---- C:\windows\SYSWOW64\dfshim.dll
2014-10-15 06:40:53 ----A---- C:\windows\system32\mscorier.dll
2014-10-15 06:40:52 ----A---- C:\windows\SYSWOW64\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\mscories.dll
2014-10-15 06:40:52 ----A---- C:\windows\system32\dfshim.dll
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\SYSWOW64\KBDBASH.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDYAK.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDTAT.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU1.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDRU.DLL
2014-10-15 06:40:45 ----A---- C:\windows\system32\KBDBASH.DLL
2014-10-15 06:40:38 ----A---- C:\windows\system32\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\SYSWOW64\blackbox.dll
2014-10-15 06:40:37 ----A---- C:\windows\system32\drmv2clt.dll
2014-10-15 06:40:36 ----A---- C:\windows\SYSWOW64\drmv2clt.dll
2014-10-15 06:40:34 ----A---- C:\windows\system32\wmp.dll
2014-10-15 06:40:30 ----A---- C:\windows\SYSWOW64\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\wmdrmsdk.dll
2014-10-15 06:40:30 ----A---- C:\windows\system32\mf.dll
2014-10-15 06:40:29 ----A---- C:\windows\SYSWOW64\wmp.dll
2014-10-15 06:40:29 ----A---- C:\windows\system32\AUDIOKSE.dll
2014-10-15 06:40:28 ----A---- C:\windows\system32\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\mf.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\drmmgrtn.dll
2014-10-15 06:40:27 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2014-10-15 06:40:27 ----A---- C:\windows\system32\drivers\PEAuth.sys
2014-10-15 06:40:27 ----A---- C:\windows\system32\ci.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\winload.exe
2014-10-15 06:40:26 ----A---- C:\windows\system32\quartz.dll
2014-10-15 06:40:26 ----A---- C:\windows\system32\AudioEng.dll
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2014-10-15 06:40:25 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\wintrust.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\winresume.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\ntoskrnl.exe
2014-10-15 06:40:25 ----A---- C:\windows\system32\evr.dll
2014-10-15 06:40:25 ----A---- C:\windows\system32\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\EncDump.dll
2014-10-15 06:40:24 ----A---- C:\windows\system32\crypt32.dll
2014-10-15 06:40:23 ----A---- C:\windows\SYSWOW64\wintrust.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\cryptui.dll
2014-10-15 06:40:23 ----A---- C:\windows\system32\AudioSes.dll
2014-10-15 06:40:22 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2014-10-15 06:40:21 ----A---- C:\windows\SYSWOW64\evr.dll
2014-10-15 06:40:21 ----A---- C:\windows\system32\audiosrv.dll
2014-10-15 06:40:20 ----A---- C:\windows\SYSWOW64\quartz.dll
2014-10-15 06:40:20 ----A---- C:\windows\system32\mfplat.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\cryptui.dll
2014-10-15 06:40:19 ----A---- C:\windows\SYSWOW64\crypt32.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\srcore.dll
2014-10-15 06:40:18 ----A---- C:\windows\system32\pcasvc.dll
2014-10-15 06:40:17 ----A---- C:\windows\SYSWOW64\mfplat.dll
2014-10-15 06:40:16 ----A---- C:\windows\system32\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\cryptsp.dll
2014-10-15 06:40:15 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\rstrui.exe
2014-10-15 06:40:15 ----A---- C:\windows\system32\msscp.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\msnetobj.dll
2014-10-15 06:40:15 ----A---- C:\windows\system32\appidsvc.dll
2014-10-15 06:40:14 ----A---- C:\windows\SYSWOW64\msscp.dll
2014-10-15 06:40:14 ----A---- C:\windows\system32\drivers\appid.sys
2014-10-15 06:40:14 ----A---- C:\windows\system32\audiodg.exe
2014-10-15 06:40:14 ----A---- C:\windows\system32\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\msnetobj.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\mfps.dll
