VIRY.CZ

Dobrý deň,
mám už niekoľko rokov nainštalovaný Spyware Terminator v laptope, nemala som doteraz žiadne problémy, ale v poslednej dobe mi začal veľmi mrznúť laptop, nefunguje Internet, často všetko padá. Spyware Terminator mi stále hlási, že zablokoval hrozbu. Konkrétne niečo, čo sa týka súboru svchost.exe. Ja sama vôbec neviem, čo to znamená. Pozerala som tu nejaké predchádzajúce fóra, mal tu už niekto podobný problém, tomu ste radili použiť aswMBR a poslať log. To som urobila aj ja, log prikladám, mohli by ste mi prosím pomôcť?
Vopred veľmi pekne ďakujem.

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-07-08 18:12:31
-----------------------------
18:12:31.020 OS Version: Windows 6.1.7601 Service Pack 1
18:12:31.020 Number of processors: 2 586 0x170A
18:12:31.021 ComputerName: HP-NB UserName: HP
18:12:32.709 Initialize success
18:12:32.720 VM: initialized successfully
18:12:32.722 VM: Intel CPU virtualization not supported
18:14:18.030 AVAST engine defs: 15070800
18:14:38.663 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:14:38.668 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
18:14:38.808 Disk 0 MBR read successfully
18:14:38.813 Disk 0 MBR scan
18:14:39.003 Disk 0 Windows VISTA default MBR code
18:14:39.025 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
18:14:39.057 Disk 0 default boot code
18:14:39.149 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459229 MB offset 616448
18:14:39.212 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 941117440
18:14:39.344 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 972574720
18:14:39.499 Disk 0 scanning sectors +976758784
18:14:39.725 Disk 0 scanning C:\windows\system32\drivers
18:15:12.643 Service scanning
18:15:37.610 Service MpKsld7c5cd92 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14B13DBA-EFA0-4742-BD4B-38CA01EAC58B}\MpKsld7c5cd92.sys **LOCKED** 32
18:15:51.628 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
18:16:07.112 Modules scanning
18:16:07.122 Disk 0 trace - called modules:
18:16:07.206 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spaq.sys >>UNKNOWN [0x858b0938]<<
18:16:07.233 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8711c460]
18:16:07.240 3 CLASSPNP.SYS[8b7ac59e] -> nt!IofCallDriver -> [0x866d4958]
18:16:07.247 5 ACPI.sys[8b3503d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866e5028]
18:16:09.052 AVAST engine scan C:\windows
18:16:26.254 AVAST engine scan C:\windows\system32
18:24:00.150 AVAST engine scan C:\windows\system32\drivers
18:24:32.986 AVAST engine scan C:\Users\HP
20:50:43.154 AVAST engine scan C:\ProgramData
21:12:27.370 Disk 0 statistics 5046880/0/0 @ 0,32 MB/s
21:12:27.408 Scan finished successfully
00:14:37.236 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
00:14:37.326 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"

Zdravim

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Dobrý deň,
začala som robiť scan, ale Spyware Terminator stále neprestajne hlási, že blokuje hrozby. Nemám ho odinštalovať zatiaľ?
ďakujem.

Nechala som to nakoniec dobehnúť. Prikladám log a súbor Addition.
Ďakujem.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by HP (administrator) on HP-NB on 09-07-2015 08:16:58
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Crawler Group) C:\Program Files\Spyware Terminator\st_rsser.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Crawler Group) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler Group) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(forum.viry.cz) C:\Users\HP\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-593d0e7b.exe
() C:\c2ea74bd6266f0c89add44\MPSigStub.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [3860304 2015-07-01] (Crawler Group)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5456720 2015-07-01] (Crawler Group)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Sticky] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Google+ Auto Backup] => "C:\Users\HP\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\MountPoints2: {5969420a-102a-11e0-8abc-70f39553c15e} - D:\setup.exe
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-06-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk [2011-03-31]
ShortcutTarget: fliptoast.lnk -> C:\Program Files\fliptoast\fliptoast.exe (No File)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2011-04-20]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=14672
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.sk/
URLSearchHook: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 - (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
SearchScopes: HKLM -> DefaultScope {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL =
SearchScopes: HKU\.DEFAULT -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60446
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> DefaultScope {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60446
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {622CFE39-9E04-4539-BFEE-E724C1DEB723} URL = http://websearch.ask.com/redirect?clien ... 904C6C71E3&
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-23] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-10] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll [2004-05-13] ()
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25] ()
Toolbar: HKU\.DEFAULT -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25] ()
Toolbar: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.109.102.132 134.109.102.133
Tcpip\..\Interfaces\{400ECA61-F260-490D-A042-864345469256}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{53EF6E12-5BF7-4106-A28B-7D1534351DC2}: [DhcpNameServer] 134.109.102.132 134.109.102.133

