Prosim o pomoc s odvirovanim

[cvariss]

Dobry den, poprosil bych o pomoc s odvirovanim pocitace moji tchyne... je to fakt des! Expiroval ji antivirus, nic s tim neudelala a jela az do... dokud to jelo

Logfile of random's system information tool 1.10 (written by random/random)
Run by Maria Hume at 2015-01-06 11:34:12
Microsoft Windows 8
System drive C: has 409 GB (90%) free of 452 GB
Total RAM: 3988 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:28 AM, on 6/01/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17116)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Universal Updater\CrashMon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe
C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Maria Hume.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 1RACWY1RAX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si= ... =chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= ... =chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si= ... =chrome&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/homepage/wind ... dium=promo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 1RACWY1RAX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si= ... =chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 1RACWY1RAX
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... =chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si= ... =chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.certified-toolbar.com?si= ... 5D4CE&q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.certified-toolbar.com?si= ... 5D4CE&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: (no name) - {C585D593-E7F3-4852-A200-561686EE02E4} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Salus CrashMon] "C:\Program Files (x86)\Salus\CrashMon.exe" "Salus.exe" "http://log.data-url.com/salus/crash"
O4 - HKLM\..\Run: [CrashMon] "C:\Program Files (x86)\Universal Updater\CrashMon.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [PennyBee] C:\Users\Maria Hume\AppData\Local\PennyBee\PennyBeeW.exe
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1420505123
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-21-3491794209-2654014462-3659286912-500\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User 'Administrator')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs: C:\Program Files
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Universal Updater Service (UniversalUpdater) - Unknown owner - C:\Program Files (x86)\Universal Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Word Proser 1.10.0.5 Client Service (wpsvc_1.10.0.5) - Word Proser - C:\Program Files (x86)\WordProser_1.10.0.5\Service\wpsvc.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11655 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
dashost.exe {28cc1ec2-0713-4b56-a81dfe2047980db0}
"C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe" /SERVICE
ngservice.exe pipeserver
"C:\Program Files (x86)\Universal Updater\UpdaterService.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\WordProser_1.10.0.5\Service\wpsvc.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\System32\WinLogon.exe -SpecialSession
-hiberboot
taskhostex.exe
C:\windows\Explorer.EXE
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe"
"C:\Program Files (x86)\Samsung\Settings\sSettings.exe" /s
C:\windows\system32\igfxext.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Universal Updater\CrashMon.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Samsung\S Agent\CommonAgent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
ctfmon.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe" /user=S-1-5-21-3491794209-2654014462-3659286912-1004
"C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe" /user=S-1-5-21-3491794209-2654014462-3659286912-1004
"C:\Program Files\Internet Explorer\iexplore.exe" -restart /WERRESTART
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Default" "file:///C:\Users\Maria Hume\AppData\Local\Temp/start.html"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Enabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="5192.1.1852318740\1683009942" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Enabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="5192.2.2086189898\2053454127" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Enabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="5192.3.108558234\2139010855" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Enabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="5192.5.1644537342\1751184271" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Enabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="5192.8.914222228\1091115327" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=en-US --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Enabled/Prerender/PrerenderControl/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="5192.12.2130580875\1777170589" /prefetch:673131151
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskhost.exe
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe13_ Global\UsGthrCtrlFltPipeMssGthrPipe13 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564
"C:\Users\Maria Hume\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\UpdaterEX.job - C:\Users\MARIAH~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE /Check

=========Mozilla firefox=========

ProfilePath - C:\Users\Maria Hume\AppData\Roaming\Mozilla\Firefox\Profiles\fwylepxw.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-29 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-29 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2012-10-10 171040]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2012-10-10 399392]
"Persistence"=C:\windows\system32\igfxpers.exe [2012-10-10 441888]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-01-18 13191824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2014-01-07 133760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11 30873192]
"PennyBee"=C:\Users\Maria Hume\AppData\Local\PennyBee\PennyBeeW.exe [2014-09-21 345608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1420505123 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-09-12 56128]
"CLMLServer_For_P2G8"=C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-12 491120]
"Intel AppUp(SM) center"=C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2012-07-14 155488]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-08-16 97392]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-21 1021128]
"Salus CrashMon"=C:\Program Files (x86)\Salus\CrashMon.exe Salus.exe http://log.data-url.com/salus/crash []
"CrashMon"=C:\Program Files (x86)\Universal Updater\CrashMon.exe [2014-09-24 404992]
"mbot_au_164"= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-29 5226600]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2014-01-07 133760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Program Files Files "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2012-10-10 441856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-06 11:34:12 ----D---- C:\rsit
2015-01-06 11:34:12 ----D---- C:\Program Files\trend micro
2015-01-06 11:27:33 ----D---- C:\Users\Maria Hume\AppData\Roaming\Mozilla
2015-01-06 11:27:26 ----D---- C:\ProgramData\Mozilla
2015-01-06 11:27:23 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-06 11:27:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-29 19:32:15 ----D---- C:\windows\SYSWOW64\vbox
2014-12-29 19:32:15 ----D---- C:\windows\system32\vbox
2014-12-29 17:54:39 ----D---- C:\Users\Maria Hume\AppData\Roaming\AVAST Software
2014-12-29 17:53:23 ----A---- C:\windows\system32\drivers\aswVmm.sys
2014-12-29 17:53:23 ----A---- C:\windows\system32\drivers\aswStm.sys
2014-12-29 17:53:23 ----A---- C:\windows\system32\drivers\aswSP.sys
2014-12-29 17:53:23 ----A---- C:\windows\system32\drivers\aswRvrt.sys
2014-12-29 17:53:23 ----A---- C:\windows\system32\drivers\aswMonFlt.sys
2014-12-29 17:53:23 ----A---- C:\windows\system32\drivers\aswHwid.sys
2014-12-29 17:53:22 ----A---- C:\windows\system32\drivers\aswsnx.sys
2014-12-29 17:53:22 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2014-12-29 17:53:09 ----A---- C:\windows\system32\aswBoot.exe
2014-12-29 17:52:57 ----A---- C:\windows\avastSS.scr
2014-12-29 17:52:51 ----D---- C:\2bf47f1cdab82283423f6ec7
2014-12-29 17:51:24 ----D---- C:\Program Files\AVAST Software
2014-12-29 17:50:18 ----D---- C:\ProgramData\AVAST Software
2014-12-29 16:50:05 ----D---- C:\Program Files (x86)\predm
2014-12-23 19:15:52 ----D---- C:\Users\Maria Hume\AppData\Roaming\WinZipper
2014-12-23 19:15:52 ----D---- C:\Program Files (x86)\WinZipper
2014-12-20 09:49:57 ----D---- C:\Program Files\HomeTab
2014-12-20 09:48:44 ----D---- C:\Users\Maria Hume\AppData\Roaming\smileyswelove
2014-12-20 09:48:18 ----A---- C:\Users\Maria Hume\AppData\Roaming\LFRSXZIQ.exe
2014-12-20 09:47:38 ----D---- C:\Program Files (x86)\WordProser_1.10.0.5
2014-12-20 09:47:32 ----D---- C:\Program Files (x86)\globalUpdate
2014-12-20 09:47:02 ----D---- C:\Program Files (x86)\VideoLAN
2014-12-20 09:46:08 ----D---- C:\Program Files (x86)\Supporter
2014-12-20 09:45:24 ----D---- C:\ProgramData\PriceLess
2014-12-20 09:45:24 ----D---- C:\ProgramData\a249ce52301acee
2014-12-20 09:45:18 ----D---- C:\Program Files (x86)\PriceLess
2014-12-20 09:44:15 ----D---- C:\Program Files (x86)\ORBTR
2014-12-20 09:35:49 ----D---- C:\Program Files (x86)\SU1MxZDdjYzBiOA
2014-12-18 10:06:40 ----A---- C:\windows\system32\drivers\b786bdb3c67d.sys
2014-12-13 14:53:40 ----D---- C:\Users\Maria Hume\AppData\Roaming\ASP
2014-12-13 14:35:53 ----D---- C:\Users\Maria Hume\AppData\Roaming\Systweak
2014-12-12 09:56:14 ----A---- C:\windows\system32\drivers\wpnfd_1_10_0_5.sys
2014-12-09 19:43:51 ----D---- C:\Users\Maria Hume\AppData\Roaming\Samsung