2014-10-15 06:40:13 ----A---- C:\windows\SYSWOW64\appidapi.dll
2014-10-15 06:40:13 ----A---- C:\windows\system32\rrinstaller.exe
2014-10-15 06:40:13 ----A---- C:\windows\system32\mfps.dll
2014-10-15 06:40:12 ----A---- C:\windows\SYSWOW64\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\setbcdlocale.dll
2014-10-15 06:40:12 ----A---- C:\windows\system32\mfpmp.exe
2014-10-15 06:40:12 ----A---- C:\windows\system32\appidpolicyconverter.exe
2014-10-15 06:40:11 ----A---- C:\windows\SYSWOW64\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\srclient.dll
2014-10-15 06:40:11 ----A---- C:\windows\system32\appidcertstorecheck.exe
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\SYSWOW64\dxmasf.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\wmploc.DLL
2014-10-15 06:40:09 ----A---- C:\windows\system32\spwmp.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\mferror.dll
2014-10-15 06:40:09 ----A---- C:\windows\system32\dxmasf.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\generaltel.dll
2014-10-15 06:39:59 ----A---- C:\windows\system32\aepdu.dll
2014-10-15 06:39:58 ----A---- C:\windows\system32\aeinv.dll
2014-10-15 06:39:57 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-10-15 06:39:56 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:39:55 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\iernonce.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-10-15 06:39:55 ----A---- C:\windows\system32\ie4uinit.exe
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-10-15 06:39:54 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-10-15 06:39:54 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:39:52 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-10-15 06:39:52 ----A---- C:\windows\system32\iedkcs32.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-10-15 06:39:51 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\urlmon.dll
2014-10-15 06:39:51 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-10-15 06:39:50 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\msfeeds.dll
2014-10-15 06:39:50 ----A---- C:\windows\system32\ieetwcollector.exe
2014-10-15 06:39:50 ----A---- C:\windows\system32\dxtmsft.dll
2014-10-15 06:39:49 ----A---- C:\windows\system32\iesetup.dll
2014-10-15 06:39:48 ----A---- C:\windows\system32\iertutil.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-10-15 06:39:47 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-10-15 06:39:46 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-10-15 06:39:45 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-10-15 06:39:45 ----A---- C:\windows\system32\jsproxy.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-10-15 06:39:44 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\ieui.dll
2014-10-15 06:39:43 ----A---- C:\windows\system32\dxtrans.dll
2014-10-15 06:39:42 ----A---- C:\windows\system32\ieframe.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-10-15 06:39:41 ----A---- C:\windows\system32\mshtmled.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\jscript9diag.dll
2014-10-15 06:39:40 ----A---- C:\windows\system32\ieUnatt.exe
2014-10-15 06:39:39 ----A---- C:\windows\system32\jscript9.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\wininet.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\vbscript.dll
2014-10-15 06:39:38 ----A---- C:\windows\system32\ieapfltr.dll
2014-10-15 06:39:37 ----A---- C:\windows\system32\MshtmlDac.dll
2014-10-15 06:39:36 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:39:36 ----A---- C:\windows\system32\msrating.dll
2014-10-15 06:39:35 ----A---- C:\windows\system32\mshtml.dll
2014-10-15 06:39:17 ----A---- C:\windows\system32\msi.dll
2014-10-15 06:39:16 ----A---- C:\windows\SYSWOW64\msi.dll
2014-10-15 06:39:03 ----A---- C:\windows\system32\rdpcorets.dll
2014-10-15 06:38:58 ----A---- C:\windows\SYSWOW64\rastls.dll