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default
FF Homepage: hxxp://www.google.sk/
FF Keyword.URL: hxxp://search.sweetim.com/search.asp?src=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-23] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\HP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @talk.google.com/O1DPlugin -> C:\Users\HP\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdbplug.dll [2011-01-07] (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-13] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Users\HP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\HP\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\searchplugins\askcom.xml [2011-11-17]
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\searchplugins\daemon-search.xml [2010-12-25]
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\searchplugins\sweetim.xml [2012-09-08]
FF Extension: DAEMON Tools Toolbar - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\DTToolbar@toolbarnet.com [2011-05-10]
FF Extension: YouTube Unblocker - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\youtubeunblocker@unblocker.yt [2015-06-02]
FF Extension: FreeOnlineRadioPlayerRecorder - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b} [2015-02-22]
FF Extension: Nepi Jano! - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\jid1-ujYo9WP31heSeQ@jetpack.xpi [2014-11-18]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-22]
FF Extension: {de7b1bd2-5239-4c66-885e-06b8af0b2a85} - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{de7b1bd2-5239-4c66-885e-06b8af0b2a85}.xpi [2015-03-20]

Chrome:
=======
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Puk-Puk) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngkcldnnppckgbmndaccoffaikjbemc [2014-08-18]
CHR Extension: (AdBlock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-18]
CHR Extension: (SweetIM for Facebook) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-10-03]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-12-03]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]
CHR Extension: (YouTube Unblocker) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2015-02-22]
CHR Extension: (Nepi Jano!) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\paddiapjbnmknhhobfcjnnmhgihnpgne [2014-02-10]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-09-08]
CHR HKU\S-1-5-21-3787904305-2975268458-854645899-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\HP\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [2012-11-26]
StartMenuInternet: Google Chrome - C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Opera:
=======
OPR Extension: (YouTube Unblocker) - C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2015-03-18]
OPR Extension: (Adblock Plus) - C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-02-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AeLookupSvc; C:\windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation) [File not signed]
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-11-02] (LSI Corporation) [File not signed]
S3 ALG; C:\windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\windows\System32\appidsvc.dll [27648 2015-02-03] (Microsoft Corporation) [File not signed]
S3 Appinfo; C:\windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\windows\System32\Audiosrv.dll [475136 2015-02-03] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\windows\System32\Audiosrv.dll [475136 2015-02-03] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) [File not signed]
R3 BITS; C:\windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) [File not signed]
R3 bthserv; C:\windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\windows\system32\cryptsvc.dll [143872 2015-02-03] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EFS; C:\windows\System32\lsass.exe [22528 2015-04-04] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-12-09] (Macrovision Europe Ltd.) [File not signed]
R2 FontCache; C:\windows\system32\FntCache.dll [909312 2015-04-20] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company)
S3 IEEtwCollectorService; C:\windows\system32\IEEtwCollector.exe [108032 2014-03-01] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\windows\System32\iphlpsvc.dll [499712 2010-11-20] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\windows\system32\lsass.exe [22528 2015-04-04] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
S3 lltdsvc; C:\windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 napagent; C:\windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\windows\system32\lsass.exe [22528 2015-04-04] (Microsoft Corporation) [File not signed]
R3 Netman; C:\windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation) [File not signed]
R2 nsi; C:\windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PcaSvc; C:\windows\System32\pcasvc.dll [157184 2015-02-03] (Microsoft Corporation) [File not signed]
S3 pla; C:\windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\windows\system32\lsass.exe [22528 2015-04-04] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\windows\system32\lsass.exe [22528 2015-04-04] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\windows\System32\spoolsv.exe [317440 2010-11-20] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [1998672 2015-07-01] (Crawler Group)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-29] (IDT, Inc.) [File not signed]