======List of files/folders modified in the last 1 month======

2015-01-06 11:34:19 ----D---- C:\windows\Prefetch
2015-01-06 11:34:12 ----RD---- C:\Program Files
2015-01-06 11:27:26 ----HD---- C:\ProgramData
2015-01-06 11:27:23 ----RD---- C:\Program Files (x86)
2015-01-06 11:26:39 ----D---- C:\windows\system32\Tasks
2015-01-06 10:53:32 ----D---- C:\Users\Maria Hume\AppData\Roaming\Skype
2015-01-06 10:47:43 ----D---- C:\ProgramData\WinClon
2015-01-06 10:46:58 ----D---- C:\windows\System32
2015-01-06 10:46:58 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-01-06 10:46:39 ----D---- C:\windows\system32\sru
2014-12-29 20:30:12 ----D---- C:\windows\Temp
2014-12-29 20:18:43 ----D---- C:\windows\system32\config
2014-12-29 20:13:09 ----D---- C:\windows\CbsTemp
2014-12-29 20:12:51 ----D---- C:\windows\WinSxS
2014-12-29 20:11:34 ----D---- C:\windows\system32\MRT
2014-12-29 19:54:28 ----SHD---- C:\System Volume Information
2014-12-29 19:52:18 ----D---- C:\windows\system32\catroot2
2014-12-29 19:32:16 ----D---- C:\windows\Tasks
2014-12-29 19:32:15 ----D---- C:\windows\SysWOW64
2014-12-29 19:28:27 ----D---- C:\windows\Microsoft.NET
2014-12-29 19:26:28 ----D---- C:\windows\system32\catroot
2014-12-29 19:25:15 ----SHD---- C:\windows\Installer
2014-12-29 19:25:14 ----D---- C:\ProgramData\Skype
2014-12-29 19:25:04 ----RD---- C:\Program Files (x86)\Skype
2014-12-29 18:11:56 ----D---- C:\Program Files (x86)\SupTab
2014-12-29 18:11:52 ----D---- C:\Program Files (x86)\Software Updater
2014-12-29 17:59:23 ----D---- C:\windows\system32\Drivers
2014-12-29 17:57:38 ----D---- C:\ProgramData\WindowsMangerProtect
2014-12-29 17:57:38 ----D---- C:\ProgramData\IePluginServices
2014-12-29 17:53:07 ----D---- C:\Windows
2014-12-29 17:51:24 ----D---- C:\windows\Inf
2014-12-29 17:17:24 ----D---- C:\Users\Maria Hume\AppData\Roaming\webssearches
2014-12-29 17:07:45 ----D---- C:\windows\apppatch
2014-12-29 16:40:45 ----D---- C:\ProgramData\Norton
2014-12-29 16:40:44 ----D---- C:\Program Files\Google
2014-12-29 16:40:44 ----D---- C:\Program Files (x86)\Google
2014-12-29 16:38:31 ----HD---- C:\windows\ELAMBKUP
2014-12-29 16:38:31 ----D---- C:\Program Files\Common Files
2014-12-29 16:36:52 ----D---- C:\ProgramData\Google
2014-12-29 16:31:27 ----HD---- C:\Program Files\WindowsApps
2014-12-29 16:31:27 ----D---- C:\windows\AUInstallAgent
2014-12-20 09:45:18 ----HD---- C:\windows\system32\GroupPolicy
2014-12-20 09:45:18 ----D---- C:\windows\SYSWOW64\GroupPolicy
2014-12-20 09:45:16 ----RD---- C:\Users
2014-12-17 12:43:32 ----A---- C:\windows\SYSWOW64\msvcr100.dll
2014-12-17 12:43:31 ----A---- C:\windows\SYSWOW64\msvcp100.dll
2014-12-09 19:47:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-09 19:47:34 ----D---- C:\Program Files\Samsung
2014-12-09 19:45:47 ----RSD---- C:\windows\assembly
2014-12-09 19:43:51 ----D---- C:\Program Files (x86)\Samsung
2014-12-09 19:40:38 ----D---- C:\ProgramData\Samsung

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-12-29 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-12-29 267632]
R0 iaStorA;iaStorA; C:\windows\System32\drivers\iaStorA.sys [2012-09-01 647736]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-12-29 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-12-29 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-12-29 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-26 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-12-29 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-12-29 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-12-29 116728]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-29 271752]
R3 AthBTPort;@oem15.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2014-01-07 89800]
R3 athr;@oem16.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athw8x.sys [2012-09-19 3653632]
R3 BTATH_A2DP;@oem14.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2014-01-07 338120]
R3 btath_avdt;@oem14.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2014-01-07 116424]
R3 BTATH_BUS;@oem11.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\windows\System32\drivers\btath_bus.sys [2014-01-07 34384]
R3 BTATH_HCRP;@oem18.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\windows\System32\drivers\btath_hcrp.sys [2014-01-07 179432]
R3 BTATH_HID;@oem19.inf,%BTATH_HID%;Bluetooth HID Device; C:\windows\system32\DRIVERS\btath_hid.sys [2014-01-07 223432]
R3 BTATH_LWFLT;@oem20.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2014-01-07 77464]
R3 BTATH_RCP;@oem22.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\windows\System32\drivers\btath_rcp.sys [2014-01-07 137928]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2014-01-07 597192]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2012-10-10 5343584]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2013-01-18 4102928]
R3 MEIx64;@oem2.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\System32\drivers\HECIx64.sys [2012-07-18 62784]
R3 RadioHIDMini;@oem9.inf,%RadioHIDMini%;Radio HID Mini-driver; C:\windows\System32\drivers\RadioHIDMini.sys [2012-07-30 23408]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 RTL8168;@oem10.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2012-07-31 690832]
R3 SynTP;@oem90.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2012-10-16 457016]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S1 b786bdb3c67d;b786bdb3c67d; C:\windows\system32\drivers\b786bdb3c67d.sys [2014-12-18 53064]
S1 Salus;Salus; C:\windows\system32\drivers\Salus.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 dg_ssudbus;@oem88.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 nvlddmkm;nvlddmkm; C:\windows\system32\DRIVERS\nvlddmkm.sys [2012-06-28 13546344]
S3 RSUSBVSTOR;@oem5.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2013-01-18 315536]
S3 ssudmdm;@oem89.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2013-07-02 43008]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2012-07-26 57344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2014-01-07 318592]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-29 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 Easy Launcher;Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2014-01-29 1593152]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
R2 SWUpdateService;SW Update Service; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-10-21 3000664]
R2 UniversalUpdater;Universal Updater Service; C:\Program Files (x86)\Universal Updater\UpdaterService.exe [2014-09-29 623064]
R2 winzipersvc;WinZiper service; C:\Program Files (x86)\WinZipper\winzipersvc.exe [2014-12-17 470704]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-29 4012248]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-27 114800]
S4 Orbiter;Orbiter; C:\windows\System32\svchost.exe [2012-09-20 29696]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[cvariss]