2014-10-15 06:38:58 ----A---- C:\windows\system32\rastls.dll
2014-10-15 06:38:50 ----A---- C:\windows\system32\termsrv.dll
2014-10-15 06:38:49 ----A---- C:\windows\SYSWOW64\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winsta.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\winlogon.exe
2014-10-15 06:38:49 ----A---- C:\windows\system32\rdpcorekmts.dll
2014-10-15 06:38:49 ----A---- C:\windows\system32\drivers\rdpwd.sys
2014-10-15 06:38:48 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2014-10-15 06:38:48 ----A---- C:\windows\system32\TSpkg.dll
2014-10-15 06:38:47 ----A---- C:\windows\SYSWOW64\credssp.dll
2014-10-15 06:38:47 ----A---- C:\windows\system32\drivers\tssecsrv.sys
2014-10-15 06:38:47 ----A---- C:\windows\system32\credssp.dll
2014-10-15 06:38:33 ----A---- C:\windows\SYSWOW64\packager.dll
2014-10-15 06:38:33 ----A---- C:\windows\system32\packager.dll
2014-10-13 14:52:32 ----D---- C:\Program Files (x86)\Microsoft XNA
2014-10-10 09:53:56 ----D---- C:\Users\Katerina Rod\AppData\Roaming\SpaceEngineers
2014-10-08 20:45:31 ----D---- C:\Program Files (x86)\Origin Games
2014-10-08 20:45:13 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Origin
2014-10-08 20:41:40 ----D---- C:\ProgramData\Origin
2014-10-08 20:41:39 ----D---- C:\ProgramData\Electronic Arts
2014-10-08 20:41:35 ----D---- C:\Program Files (x86)\Origin
======List of files/folders modified in the last 1 month======
2014-11-04 22:14:32 ----D---- C:\windows\Temp
2014-11-04 22:12:41 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Skype
2014-11-04 22:11:31 ----D---- C:\windows\system32\config
2014-11-04 22:10:11 ----AD---- C:\windows\System32
2014-11-04 22:10:07 ----A---- C:\windows\SYSWOW64\log.txt
2014-11-04 22:09:13 ----A---- C:\IFRToolLog.txt
2014-11-04 22:03:51 ----RD---- C:\Program Files (x86)\Skype
2014-11-04 21:10:46 ----D---- C:\windows\system32\drivers
2014-11-04 21:10:38 ----D---- C:\Program Files (x86)
2014-11-04 21:10:36 ----HD---- C:\ProgramData
2014-11-04 21:10:02 ----D---- C:\windows\SysWOW64
2014-11-04 20:51:59 ----RD---- C:\Program Files
2014-11-04 20:12:06 ----SHD---- C:\System Volume Information
2014-11-04 20:06:56 ----AD---- C:\Windows
2014-11-04 04:21:28 ----D---- C:\windows\system32\LogFiles
2014-11-04 04:20:56 ----D---- C:\windows\system32\GroupPolicy
2014-11-03 21:48:30 ----A---- C:\windows\win.ini
2014-11-03 20:49:46 ----HD---- C:\windows\system32\CanonIJ Uninstaller Information
2014-11-03 20:46:03 ----HD---- C:\ProgramData\CanonIJScan
2014-11-03 20:46:03 ----D---- C:\windows\twain_32
2014-11-03 20:46:03 ----D---- C:\Users\Katerina Rod\AppData\Roaming\Canon
2014-11-03 20:45:51 ----D---- C:\windows\system32\DriverStore
2014-11-03 20:45:51 ----D---- C:\windows\inf
2014-11-03 20:45:16 ----D---- C:\Program Files (x86)\Canon
2014-11-03 20:28:59 ----D---- C:\windows\system32\Tasks
2014-11-03 20:28:43 ----D---- C:\windows\winsxs
2014-11-03 20:27:32 ----D---- C:\ProgramData\AVAST Software
2014-11-03 20:26:15 ----D---- C:\Program Files\CCleaner
2014-11-03 20:21:15 ----D---- C:\Users\Katerina Rod\AppData\Roaming\BSplayer
2014-11-03 20:19:43 ----D---- C:\Program Files (x86)\Steam
2014-11-03 20:19:41 ----D---- C:\windows\Logs
2014-11-03 20:19:41 ----D---- C:\windows\debug
2014-11-03 20:18:06 ----SHD---- C:\windows\Installer
2014-11-03 20:16:06 ----D---- C:\Program Files (x86)\Common Files
2014-11-03 20:14:00 ----D---- C:\windows\Prefetch
2014-11-03 19:41:43 ----D---- C:\windows\Tasks
2014-11-03 05:40:16 ----D---- C:\windows\rescache
2014-11-02 22:21:52 ----D---- C:\windows\SYSWOW64\en-US
2014-11-02 22:21:52 ----D---- C:\windows\system32\en-US
2014-11-02 16:42:45 ----D---- C:\windows\system32\catroot2
2014-11-02 11:24:21 ----D---- C:\Users\Katerina Rod\AppData\Roaming\TS3Client
2014-11-02 11:16:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 11:15:21 ----D---- C:\windows\SYSWOW64\wbem
2014-11-02 11:15:21 ----D---- C:\windows\system32\drivers\en-US