R2 StiSvc; C:\windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TermService; C:\windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\windows\system32\lsass.exe [22528 2015-04-04] (Microsoft Corporation) [File not signed]
S3 vds; C:\windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\windows\System32\webclnt.dll [204800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\windows\system32\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\windows\system32\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\windows\system32\wuaueng.dll [2020864 2015-03-25] (Microsoft Corporation) [File not signed]
R2 wudfsvc; C:\windows\System32\WUDFSvc.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\windows\System32\wwansvc.dll [185856 2009-07-14] (Microsoft Corporation) [File not signed]
S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]
R3 AgereSoftModem; C:\windows\System32\DRIVERS\AGRSM.sys [1163328 2009-11-02] (LSI Corporation) [File not signed]
S3 AmdK8; C:\windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppID; C:\windows\system32\drivers\appid.sys [50176 2015-02-03] (Microsoft Corporation) [File not signed]
R1 archlp; C:\windows\System32\drivers\archlp.sys [127744 2009-02-19] ()
S3 AsyncMac; C:\windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation) [File not signed]
R1 Beep; C:\windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\windows\system32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 bowser; C:\windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.) [File not signed]
R3 BthEnum; C:\windows\system32\drivers\BthEnum.sys [34816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\windows\System32\DRIVERS\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\windows\System32\DRIVERS\bthpan.sys [93696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\windows\System32\Drivers\BTHport.sys [393728 2011-04-28] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\windows\System32\Drivers\BTHUSB.sys [60416 2011-04-28] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\windows\system32\drivers\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\windows\system32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\windows\system32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\windows\system32\drivers\errdev.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 exfat; C:\windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fastfat; C:\windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdc; C:\windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\windows\system32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HpqKbFiltr; C:\windows\System32\DRIVERS\HpqKbFiltr.sys [15872 2009-07-16] (Hewlett-Packard Development Company, L.P.) [File not signed]
R3 HTTP; C:\windows\System32\drivers\HTTP.sys [514560 2015-02-25] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\windows\system32\drivers\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation) [File not signed]
R3 igfx; C:\windows\System32\DRIVERS\igdkmd32.sys [6282240 2010-01-25] (Intel Corporation) [File not signed]
R3 IntcHdmiAddService; C:\windows\System32\drivers\IntcHdmi.sys [122880 2009-07-09] (Intel(R) Corporation) [File not signed]
R3 intelppm; C:\windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 kbdhid; C:\windows\system32\drivers\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R2 luafv; C:\windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Modem; C:\windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
R3 monitor; C:\windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 mpsdrv; C:\windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\windows\system32\drivers\mrxdav.sys [116224 2014-12-19] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\windows\system32\drivers\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Parport; C:\windows\system32\DRIVERS\parport.sys [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\windows\System32\drivers\peauth.sys [593920 2015-02-03] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Processor; C:\windows\system32\DRIVERS\processr.sys [52224 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Psched; C:\windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-14] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Serial; C:\windows\system32\DRIVERS\serial.sys [83456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Smb; C:\windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-01-19] ()
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-12-25] () [File not signed]
R1 sp_rsdrv2; C:\windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R3 srv; C:\windows\System32\DRIVERS\srv.sys [311808 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srv2; C:\windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\windows\System32\DRIVERS\stwrt.sys [423424 2010-01-29] (IDT, Inc.) [File not signed]
R2 tcpipreg; C:\windows\System32\drivers\tcpipreg.sys [35328 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\windows\System32\drivers\tdtcp.sys [24576 2012-02-17] (Microsoft Corporation) [File not signed]