Diky!!! Uz se na tom pracuje.
Takze 1. log z AdwCleaneru:

# AdwCleaner v4.106 - Report created 07/01/2015 at 11:59:53
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8 (64 bits)
# Username : Maria Hume - SAMSUNG
# Running from : C:\Users\Maria Hume\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : UniversalUpdater
Service Deleted : winzipersvc
[#] Service Deleted : salus
[#] Service Deleted : Orbiter
[#] Service Deleted : b786bdb3c67d
[#] Service Deleted : wpnfd_1_10_0_5
Service Deleted : wpsvc_1.10.0.5

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\PriceLess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Software Updater
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\Universal Updater
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\PriceLess
Folder Deleted : C:\Program Files (x86)\ORBTR
Folder Deleted : C:\Program Files (x86)\wordproser_1.10.0.5
Folder Deleted : C:\Program Files\HomeTab
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Maria Hume\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Maria Hume\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Maria Hume\AppData\Local\PennyBee
Folder Deleted : C:\Users\Maria Hume\AppData\Local\torch
Folder Deleted : C:\Users\Maria Hume\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Maria Hume\AppData\Roaming\ASP
Folder Deleted : C:\Users\Maria Hume\AppData\Roaming\PennyBee
Folder Deleted : C:\Users\Maria Hume\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Maria Hume\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Maria Hume\AppData\Roaming\webssearches
Folder Deleted : C:\Users\Maria Hume\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Folder Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklbojpanedmojgghckfgcklmbjfmhce
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklbojpanedmojgghckfgcklmbjfmhce
Folder Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklbojpanedmojgghckfgcklmbjfmhce
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fklbojpanedmojgghckfgcklmbjfmhce
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fklbojpanedmojgghckfgcklmbjfmhce
Folder Deleted : C:\Users\Maria Hume\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fklbojpanedmojgghckfgcklmbjfmhce
File Deleted : C:\windows\SysWOW64\RegistryHelperLM.ocx
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\drivers\wpnfd_1_10_0_5.sys
File Deleted : C:\Users\Maria Hume\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Maria Hume\Desktop\Live PC Help.lnk
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Deleted : C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : ASP
Task Deleted : LaunchSignup
Task Deleted : UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PennyBee]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CrashMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Salus CrashMon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PennyBee
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Salus
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\WordProser_1.10.0.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Salus
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordProser_1.10.0.5
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl []
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1412829008&from=air&uid=HitachiXHTS547550A9E384_J1120021CWY1RACWY1RAX&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1412829008&from=air&uid=HitachiXHTS547550A9E384_J1120021CWY1RACWY1RAX&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3 ... rms}&SSPV=
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3 ... rms}&SSPV=
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1419032797270&tguid=85023-29472-1419032797270-4D1AADE2EB0EFE1E55F9E9FC36F5D4CE&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1419032797270&tguid=85023-29472-1419032797270-4D1AADE2EB0EFE1E55F9E9FC36F5D4CE&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1419326087&from=wpm12233&uid=HitachiXHTS547550A9E384_J1120021CWY1RACWY1RAX&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : coljhboelhlkbgaaolcngflenaggpeao
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fcljdicbcnmfhekdcaobgbpjjifniemh
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kmedakdfngfmagjlndeckcbfcmidlbio
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : noajmlkipclmeolfcnflkjhijkigpfjh
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fcfenmboojpjinhpgggodefccipikbpd
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fklbojpanedmojgghckfgcklmbjfmhce
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.delta-homes.com/?type=hp&ts=1419326 ... 1RACWY1RAX

-\\ Comodo Dragon v

[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1412829008&from=air&uid=HitachiXHTS547550A9E384_J1120021CWY1RACWY1RAX&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1412829008&from=air&uid=HitachiXHTS547550A9E384_J1120021CWY1RACWY1RAX&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3 ... rms}&SSPV=
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3 ... rms}&SSPV=
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1419032797270&tguid=85023-29472-1419032797270-4D1AADE2EB0EFE1E55F9E9FC36F5D4CE&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=85023&st=bs&tid=29472&ver=6.9&ts=1419032797270&tguid=85023-29472-1419032797270-4D1AADE2EB0EFE1E55F9E9FC36F5D4CE&q={searchTerms}
[C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1419326087&from=wpm12233&uid=HitachiXHTS547550A9E384_J1120021CWY1RACWY1RAX&q={searchTerms}

*************************

AdwCleaner[R0].txt - [24329 octets] - [07/01/2015 11:57:19]
AdwCleaner[S0].txt - [22372 octets] - [07/01/2015 11:59:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22433 octets] ##########

[vyosek]

Pokracujte Zoek-em

[cvariss]

Zoek jsem spustil, ale už dvě hodiny je tam --- Checking Input a nic dalšího se.neděje. Je to normalni? Jak dlouho by to melo cca běžet? A potřebuje zoek aktivní inet připojení aby dokončil co ma? (Maji tu limit na data a uhlidat deti aby nic nestahovali je nadlidskej
...a absurdni úkol)

[vyosek]

Zoek sit nepotrebuje, zkuste jej spustit znovu v nouzovem rezimu

[cvariss]

Spuštěno v nouz.režimu. čekám na restart a log. Jak dlouho by to asi melo bezet??

[cvariss]

Spuštěno, běží téměř hodinu a nic...