2014-11-02 11:15:20 ----D---- C:\windows\system32\wbem
2014-11-01 19:50:20 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-10-28 23:07:32 ----D---- C:\Program Files\TOSHIBA
2014-10-28 23:07:32 ----D---- C:\Program Files (x86)\Toshiba
2014-10-28 23:03:03 ----D---- C:\windows\Microsoft.NET
2014-10-28 05:34:58 ----N---- C:\windows\system32\MpSigStub.exe
2014-10-20 07:05:02 ----D---- C:\Program Files (x86)\Google
2014-10-19 09:31:11 ----RSD---- C:\windows\assembly
2014-10-16 16:10:56 ----RSD---- C:\windows\Fonts
2014-10-16 16:10:53 ----D---- C:\windows\SYSWOW64\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\Dism
2014-10-16 16:10:53 ----D---- C:\windows\system32\CodeIntegrity
2014-10-16 16:10:53 ----D---- C:\windows\system32\Boot
2014-10-16 16:10:53 ----D---- C:\Program Files\Windows Media Player
2014-10-16 16:10:53 ----D---- C:\Program Files (x86)\Windows Media Player
2014-10-16 16:10:52 ----SD---- C:\windows\system32\CompatTel
2014-10-16 16:10:52 ----D---- C:\Program Files\Internet Explorer
2014-10-16 16:10:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 14:27:18 ----D---- C:\windows\system32\MRT
2014-10-16 14:16:22 ----A---- C:\windows\system32\MRT.exe
2014-10-15 06:38:28 ----D---- C:\windows\system32\catroot
2014-10-10 16:07:49 ----D---- C:\Users\Katerina Rod\AppData\Roaming\.minecraft
2014-10-07 07:56:35 ----D---- C:\windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-11-03 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-11-03 267632]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-11-03 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-03 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-11-03 436624]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R1 WinFLAdrv;WinFLAdrv; C:\windows\SysWOW64\WinFLAdrv.sys [2012-10-19 34816]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-11-03 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-11-03 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-11-03 116728]
R2 NEWDRIVER;NEWDRIVER; \??\C:\windows\SysWow64\WinVDEdrv6.sys [2012-10-19 197648]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-03 270728]
R2 WinVDEDrv;WinVDEDrv; \??\C:\windows\SysWow64\WinVDEdrv.sys [2012-10-19 225680]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-05-10 14759136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2012-02-01 4739304]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2011-08-17 251496]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-31 27784]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-19 18872]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\windows\system32\DRIVERS\dc3d.sys [2011-05-17 47616]
S3 dmvsc;dmvsc; C:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TDEIO;TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\windows\system32\DRIVERS\tosrfbd.sys [2012-01-30 304696]
S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-12-17 79040]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;USB Scanner Driver; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 vmbus;vmbus; C:\windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-03 50344]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2011-03-01 27648]
R2 FLService;FLService; C:\windows\SysWow64\WinFLService.exe [2012-10-19 91336]
R2 GFNEXSrv;GFNEX Service; C:\Windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-01-21 277784]
R2 MaintainerSvc2.48.1114611;MaintainerSvc2.48.1114611; C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe [2014-11-04 123632]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-08-27 93072]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-03 4012248]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2011-03-01 27648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-10 276248]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-31 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-09-23 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-02 198064]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2011-03-01 27648]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-07-17 1255736]