R1 tdx; C:\windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TPM; C:\windows\System32\drivers\tpm.sys [30720 2009-07-14] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\windows\system32\drivers\umbus.sys [39936 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\windows\system32\drivers\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\windows\System32\DRIVERS\USBSTOR.SYS [76288 2010-11-20] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\windows\System32\DRIVERS\usbuhci.sys [24064 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\windows\System32\drivers\WudfPf.sys [92672 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\windows\System32\DRIVERS\WUDFRd.sys [132224 2010-11-20] (Microsoft Corporation) [File not signed]
U3 ahq2r6hh; C:\windows\system32\Drivers\ahq2r6hh.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
R1 MpKsld7c5cd92; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14B13DBA-EFA0-4742-BD4B-38CA01EAC58B}\MpKsld7c5cd92.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 08:16 - 2015-07-09 08:23 - 00056719 _____ C:\Users\HP\Desktop\FRST.txt
2015-07-09 08:16 - 2015-07-09 08:17 - 00000000 ____D C:\FRST
2015-07-09 08:14 - 2015-07-09 08:14 - 00112640 _____ (forum.viry.cz) C:\Users\HP\Desktop\FRSTLauncher.exe
2015-07-09 08:13 - 2015-07-09 08:13 - 01636352 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2015-07-09 08:11 - 2015-07-09 08:11 - 00112107 _____ (forum.viry.cz) C:\Users\HP\Desktop\VerzeOS.exe
2015-07-09 00:14 - 2015-07-09 00:14 - 00002599 _____ C:\Users\HP\Desktop\aswMBR.txt
2015-07-09 00:14 - 2015-07-09 00:14 - 00000512 _____ C:\Users\HP\Desktop\MBR.dat
2015-07-08 18:10 - 2015-07-08 18:11 - 05198336 _____ (AVAST Software) C:\Users\HP\Desktop\aswMBR.exe
2015-06-29 22:05 - 2015-06-29 22:05 - 00003584 _____ C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-13 09:45 - 2015-06-13 09:45 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-10 15:44 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 15:43 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 15:43 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 15:43 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 15:43 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 15:43 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 15:43 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 15:43 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 15:43 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 15:43 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 15:43 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 15:42 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 08:18 - 2009-07-14 06:34 - 00019760 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 08:18 - 2009-07-14 06:34 - 00019760 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 08:16 - 2010-06-29 02:11 - 01478150 _____ C:\windows\WindowsUpdate.log
2015-07-09 08:12 - 2010-12-25 11:03 - 00000000 ____D C:\Users\HP\Desktop\Tatianka
2015-07-09 08:11 - 2010-03-27 04:50 - 00730448 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-09 08:07 - 2011-12-04 13:15 - 00000000 ____D C:\ProgramData\Spyware Terminator
2015-07-09 08:06 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-09 08:06 - 2009-07-14 06:39 - 00241465 _____ C:\windows\setupact.log
2015-07-09 08:01 - 2010-12-08 18:08 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype
2015-07-07 19:31 - 2013-11-22 16:45 - 00000614 ____H C:\windows\Tasks\Norton Product InstallerIdle.job
2015-07-07 17:25 - 2010-12-08 17:47 - 00002358 _____ C:\Users\HP\Desktop\Google Chrome.lnk
2015-07-05 12:11 - 2010-12-08 18:30 - 00246952 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-02 23:05 - 2014-09-30 17:21 - 00000000 ___RD C:\Program Files\Skype
2015-07-02 23:05 - 2010-06-29 02:14 - 00000000 ____D C:\ProgramData\Skype
2015-07-02 22:57 - 2011-12-06 19:17 - 00000000 ____D C:\Program Files\Conduit
2015-07-02 22:55 - 2010-12-08 17:44 - 00000000 ____D C:\Users\HP\AppData\Local\Google
2015-07-01 22:54 - 2011-12-04 13:14 - 00000000 ____D C:\Program Files\Spyware Terminator
2015-07-01 11:30 - 2014-02-03 21:47 - 00193536 ___SH C:\Users\HP\Desktop\Thumbs.db
2015-06-25 11:35 - 2015-02-25 23:50 - 00000000 ____D C:\Program Files\Opera
2015-06-18 19:55 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-13 13:39 - 2014-10-01 19:49 - 00000000 ____D C:\Users\HP\Documents\MATLAB
2015-06-11 16:23 - 2009-07-14 06:33 - 00436584 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-10 23:22 - 2010-03-27 05:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 23:21 - 2013-08-17 17:47 - 00000000 ____D C:\windows\system32\MRT
2015-06-10 22:56 - 2010-12-09 13:21 - 136900096 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-04-29 16:58 - 2012-09-22 14:04 - 0259731 _____ () C:\Users\HP\AppData\Roaming\mdbu.bin
2015-06-29 22:05 - 2015-06-29 22:05 - 0003584 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-04 16:12 - 2015-04-04 16:12 - 0000218 _____ () C:\Users\HP\AppData\Local\recently-used.xbel
2010-12-08 18:03 - 2010-12-08 18:04 - 0000088 __RSH () C:\ProgramData\70BAE259A8.sys
2010-03-27 05:36 - 2015-07-09 08:07 - 0000426 _____ () C:\ProgramData\HPWALog.txt
2010-12-08 18:03 - 2010-12-08 18:04 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvxerrn.dll
C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe
[2015-05-13 17:43] - [2015-04-13 05:19] - 0259072 ____A (Microsoft Corporation) 0780A42DBD7D9969F9BF4A19AA4285B5