[vyosek]

Dejte tedy log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[cvariss]

Takze log z FRST + Addition v priloze:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Maria Hume (administrator) on SAMSUNG on 07-01-2015 19:41:13
Running from C:\Users\Maria Hume\Desktop
Loaded Profile: Maria Hume (Available profiles: Maria Hume & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(forum.viry.cz) C:\Users\Maria Hume\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2013-01-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-14] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-16] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mbot_au_164] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-29] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\RunOnce: [Adobe Speed Launcher] => 1420622137
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\MountPoints2: {01c674a8-0bad-11e4-bec1-50b7c342a279} - "E:\Startme.exe"
AppInit_DLLs: C:\Program Files Files => C:\Program Files Files File Not Found
AppInit_DLLs-x32: C:\Program Files => C:\Program Files [0 2015-01-07] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/homepage/wind ... dium=promo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3491794209-2654014462-3659286912-1004 -> {35A48195-E528-4E84-8E95-4B82DE57DF48} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {C585D593-E7F3-4852-A200-561686EE02E4} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {C585D593-E7F3-4852-A200-561686EE02E4} -> No File
Toolbar: HKU\S-1-5-21-3491794209-2654014462-3659286912-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Maria Hume\AppData\Roaming\Mozilla\Firefox\Profiles\fwylepxw.default
FF DefaultSearchEngine: Microsoft (Bing)
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3491794209-2654014462-3659286912-1004: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF SearchPlugin: C:\Users\Maria Hume\AppData\Roaming\Mozilla\Firefox\Profiles\fwylepxw.default\searchplugins\bing-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-29]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Profile: C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google Search) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Avast Online Security) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (omihnninlhneakfglooiofgdbpmnhjgn) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2014-12-29]
CHR Extension: (Gmail) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-29] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-07] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-29] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-29] ()
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-07] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-29] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:41 - 2015-01-07 19:41 - 00014929 _____ () C:\Users\Maria Hume\Desktop\FRST.txt
2015-01-07 19:40 - 2015-01-07 19:41 - 00000000 ____D () C:\FRST
2015-01-07 19:36 - 2015-01-07 19:36 - 00112640 _____ (forum.viry.cz) C:\Users\Maria Hume\Desktop\FRSTLauncher.exe
2015-01-07 19:32 - 2015-01-07 19:32 - 00000000 ____D () C:\Users\Maria Hume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-07 19:32 - 2015-01-07 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-07 19:32 - 2015-01-07 19:32 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-07 19:29 - 2015-01-07 19:29 - 02123776 _____ (Farbar) C:\Users\Maria Hume\Desktop\FRST64.exe
2015-01-07 19:16 - 2015-01-07 19:18 - 00000197 _____ () C:\windows\system32\2015-01-07-09-16-52.047-AvastVBoxSVC.exe-3488.log
2015-01-07 19:15 - 2015-01-07 19:15 - 00000000 ___RD () C:\Users\Maria Hume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-07 17:54 - 2015-01-07 13:27 - 00000413 _____ () C:\zoek-results2015-01-07-032744.log
2015-01-07 17:37 - 2015-01-07 17:37 - 00000197 _____ () C:\windows\system32\2015-01-07-07-37-17.078-AvastVBoxSVC.exe-3964.log
2015-01-07 13:27 - 2015-01-07 13:05 - 00000362 _____ () C:\zoek-results2015-01-07-030555.log
2015-01-07 13:24 - 2015-01-07 13:24 - 00000197 _____ () C:\windows\system32\2015-01-07-03-24-21.070-AvastVBoxSVC.exe-3728.log
2015-01-07 13:05 - 2015-01-07 12:25 - 00000394 _____ () C:\zoek-results2015-01-07-022518.log
2015-01-07 12:58 - 2015-01-07 13:00 - 00000197 _____ () C:\windows\system32\2015-01-07-02-58-03.070-AvastVBoxSVC.exe-2856.log
2015-01-07 12:24 - 2015-01-07 17:54 - 00000464 _____ () C:\zoek-results.log
2015-01-07 12:19 - 2015-01-07 17:54 - 00000394 _____ () C:\runcheck.txt
2015-01-07 12:19 - 2015-01-07 12:19 - 00000000 ____D () C:\zoek_backup
2015-01-07 12:18 - 2015-01-07 12:18 - 01295360 _____ () C:\Users\Maria Hume\Desktop\zoek.exe
2015-01-07 12:09 - 2015-01-07 12:09 - 00000197 _____ () C:\windows\system32\2015-01-07-02-09-01.005-AvastVBoxSVC.exe-2540.log
2015-01-07 12:08 - 2014-11-27 07:11 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-07 12:08 - 2014-11-27 07:11 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-07 12:03 - 2015-01-07 12:03 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2015-01-07 11:53 - 2015-01-07 12:00 - 00000000 ____D () C:\AdwCleaner
2015-01-07 11:51 - 2015-01-07 11:51 - 02173952 _____ () C:\Users\Maria Hume\Desktop\adwcleaner_4.106.exe
2015-01-06 11:36 - 2015-01-06 11:37 - 00000000 ____D () C:\Users\Maria Hume\Desktop\RENEWAL
2015-01-06 11:34 - 2015-01-06 11:34 - 00000000 ____D () C:\rsit
2015-01-06 11:34 - 2015-01-06 11:34 - 00000000 ____D () C:\Program Files\trend micro
2015-01-06 11:33 - 2015-01-06 11:33 - 01222144 _____ () C:\Users\Maria Hume\Downloads\RSITx64.exe
2015-01-06 11:27 - 2015-01-07 11:50 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-06 11:27 - 2015-01-07 11:50 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-06 11:27 - 2015-01-06 11:27 - 00000000 ____D () C:\Users\Maria Hume\AppData\Roaming\Mozilla
2015-01-06 11:27 - 2015-01-06 11:27 - 00000000 ____D () C:\Users\Maria Hume\AppData\Local\Mozilla
2015-01-06 11:27 - 2015-01-06 11:27 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-06 11:27 - 2015-01-06 11:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-06 11:27 - 2015-01-06 11:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-29 20:22 - 2015-01-07 11:50 - 00003286 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-3491794209-2654014462-3659286912-1004
2014-12-29 20:22 - 2014-12-29 20:22 - 00000247 _____ () C:\windows\system32\2014-12-29-10-22-07.082-aswFe.exe-5572.log
2014-12-29 20:07 - 2014-10-09 14:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-29 20:07 - 2014-10-09 14:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-29 20:07 - 2014-10-09 14:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-29 20:07 - 2014-10-09 13:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-29 20:07 - 2014-10-09 13:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-29 20:06 - 2014-12-29 20:22 - 00000247 _____ () C:\windows\system32\2014-12-29-10-06-46.068-aswFe.exe-5024.log
2014-12-29 20:06 - 2014-12-29 20:06 - 00000197 _____ () C:\windows\system32\2014-12-29-10-06-43.002-AvastVBoxSVC.exe-1248.log
2014-12-29 19:57 - 2014-09-13 16:24 - 02233152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-12-29 19:57 - 2014-09-06 10:46 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-12-29 19:57 - 2014-09-03 12:48 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2014-12-29 19:57 - 2014-09-03 12:22 - 00188928 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2014-12-29 19:57 - 2014-08-29 14:17 - 02043392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-29 19:57 - 2014-08-29 14:17 - 00227328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-29 19:57 - 2014-08-29 14:04 - 02837504 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-29 19:57 - 2014-08-29 14:04 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-29 19:57 - 2014-08-28 16:04 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSCOMEX.dll
2014-12-29 19:57 - 2014-08-28 16:04 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-12-29 19:57 - 2014-08-28 15:59 - 00616448 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-12-29 19:57 - 2014-08-28 15:59 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-12-29 19:57 - 2014-08-28 15:59 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\FXSTIFF.dll
2014-12-29 19:57 - 2014-08-28 15:59 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\FXST30.dll