S4 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovany pocitac
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovany pocitac
bohuzel porad spatny. Vyhazuje to porad tuhle stranku http://widgets.xrosview.com/widgets/1.4 ... _siteunder
a taky v prohlizeci po stranach vyskakuji porad jakesi podivne zalozky kde je napsane ads by price-horse
a taky v prohlizeci po stranach vyskakuji porad jakesi podivne zalozky kde je napsane ads by price-horse
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovany pocitac
Spusťte ještě toto:
Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovany pocitac
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Professional x64
Ran by Katerina Rod on Wed 05/11/2014 at 19:38:09.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1638243991-162663850-1552511273-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7AF6D19D-70CF-4AE6-A819-D8F920FF7355}
~~~ Files
Successfully deleted: [File] C:\Users\Katerina Rod\appdata\local\{45645003-E816-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Katerina Rod\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Katerina Rod\appdata\locallow\koyotesoftmoviestoolbar"
Successfully deleted: [Empty Folder] C:\Users\Katerina Rod\appdata\local\{353fb723-11bb-38ab-b64e-850f804f575f}
Successfully deleted: [Folder] C:\Users\Katerina Rod\appdata\local\{45645003-E816-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Katerina Rod\AppData\Roaming\mozilla\firefox\profiles\fe7ucfuu.default\prefs.js
user_pref("valueApps.storage.mam_gk_userId", "38613863316436632D663631652D343033352D393638622D663431373934346365363665");
Emptied folder: C:\Users\Katerina Rod\AppData\Roaming\mozilla\firefox\profiles\fe7ucfuu.default\minidumps [234 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/11/2014 at 19:43:45.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Professional x64
Ran by Katerina Rod on Wed 05/11/2014 at 19:38:09.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1638243991-162663850-1552511273-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7AF6D19D-70CF-4AE6-A819-D8F920FF7355}
~~~ Files
Successfully deleted: [File] C:\Users\Katerina Rod\appdata\local\{45645003-E816-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Katerina Rod\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Katerina Rod\appdata\locallow\koyotesoftmoviestoolbar"
Successfully deleted: [Empty Folder] C:\Users\Katerina Rod\appdata\local\{353fb723-11bb-38ab-b64e-850f804f575f}
Successfully deleted: [Folder] C:\Users\Katerina Rod\appdata\local\{45645003-E816-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Katerina Rod\AppData\Roaming\mozilla\firefox\profiles\fe7ucfuu.default\prefs.js
user_pref("valueApps.storage.mam_gk_userId", "38613863316436632D663631652D343033352D393638622D663431373934346365363665");
Emptied folder: C:\Users\Katerina Rod\AppData\Roaming\mozilla\firefox\profiles\fe7ucfuu.default\minidumps [234 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/11/2014 at 19:43:45.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovany pocitac
Jak to vypadá teď?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovany pocitac
no, promazavala jsem ji tam jeste programy, ktery ani nevedela na co jsou, primo v seznamu programu bylo price-horse, tak jsem dala odinstalovat, a hodilo to nejakou chybu... no dobrej pokus:) pri odinstalaci programu tomtom avast zarval ze nasel nejaky rootkit, ze chce restartovat pocitac a potom provest jeste nejaky scan, tak ted cekame az se scan dokonci. Avast v tech odinstalovavanych programech nasel jeste nejaky bordel, ale toho se zbavil. Takze zatim cekame.