C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Norton Product InstallerIdle.job => C:\windows\system32\Adobe\Shockwave 12\SymInstallStub.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\HP\Desktop" je 145129 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Odinstalujte Spyware Terminator - ma uz nejlepsi davno za sbeou a neni schopen celit aktualnim hrozbam

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

posielam vytvorený log

# AdwCleaner v4.207 - Log vytvorený 09/07/2015 at 13:24:26
# Aktualizované 21/06/2015 by Xplode
# Databáza : 2015-07-05.2 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (x86)
# Uživateľské meno : HP - HP-NB
# Spustené z : C:\Users\HP\Desktop\adwcleaner_4.207.exe
# Nastavenia : Čistenie

***** [ Služby ] *****


***** [ Súbory / Priečinky ] *****

Priečinok Zmazané : C:\Program Files\Conduit
Priečinok Zmazané : C:\Program Files\DAEMON Tools Toolbar
Priečinok Zmazané : C:\Program Files\Common Files\DVDVideoSoft\TB
Priečinok Zmazané : C:\Users\HP\AppData\Local\Temp\AskSearch
Priečinok Zmazané : C:\Users\HP\AppData\Local\Temp\CT2737658
Priečinok Zmazané : C:\Users\HP\AppData\Local\Conduit
Priečinok Zmazané : C:\Users\HP\AppData\Local\PackageAware
Priečinok Zmazané : C:\Users\HP\AppData\LocalLow\AskToolbar
Priečinok Zmazané : C:\Users\HP\AppData\LocalLow\Conduit
Priečinok Zmazané : C:\Users\HP\AppData\LocalLow\freeonlineradioplayerrecorder
Priečinok Zmazané : C:\Users\HP\AppData\Roaming\dvdvideosoftiehelpers
Priečinok Zmazané : C:\Users\HP\AppData\Roaming\OpenCandy
[!] Priečinok Zmazané : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Priečinok Zmazané : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\DTToolbar@toolbarnet.com
Priečinok Zmazané : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
Priečinok Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Priečinok Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Priečinok Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
Priečinok Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\paddiapjbnmknhhobfcjnnmhgihnpgne
Priečinok Zmazané : C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
Súbor Zmazané : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Súbor Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihflimipbcaljfnojhhknppphnnciiif_0.localstorage
Súbor Zmazané : C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\npnkeeiehehhefofiekoflfedgehcdhl
Súbor Zmazané : C:\windows\system32\drivers\sp_rsdrv2.sys
Súbor Zmazané : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\searchplugins\Askcom.xml
Súbor Zmazané : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\searchplugins\daemon-search.xml
Súbor Zmazané : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\searchplugins\SweetIm.xml
Súbor Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Súbor Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Súbor Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Súbor Zmazané : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****


***** [ Zástupcovia ] *****


***** [ Registre ] *****

Kľúč registra Zmazané : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Kľúč registra Zmazané : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\S
Kľúč registra Zmazané : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Hodnota Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F999A48B-1950-4D81-9971-79018F807B4B}]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{622CFE39-9E04-4539-BFEE-E724C1DEB723}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Kľúč registra Zmazané : HKCU\Software\Conduit
Kľúč registra Zmazané : HKCU\Software\dt soft\daemon tools toolbar
Kľúč registra Zmazané : HKCU\Software\Headlight
Kľúč registra Zmazané : HKCU\Software\Softonic
Kľúč registra Zmazané : HKCU\Software\SweetIM
Kľúč registra Zmazané : HKCU\Software\Video Player
Kľúč registra Zmazané : HKLM\SOFTWARE\Conduit
Kľúč registra Zmazané : HKLM\SOFTWARE\Driver-Soft
Kľúč registra Zmazané : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Kľúč registra Zmazané : HKLM\SOFTWARE\Freeze.com
Kľúč registra Zmazané : HKLM\SOFTWARE\SweetIM
Kľúč registra Zmazané : HKLM\SOFTWARE\Uniblue
Kľúč registra Zmazané : HKLM\SOFTWARE\W3I
Kľúč registra Zmazané : HKU\.DEFAULT\Software\CToolbar
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.16521

Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v38.0.5 (x86 sk)

[6bxz5xyo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.xpiState", "{\"app-profile\":{\"DTToolbar@toolbarnet.com\":{\"d\":\"C:\\\\Users\\\\HP\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\6bxz5xyo.default\\\\extensions\\\[...]
[6bxz5xyo.default\prefs.js] - Riadok Zmazané : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");

-\\ Google Chrome v


-\\ Opera v30.0.1835.88


*************************

AdwCleaner[R0].txt - [9635 bajtov] - [09/07/2015 13:21:48]
AdwCleaner[S0].txt - [9402 bajtov] - [09/07/2015 13:24:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9462 bajtov] ##########

Poprosim o novy log z FRST

posielam

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by HP (administrator) on HP-NB on 09-07-2015 13:31:54
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.88\opera.exe
(Google) C:\Users\HP\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(forum.viry.cz) C:\Users\HP\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Sticky] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Google+ Auto Backup] => "C:\Users\HP\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\MountPoints2: {5969420a-102a-11e0-8abc-70f39553c15e} - D:\setup.exe
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-06-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk [2011-03-31]
ShortcutTarget: fliptoast.lnk -> C:\Program Files\fliptoast\fliptoast.exe (No File)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2011-04-20]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.sk/
SearchScopes: HKLM -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60446
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-23] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-10] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll [2004-05-13] ()
Toolbar: HKU\.DEFAULT -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.109.102.132 134.109.102.133
Tcpip\..\Interfaces\{400ECA61-F260-490D-A042-864345469256}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{53EF6E12-5BF7-4106-A28B-7D1534351DC2}: [DhcpNameServer] 134.109.102.132 134.109.102.133

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default
FF Homepage: hxxp://www.google.sk/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2013-12-23] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\HP\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @talk.google.com/O1DPlugin -> C:\Users\HP\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3787904305-2975268458-854645899-1002: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdbplug.dll [2011-01-07] (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-05-13] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Users\HP\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\HP\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: YouTube Unblocker - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\youtubeunblocker@unblocker.yt [2015-06-02]
FF Extension: Nepi Jano! - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\jid1-ujYo9WP31heSeQ@jetpack.xpi [2014-11-18]
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-22]
FF Extension: {de7b1bd2-5239-4c66-885e-06b8af0b2a85} - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\6bxz5xyo.default\Extensions\{de7b1bd2-5239-4c66-885e-06b8af0b2a85}.xpi [2015-03-20]