2014-12-29 19:57 - 2014-07-24 23:12 - 00328512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-12-29 19:56 - 2014-10-11 17:44 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-12-29 19:56 - 2014-10-02 09:05 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-12-29 19:56 - 2014-09-25 09:29 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-12-29 19:56 - 2014-09-25 09:29 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2014-12-29 19:56 - 2014-09-25 09:01 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-29 19:56 - 2014-09-25 09:01 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2014-12-29 19:56 - 2014-08-22 09:56 - 01418752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-12-29 19:56 - 2014-08-22 09:27 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-12-29 19:55 - 2014-10-23 22:47 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-12-29 19:55 - 2014-10-23 21:04 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-12-29 19:55 - 2014-10-18 18:44 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-12-29 19:55 - 2014-10-18 17:05 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-12-29 19:55 - 2014-10-11 17:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-29 19:55 - 2014-10-11 15:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-29 19:55 - 2014-10-11 15:41 - 00713728 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-12-29 19:55 - 2014-10-11 15:41 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-12-29 19:55 - 2014-10-11 15:05 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-12-29 19:55 - 2014-10-11 15:04 - 00713728 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-12-29 19:55 - 2014-10-09 13:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-29 19:55 - 2014-10-09 13:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-29 19:55 - 2014-10-09 13:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-29 19:55 - 2014-09-22 15:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-29 19:55 - 2014-09-22 13:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-29 19:54 - 2014-11-21 18:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-29 19:54 - 2014-11-08 21:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-12-29 19:54 - 2014-11-08 21:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-12-29 19:54 - 2014-11-08 16:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-12-29 19:54 - 2014-11-08 16:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-12-29 19:54 - 2014-10-11 18:35 - 00171840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-12-29 19:54 - 2014-10-11 17:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-12-29 19:54 - 2014-10-11 17:43 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-12-29 19:54 - 2014-10-11 15:57 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-12-29 19:53 - 2014-12-09 17:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-12-29 19:53 - 2014-12-09 17:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-12-29 19:53 - 2014-11-21 18:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-29 19:53 - 2014-11-21 18:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-29 19:53 - 2014-11-21 18:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-29 19:53 - 2014-11-21 18:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-29 19:53 - 2014-11-21 18:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-29 19:53 - 2014-11-21 18:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-29 19:53 - 2014-11-21 18:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-29 19:53 - 2014-11-21 17:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-29 19:53 - 2014-11-21 17:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-29 19:53 - 2014-11-21 17:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-29 19:53 - 2014-11-21 17:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-29 19:53 - 2014-11-21 17:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-29 19:53 - 2014-11-21 17:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-29 19:53 - 2014-11-21 17:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-29 19:53 - 2014-11-21 17:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-29 19:53 - 2014-11-21 17:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-29 19:53 - 2014-11-21 16:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-29 19:53 - 2014-11-21 14:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-29 19:53 - 2014-11-06 16:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-29 19:53 - 2014-11-06 15:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-29 19:53 - 2014-10-22 13:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-12-29 19:53 - 2014-10-22 11:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-12-29 19:53 - 2014-10-22 11:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-29 19:53 - 2014-10-22 11:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-12-29 19:53 - 2014-10-22 11:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-12-29 19:53 - 2014-10-22 11:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-29 19:53 - 2014-10-22 11:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-12-29 19:53 - 2014-10-11 17:45 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-12-29 19:53 - 2014-10-11 17:44 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-12-29 19:53 - 2014-10-11 17:44 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-12-29 19:53 - 2014-10-11 17:43 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-12-29 19:53 - 2014-10-11 15:58 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-12-29 19:53 - 2014-10-11 15:57 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-12-29 19:53 - 2014-10-11 15:57 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-12-29 19:53 - 2014-10-11 15:56 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-12-29 19:53 - 2014-10-03 11:21 - 00522728 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-12-29 19:53 - 2014-10-03 08:29 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-12-29 19:53 - 2014-10-03 08:29 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-12-29 19:53 - 2014-10-03 08:29 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-12-29 19:53 - 2014-09-22 15:53 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-12-29 19:53 - 2014-08-27 08:08 - 00270024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-12-29 19:52 - 2014-10-30 17:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-29 19:52 - 2014-10-30 15:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-29 19:32 - 2014-12-29 19:49 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-29 19:32 - 2014-12-29 19:49 - 00000000 ____D () C:\windows\system32\vbox
2014-12-29 17:54 - 2014-12-29 17:54 - 00001968 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-29 17:54 - 2014-12-29 17:54 - 00000000 ____D () C:\Users\Maria Hume\AppData\Roaming\AVAST Software
2014-12-29 17:54 - 2014-12-29 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-29 17:53 - 2015-01-07 19:15 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-29 17:53 - 2014-12-29 17:53 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-29 17:53 - 2014-12-29 17:52 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-12-29 17:53 - 2014-12-29 17:52 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-29 17:53 - 2014-12-29 17:52 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-29 17:53 - 2014-12-29 17:52 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-29 17:53 - 2014-12-29 17:52 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-29 17:53 - 2014-12-29 17:52 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-29 17:53 - 2014-12-29 17:52 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-29 17:53 - 2014-12-29 17:52 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-29 17:52 - 2014-12-29 17:53 - 00000000 ____D () C:\2bf47f1cdab82283423f6ec7
2014-12-29 17:52 - 2014-12-29 17:52 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-29 17:51 - 2014-12-29 17:51 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-29 17:50 - 2014-12-29 17:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-29 17:49 - 2014-12-29 17:49 - 05006864 _____ (AVAST Software) C:\Users\Maria Hume\Downloads\avast_free_antivirus_setup_online.exe
2014-12-29 17:14 - 2014-12-29 17:14 - 00003170 _____ () C:\windows\System32\Tasks\{D6AC9E51-FB29-43AC-86B9-FE334CC14468}
2014-12-20 09:48 - 2014-12-20 09:48 - 01800160 _____ (Cinema VideoV19.12) C:\Users\Maria Hume\AppData\Roaming\LFRSXZIQ.exe
2014-12-20 09:48 - 2014-12-20 09:48 - 00000000 ____D () C:\Users\Maria Hume\AppData\Roaming\smileyswelove
2014-12-20 09:47 - 2014-12-20 09:47 - 00001080 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-20 09:47 - 2014-12-20 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-20 09:47 - 2014-12-20 09:47 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-20 09:45 - 2014-12-29 17:08 - 00000000 ____D () C:\ProgramData\a249ce52301acee
2014-12-20 09:45 - 2014-12-20 09:45 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-20 09:45 - 2014-12-20 09:45 - 00000000 ____D () C:\Users\Maria Hume\AppData\Local\Comodo
2014-12-20 09:45 - 2014-12-20 09:45 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-12-20 09:45 - 2014-12-20 09:45 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-12-20 09:45 - 2014-12-20 09:45 - 00000000 ____D () C:\Users\Guest
2014-12-20 09:45 - 2014-12-20 09:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-20 09:45 - 2014-12-20 09:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-20 09:43 - 2014-12-20 09:46 - 00000000 ____D () C:\Users\Maria Hume\Documents\vlc
2014-12-20 09:35 - 2014-12-29 17:57 - 00000000 ____D () C:\Program Files (x86)\SU1MxZDdjYzBiOA
2014-12-18 10:06 - 2014-12-18 10:06 - 00053064 _____ () C:\windows\system32\Drivers\b786bdb3c67d.sys
2014-12-09 19:48 - 2014-12-09 19:48 - 00003126 _____ () C:\windows\System32\Tasks\advRecovery
2014-12-09 19:47 - 2014-12-09 19:47 - 00001581 _____ () C:\Users\Public\Desktop\Recovery.lnk
2014-12-09 19:43 - 2014-12-09 19:43 - 00002033 _____ () C:\Users\Public\Desktop\Online Support(S Service).lnk
2014-12-09 19:43 - 2014-12-09 19:43 - 00000000 ____D () C:\Users\Maria Hume\AppData\Roaming\Samsung