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavirovany pocitac
OK. Po ukončení akce Avastu spusťte ještě MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavirovany pocitac
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/11/2014
Scan Time: 9:58:13 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.05.10
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Katerina Rod
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314737
Time Elapsed: 16 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.MaintainerSvc.A, C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe, 2436, , [82ac4eea5d1f43f3f8740ad419e835cb]
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc2.48.1114611, , [82ac4eea5d1f43f3f8740ad419e835cb],
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [a38b1721d3a954e2330a93c2649f23dd],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [89a51424146837fff14b54018380649c],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [aa843dfb90ecf6405d863201e61d2cd4],
Registry Values: 2
PUP.Optional.PriceHorse.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Price-Horse, C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe, , [8da19d9b453781b5e48dee40d72caa56]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [aa843dfb90ecf6405d863201e61d2cd4]
Registry Data: 0
(No malicious items detected)
Folders: 3
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.PriceHorse.A, C:\Users\Katerina Rod\AppData\Local\pricehorse, , [a48adb5deb9145f1c2485acd5da605fb],
PUP.Optional.PriceHorse.A, C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse, , [a48adb5deb9145f1c2485acd5da605fb],
Files: 12
PUP.Optional.MaintainerSvc.A, C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe, , [82ac4eea5d1f43f3f8740ad419e835cb],
PUP.Optional.PayByAds.A, C:\Users\Katerina Rod\AppData\Local\Temp\res.dll, , [bc725fd9d8a452e4c404ff7045c0ca36],
PUP.Optional.MyPCBackup.A, C:\Users\Katerina Rod\AppData\Local\Temp\CloudBackup2552.exe, , [9c920b2dd7a52610981adffd29d8e719],
PUP.Optional.Somoto, C:\Users\Katerina Rod\Downloads\HD_PLUGIN-fjjdNv2.exe, , [59d5ff39c5b720163a987be6e71e9967],
PUP.Optional.OpenCandy, C:\Users\Katerina Rod\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-US-jd.exe, , [65c985b3b7c5e5516832214132d3f010],
PUP.Optional.Conduit.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\bs-player-controlbar-customized-web-search.xml, , [fa3404341f5d83b3c25a2d19a45fda26],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\apnuserid.dat, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\appid.dat, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\geodata.xml, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\setupCfg.xml, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\sysid.dat, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\trackid.dat, , [092536023b418fa78afaba6c80839d63],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 5/11/2014
Scan Time: 9:58:13 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.05.10
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Katerina Rod
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314737
Time Elapsed: 16 min, 42 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.MaintainerSvc.A, C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe, 2436, , [82ac4eea5d1f43f3f8740ad419e835cb]
Modules: 0
(No malicious items detected)
Registry Keys: 4
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc2.48.1114611, , [82ac4eea5d1f43f3f8740ad419e835cb],
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [a38b1721d3a954e2330a93c2649f23dd],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [89a51424146837fff14b54018380649c],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [aa843dfb90ecf6405d863201e61d2cd4],
Registry Values: 2
PUP.Optional.PriceHorse.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Price-Horse, C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe, , [8da19d9b453781b5e48dee40d72caa56]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1638243991-162663850-1552511273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [aa843dfb90ecf6405d863201e61d2cd4]
Registry Data: 0
(No malicious items detected)
Folders: 3
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.PriceHorse.A, C:\Users\Katerina Rod\AppData\Local\pricehorse, , [a48adb5deb9145f1c2485acd5da605fb],
PUP.Optional.PriceHorse.A, C:\Users\Katerina Rod\AppData\Local\pricehorse\pricehorse, , [a48adb5deb9145f1c2485acd5da605fb],
Files: 12
PUP.Optional.MaintainerSvc.A, C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe, , [82ac4eea5d1f43f3f8740ad419e835cb],
PUP.Optional.PayByAds.A, C:\Users\Katerina Rod\AppData\Local\Temp\res.dll, , [bc725fd9d8a452e4c404ff7045c0ca36],
PUP.Optional.MyPCBackup.A, C:\Users\Katerina Rod\AppData\Local\Temp\CloudBackup2552.exe, , [9c920b2dd7a52610981adffd29d8e719],
PUP.Optional.Somoto, C:\Users\Katerina Rod\Downloads\HD_PLUGIN-fjjdNv2.exe, , [59d5ff39c5b720163a987be6e71e9967],
PUP.Optional.OpenCandy, C:\Users\Katerina Rod\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-US-jd.exe, , [65c985b3b7c5e5516832214132d3f010],
PUP.Optional.Conduit.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\searchplugins\bs-player-controlbar-customized-web-search.xml, , [fa3404341f5d83b3c25a2d19a45fda26],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\apnuserid.dat, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\appid.dat, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\geodata.xml, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\setupCfg.xml, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\sysid.dat, , [092536023b418fa78afaba6c80839d63],
PUP.Optional.MoviesToolBar.A, C:\Users\Katerina Rod\AppData\Roaming\Mozilla\Firefox\Profiles\fe7ucfuu.default\koyotesoftmoviestoolbar\trackid.dat, , [092536023b418fa78afaba6c80839d63],
Physical Sectors: 0
(No malicious items detected)
(end)
Přispějete na provoz fóra?