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 19:21 - 2012-12-15 10:50 - 00000000 ____D () C:\Users\Maria Hume\AppData\Roaming\Skype
2015-01-07 19:18 - 2013-12-09 07:44 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-07 19:14 - 2012-08-06 07:07 - 00742346 _____ () C:\windows\PFRO.log
2015-01-07 19:14 - 2012-07-26 17:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-07 17:39 - 2012-07-26 17:28 - 00977668 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-07 17:11 - 2013-05-16 09:11 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 16:00 - 2012-07-26 18:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-07 12:56 - 2012-07-26 15:26 - 01048576 ___SH () C:\windows\system32\config\BBI
2015-01-07 12:27 - 2012-08-31 15:21 - 01375736 _____ () C:\windows\WindowsUpdate.log
2015-01-07 12:07 - 2014-10-17 11:51 - 00281624 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-07 12:03 - 2012-07-26 18:12 - 00000000 ___RD () C:\windows\ToastData
2015-01-07 12:03 - 2012-07-26 18:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-07 12:03 - 2012-07-26 18:12 - 00000000 ____D () C:\windows\WinStore
2015-01-07 12:03 - 2012-07-26 18:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-07 12:03 - 2012-07-26 18:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-07 11:48 - 2013-04-24 03:39 - 00000000 ____D () C:\Users\Maria Hume\AppData\Local\CrashDumps
2014-12-29 20:25 - 2013-02-25 00:13 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3491794209-2654014462-3659286912-1004
2014-12-29 20:13 - 2012-07-26 17:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-29 20:11 - 2013-08-15 06:27 - 00000000 ____D () C:\windows\system32\MRT
2014-12-29 19:25 - 2012-12-15 10:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-29 19:25 - 2012-12-15 10:50 - 00000000 ____D () C:\ProgramData\Skype
2014-12-29 17:53 - 2012-07-26 15:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-29 17:17 - 2013-05-16 09:12 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-29 17:17 - 2012-12-15 10:06 - 00001446 _____ () C:\Users\Maria Hume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-29 16:40 - 2013-12-09 07:49 - 00000000 ____D () C:\ProgramData\Norton
2014-12-29 16:40 - 2013-05-16 09:11 - 00000000 ____D () C:\Program Files\Google
2014-12-29 16:40 - 2013-05-16 09:11 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-29 16:38 - 2012-07-26 18:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-12-29 16:36 - 2013-05-16 09:11 - 00000000 ____D () C:\Users\Maria Hume\AppData\Local\Google
2014-12-29 16:36 - 2013-05-16 09:11 - 00000000 ____D () C:\ProgramData\Google
2014-12-29 16:31 - 2012-07-26 18:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-23 20:43 - 2012-12-15 10:03 - 00000000 ____D () C:\Users\Maria Hume
2014-12-23 20:07 - 2014-10-01 10:07 - 00000096 _____ () C:\Users\Maria Hume\AppData\Roaming\WB.CFG
2014-12-20 09:45 - 2012-07-26 18:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-12-20 09:45 - 2012-07-26 18:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-12-17 12:43 - 2011-02-19 23:03 - 00421040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp100.dll
2014-12-17 12:43 - 2011-02-19 00:40 - 00773808 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100.dll
2014-12-13 14:36 - 2013-05-16 09:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 19:47 - 2012-08-31 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-09 19:47 - 2012-08-31 15:21 - 00000000 ____D () C:\Program Files\Samsung
2014-12-09 19:47 - 2012-08-31 15:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-09 19:43 - 2012-08-31 15:21 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-09 19:40 - 2014-10-13 06:51 - 00001956 _____ () C:\Users\Public\Desktop\SW Update.lnk
2014-12-09 19:40 - 2013-01-16 05:25 - 00000000 ____D () C:\ProgramData\Samsung

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Maria Hume\AppData\Local\Temp\7za.exe
C:\Users\Maria Hume\AppData\Local\Temp\hijackthis.exe
C:\Users\Maria Hume\AppData\Local\Temp\NirCmd.exe
C:\Users\Maria Hume\AppData\Local\Temp\PEVZ.EXE
C:\Users\Maria Hume\AppData\Local\Temp\Quarantine.exe
C:\Users\Maria Hume\AppData\Local\Temp\remove.exe
C:\Users\Maria Hume\AppData\Local\Temp\sed.exe
C:\Users\Maria Hume\AppData\Local\Temp\shortcut.exe
C:\Users\Maria Hume\AppData\Local\Temp\sqlite3.dll
C:\Users\Maria Hume\AppData\Local\Temp\swreg.exe
C:\Users\Maria Hume\AppData\Local\Temp\swxcacls.exe
C:\Users\Maria Hume\AppData\Local\Temp\wget.exe
C:\Users\Maria Hume\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 17:52




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:441.78 GB) (Free:398.3 GB) NTFS

Available physical RAM: 2746.03 MB
Total physical RAM: 3987.67 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: 37DF0F5E)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Maria Hume\Desktop" je 109 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Dejte mi sem prosim log C:\runcheck.txt a C:\zoek-results.log

[cvariss]

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Maria Hume on Wed 07/01/2015 at 17:48:37.71.
Microsoft Windows 8 6.2.9200 x64
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\Maria Hume\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 17:54:06.79 =====

--- Create Environment Variables 17:54:07.59
--- Checking Input 17:54:13.26



Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Maria Hume on Wed 07/01/2015 at 17:48:37.71.
Microsoft Windows 8 6.2.9200 x64
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\Maria Hume\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-01-07-022518.log 394 bytes
C:\zoek-results2015-01-07-030555.log 362 bytes
C:\zoek-results2015-01-07-032744.log 413 bytes

[cvariss]

To je bohuzel vse. Ani jednou to nedojelo do konce. Jednou to bezelo cca 2 hod., podruhe cca hodinu...

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
  HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
  HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-14] (Intel Corporation)
  HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-16] (CyberLink Corp.)
  HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [mbot_au_164] => [X]
  HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
  HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\RunOnce: [Adobe Speed Launcher] => 1420622137
  HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\Policies\system: [DisableLockWorkstation] 0
  HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\MountPoints2: {01c674a8-0bad-11e4-bec1-50b7c342a279} - "E:\Startme.exe"
  AppInit_DLLs: C:\Program Files Files => C:\Program Files Files File Not Found
  AppInit_DLLs-x32: C:\Program Files => C:\Program Files [0 2015-01-07] ()
  GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-3491794209-2654014462-3659286912-1004 -> {35A48195-E528-4E84-8E95-4B82DE57DF48} URL = 
  BHO: No Name -> {C585D593-E7F3-4852-A200-561686EE02E4} -> No File
  BHO-x32: No Name -> {C585D593-E7F3-4852-A200-561686EE02E4} -> No File
  Toolbar: HKU\S-1-5-21-3491794209-2654014462-3659286912-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  
  FF DefaultSearchEngine: Microsoft (Bing)
  FF DefaultSearchUrl: hxxp://www.bing.com/search
  FF SearchEngineOrder.1: Microsoft (Bing)
  FF SelectedSearchEngine: Microsoft (Bing)
  FF Homepage: hxxp://www.msn.com/?pc=AV01
  FF Keyword.URL: hxxp://www.bing.com/search
  FF SearchPlugin: C:\Users\Maria Hume\AppData\Roaming\Mozilla\Firefox\Profiles\fwylepxw.default\searchplugins\bing-avast.xml
  
  CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
  CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
  CHR Extension: (omihnninlhneakfglooiofgdbpmnhjgn) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2014-12-29]
  
  R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
  R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
  
  c:\Program Files (x86)\Skype\Toolbars
  2015-01-07 19:41 - 2015-01-07 19:41 - 00014929 _____ () C:\Users\Maria Hume\Desktop\FRST.txt
  2015-01-07 19:36 - 2015-01-07 19:36 - 00112640 _____ (forum.viry.cz) C:\Users\Maria Hume\Desktop\FRSTLauncher.exe
  2015-01-07 19:16 - 2015-01-07 19:18 - 00000197 _____ () C:\windows\system32\2015-01-07-09-16-52.047-AvastVBoxSVC.exe-3488.log
  2015-01-07 17:54 - 2015-01-07 13:27 - 00000413 _____ () C:\zoek-results2015-01-07-032744.log
  2015-01-07 17:37 - 2015-01-07 17:37 - 00000197 _____ () C:\windows\system32\2015-01-07-07-37-17.078-AvastVBoxSVC.exe-3964.log
  2015-01-07 13:27 - 2015-01-07 13:05 - 00000362 _____ () C:\zoek-results2015-01-07-030555.log
  2015-01-07 13:24 - 2015-01-07 13:24 - 00000197 _____ () C:\windows\system32\2015-01-07-03-24-21.070-AvastVBoxSVC.exe-3728.log
  2015-01-07 13:05 - 2015-01-07 12:25 - 00000394 _____ () C:\zoek-results2015-01-07-022518.log
  2015-01-07 12:58 - 2015-01-07 13:00 - 00000197 _____ () C:\windows\system32\2015-01-07-02-58-03.070-AvastVBoxSVC.exe-2856.log
  2015-01-07 12:24 - 2015-01-07 17:54 - 00000464 _____ () C:\zoek-results.log
  2015-01-07 12:19 - 2015-01-07 17:54 - 00000394 _____ () C:\runcheck.txt
  2015-01-07 12:19 - 2015-01-07 12:19 - 00000000 ____D () C:\zoek_backup
  2015-01-07 12:18 - 2015-01-07 12:18 - 01295360 _____ () C:\Users\Maria Hume\Desktop\zoek.exe
  2015-01-07 12:09 - 2015-01-07 12:09 - 00000197 _____ () C:\windows\system32\2015-01-07-02-09-01.005-AvastVBoxSVC.exe-2540.log
  2015-01-07 11:53 - 2015-01-07 12:00 - 00000000 ____D () C:\AdwCleaner
  2015-01-07 11:51 - 2015-01-07 11:51 - 02173952 _____ () C:\Users\Maria Hume\Desktop\adwcleaner_4.106.exe
  2015-01-06 11:34 - 2015-01-06 11:34 - 00000000 ____D () C:\rsit
  2015-01-06 11:34 - 2015-01-06 11:34 - 00000000 ____D () C:\Program Files\trend micro
  2015-01-06 11:33 - 2015-01-06 11:33 - 01222144 _____ () C:\Users\Maria Hume\Downloads\RSITx64.exe
  2014-12-29 17:49 - 2014-12-29 17:49 - 05006864 _____ (AVAST Software) C:\Users\Maria Hume\Downloads\avast_free_antivirus_setup_online.exe
  2014-12-20 09:48 - 2014-12-20 09:48 - 01800160 _____ (Cinema VideoV19.12) C:\Users\Maria Hume\AppData\Roaming\LFRSXZIQ.exe
  2014-12-20 09:35 - 2014-12-29 17:57 - 00000000 ____D () C:\Program Files (x86)\SU1MxZDdjYzBiOA
  2014-12-18 10:06 - 2014-12-18 10:06 - 00053064 _____ () C:\windows\system32\Drivers\b786bdb3c67d.sys
  
  Task: {2090A054-FE59-4EAA-ABD7-4B43B0282DA5} - System32\Tasks\{D6AC9E51-FB29-43AC-86B9-FE334CC14468} => pcalua.exe -a "C:\Users\Maria Hume\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=air
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[cvariss]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Maria Hume at 2015-01-08 07:35:27 Run:1
Running from C:\Users\Maria Hume\Desktop
Loaded Profile: Maria Hume (Available profiles: Maria Hume & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-14] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-16] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mbot_au_164] => [X]
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\RunOnce: [Adobe Speed Launcher] => 1420622137
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\...\MountPoints2: {01c674a8-0bad-11e4-bec1-50b7c342a279} - "E:\Startme.exe"
AppInit_DLLs: C:\Program Files Files => C:\Program Files Files File Not Found
AppInit_DLLs-x32: C:\Program Files => C:\Program Files [0 2015-01-07] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3491794209-2654014462-3659286912-1004 -> {35A48195-E528-4E84-8E95-4B82DE57DF48} URL =
BHO: No Name -> {C585D593-E7F3-4852-A200-561686EE02E4} -> No File
BHO-x32: No Name -> {C585D593-E7F3-4852-A200-561686EE02E4} -> No File
Toolbar: HKU\S-1-5-21-3491794209-2654014462-3659286912-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF DefaultSearchEngine: Microsoft (Bing)
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF SearchPlugin: C:\Users\Maria Hume\AppData\Roaming\Mozilla\Firefox\Profiles\fwylepxw.default\searchplugins\bing-avast.xml

CHR Plugin: (AppUp) - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Extension: (omihnninlhneakfglooiofgdbpmnhjgn) - C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2014-12-29]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

c:\Program Files (x86)\Skype\Toolbars
2015-01-07 19:41 - 2015-01-07 19:41 - 00014929 _____ () C:\Users\Maria Hume\Desktop\FRST.txt
2015-01-07 19:36 - 2015-01-07 19:36 - 00112640 _____ (forum.viry.cz) C:\Users\Maria Hume\Desktop\FRSTLauncher.exe
2015-01-07 19:16 - 2015-01-07 19:18 - 00000197 _____ () C:\windows\system32\2015-01-07-09-16-52.047-AvastVBoxSVC.exe-3488.log
2015-01-07 17:54 - 2015-01-07 13:27 - 00000413 _____ () C:\zoek-results2015-01-07-032744.log
2015-01-07 17:37 - 2015-01-07 17:37 - 00000197 _____ () C:\windows\system32\2015-01-07-07-37-17.078-AvastVBoxSVC.exe-3964.log
2015-01-07 13:27 - 2015-01-07 13:05 - 00000362 _____ () C:\zoek-results2015-01-07-030555.log
2015-01-07 13:24 - 2015-01-07 13:24 - 00000197 _____ () C:\windows\system32\2015-01-07-03-24-21.070-AvastVBoxSVC.exe-3728.log
2015-01-07 13:05 - 2015-01-07 12:25 - 00000394 _____ () C:\zoek-results2015-01-07-022518.log
2015-01-07 12:58 - 2015-01-07 13:00 - 00000197 _____ () C:\windows\system32\2015-01-07-02-58-03.070-AvastVBoxSVC.exe-2856.log
2015-01-07 12:24 - 2015-01-07 17:54 - 00000464 _____ () C:\zoek-results.log
2015-01-07 12:19 - 2015-01-07 17:54 - 00000394 _____ () C:\runcheck.txt
2015-01-07 12:19 - 2015-01-07 12:19 - 00000000 ____D () C:\zoek_backup
2015-01-07 12:18 - 2015-01-07 12:18 - 01295360 _____ () C:\Users\Maria Hume\Desktop\zoek.exe
2015-01-07 12:09 - 2015-01-07 12:09 - 00000197 _____ () C:\windows\system32\2015-01-07-02-09-01.005-AvastVBoxSVC.exe-2540.log
2015-01-07 11:53 - 2015-01-07 12:00 - 00000000 ____D () C:\AdwCleaner
2015-01-07 11:51 - 2015-01-07 11:51 - 02173952 _____ () C:\Users\Maria Hume\Desktop\adwcleaner_4.106.exe
2015-01-06 11:34 - 2015-01-06 11:34 - 00000000 ____D () C:\rsit
2015-01-06 11:34 - 2015-01-06 11:34 - 00000000 ____D () C:\Program Files\trend micro
2015-01-06 11:33 - 2015-01-06 11:33 - 01222144 _____ () C:\Users\Maria Hume\Downloads\RSITx64.exe
2014-12-29 17:49 - 2014-12-29 17:49 - 05006864 _____ (AVAST Software) C:\Users\Maria Hume\Downloads\avast_free_antivirus_setup_online.exe
2014-12-20 09:48 - 2014-12-20 09:48 - 01800160 _____ (Cinema VideoV19.12) C:\Users\Maria Hume\AppData\Roaming\LFRSXZIQ.exe
2014-12-20 09:35 - 2014-12-29 17:57 - 00000000 ____D () C:\Program Files (x86)\SU1MxZDdjYzBiOA
2014-12-18 10:06 - 2014-12-18 10:06 - 00053064 _____ () C:\windows\system32\Drivers\b786bdb3c67d.sys

Task: {2090A054-FE59-4EAA-ABD7-4B43B0282DA5} - System32\Tasks\{D6AC9E51-FB29-43AC-86B9-FE334CC14468} => pcalua.exe -a "C:\Users\Maria Hume\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=air
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Intel AppUp(SM) center => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_au_164 => value deleted successfully.
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher => value deleted successfully.
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully.
"HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01c674a8-0bad-11e4-bec1-50b7c342a279}" => Key deleted successfully.
HKCR\CLSID\{01c674a8-0bad-11e4-bec1-50b7c342a279} => Key not found.
"C:\Program Files Files" => Value Data not found.
"C:\Program Files" => Value Data removed successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{35A48195-E528-4E84-8E95-4B82DE57DF48}" => Key deleted successfully.
HKCR\CLSID\{35A48195-E528-4E84-8E95-4B82DE57DF48} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}" => Key deleted successfully.
HKCR\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4} => Key not found.
HKU\S-1-5-21-3491794209-2654014462-3659286912-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Maria Hume\AppData\Roaming\Mozilla\Firefox\Profiles\fwylepxw.default\searchplugins\bing-avast.xml => Moved successfully.
C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll => Moved successfully.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Users\Maria Hume\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn => Moved successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service deleted successfully.
c:\Program Files (x86)\Skype\Toolbars => Moved successfully.
C:\Users\Maria Hume\Desktop\FRST.txt => Moved successfully.
"C:\Users\Maria Hume\Desktop\FRSTLauncher.exe" => File/Directory not found.
Could not move "C:\windows\system32\2015-01-07-09-16-52.047-AvastVBoxSVC.exe-3488.log" => Scheduled to move on reboot.
C:\zoek-results2015-01-07-032744.log => Moved successfully.
C:\windows\system32\2015-01-07-07-37-17.078-AvastVBoxSVC.exe-3964.log => Moved successfully.
C:\zoek-results2015-01-07-030555.log => Moved successfully.
C:\windows\system32\2015-01-07-03-24-21.070-AvastVBoxSVC.exe-3728.log => Moved successfully.
C:\zoek-results2015-01-07-022518.log => Moved successfully.
C:\windows\system32\2015-01-07-02-58-03.070-AvastVBoxSVC.exe-2856.log => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\runcheck.txt => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Maria Hume\Desktop\zoek.exe => Moved successfully.
C:\windows\system32\2015-01-07-02-09-01.005-AvastVBoxSVC.exe-2540.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Maria Hume\Desktop\adwcleaner_4.106.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Maria Hume\Downloads\RSITx64.exe => Moved successfully.
C:\Users\Maria Hume\Downloads\avast_free_antivirus_setup_online.exe => Moved successfully.
C:\Users\Maria Hume\AppData\Roaming\LFRSXZIQ.exe => Moved successfully.
C:\Program Files (x86)\SU1MxZDdjYzBiOA => Moved successfully.
C:\windows\system32\Drivers\b786bdb3c67d.sys => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2090A054-FE59-4EAA-ABD7-4B43B0282DA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2090A054-FE59-4EAA-ABD7-4B43B0282DA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D6AC9E51-FB29-43AC-86B9-FE334CC14468} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D6AC9E51-FB29-43AC-86B9-FE334CC14468}" => Key deleted successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.8 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-08 07:42:44)<=

C:\windows\system32\2015-01-07-09-16-52.047-AvastVBoxSVC.exe-3488.log => Is moved successfully.

==== End of Fixlog 07:42:44 ====