Chrome:
=======
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Puk-Puk) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngkcldnnppckgbmndaccoffaikjbemc [2014-08-18]
CHR Extension: (AdBlock) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]
StartMenuInternet: Google Chrome - C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-02-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-11-02] (LSI Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-12-09] (Macrovision Europe Ltd.) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 archlp; C:\windows\System32\drivers\archlp.sys [127744 2009-02-19] ()
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1763968 2010-01-19] ()
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2010-12-25] () [File not signed]
U3 ab9j0yxf; C:\windows\system32\Drivers\ab9j0yxf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 13:31 - 2015-07-09 13:33 - 00019672 _____ C:\Users\HP\Desktop\FRST.txt
2015-07-09 13:21 - 2015-07-09 13:24 - 00000000 ____D C:\AdwCleaner
2015-07-09 13:19 - 2015-07-09 13:19 - 02244096 _____ C:\Users\HP\Desktop\adwcleaner_4.207.exe
2015-07-09 08:26 - 2015-07-09 08:27 - 00007436 _____ C:\Users\HP\Desktop\Addition.rar
2015-07-09 08:16 - 2015-07-09 13:31 - 00000000 ____D C:\FRST
2015-07-09 08:14 - 2015-07-09 08:14 - 00112640 _____ (forum.viry.cz) C:\Users\HP\Desktop\FRSTLauncher.exe
2015-07-09 08:13 - 2015-07-09 08:13 - 01636352 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2015-07-09 08:11 - 2015-07-09 08:11 - 00112107 _____ (forum.viry.cz) C:\Users\HP\Desktop\VerzeOS.exe
2015-07-09 00:14 - 2015-07-09 00:14 - 00002599 _____ C:\Users\HP\Desktop\aswMBR.txt
2015-07-09 00:14 - 2015-07-09 00:14 - 00000512 _____ C:\Users\HP\Desktop\MBR.dat
2015-07-08 18:10 - 2015-07-08 18:11 - 05198336 _____ (AVAST Software) C:\Users\HP\Desktop\aswMBR.exe
2015-06-29 22:05 - 2015-06-29 22:05 - 00003584 _____ C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-13 09:45 - 2015-06-13 09:45 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-10 15:44 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-10 15:43 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-06-10 15:43 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-06-10 15:43 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-06-10 15:43 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-06-10 15:43 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 15:43 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 15:43 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-06-10 15:43 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-06-10 15:43 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-06-10 15:43 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-06-10 15:43 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-06-10 15:42 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 13:30 - 2010-03-27 04:50 - 00730448 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-09 13:29 - 2010-06-29 02:11 - 01494632 _____ C:\windows\WindowsUpdate.log
2015-07-09 13:27 - 2010-12-08 18:08 - 00000000 ____D C:\Users\HP\AppData\Roaming\Skype
2015-07-09 13:26 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-09 13:26 - 2009-07-14 06:39 - 00241577 _____ C:\windows\setupact.log
2015-07-09 13:25 - 2010-03-27 05:35 - 00038916 _____ C:\windows\PFRO.log
2015-07-09 13:24 - 2009-07-14 06:34 - 00019760 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 13:24 - 2009-07-14 06:34 - 00019760 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 08:12 - 2010-12-25 11:03 - 00000000 ____D C:\Users\HP\Desktop\Tatianka
2015-07-07 19:31 - 2013-11-22 16:45 - 00000614 ____H C:\windows\Tasks\Norton Product InstallerIdle.job
2015-07-07 17:25 - 2010-12-08 17:47 - 00002358 _____ C:\Users\HP\Desktop\Google Chrome.lnk
2015-07-05 12:11 - 2010-12-08 18:30 - 00246952 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-02 23:05 - 2014-09-30 17:21 - 00000000 ___RD C:\Program Files\Skype
2015-07-02 23:05 - 2010-06-29 02:14 - 00000000 ____D C:\ProgramData\Skype
2015-07-02 22:55 - 2010-12-08 17:44 - 00000000 ____D C:\Users\HP\AppData\Local\Google
2015-07-01 11:30 - 2014-02-03 21:47 - 00193536 ___SH C:\Users\HP\Desktop\Thumbs.db
2015-06-25 11:35 - 2015-02-25 23:50 - 00000000 ____D C:\Program Files\Opera
2015-06-18 19:55 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-13 13:39 - 2014-10-01 19:49 - 00000000 ____D C:\Users\HP\Documents\MATLAB
2015-06-11 16:23 - 2009-07-14 06:33 - 00436584 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-10 23:22 - 2010-03-27 05:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 23:21 - 2013-08-17 17:47 - 00000000 ____D C:\windows\system32\MRT
2015-06-10 22:56 - 2010-12-09 13:21 - 136900096 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2011-04-29 16:58 - 2012-09-22 14:04 - 0259731 _____ () C:\Users\HP\AppData\Roaming\mdbu.bin
2015-06-29 22:05 - 2015-06-29 22:05 - 0003584 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-04 16:12 - 2015-04-04 16:12 - 0000218 _____ () C:\Users\HP\AppData\Local\recently-used.xbel
2010-12-08 18:03 - 2010-12-08 18:04 - 0000088 __RSH () C:\ProgramData\70BAE259A8.sys
2010-03-27 05:36 - 2015-07-09 13:26 - 0000176 _____ () C:\ProgramData\HPWALog.txt
2010-12-08 18:03 - 2010-12-08 18:04 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvxerrn.dll
C:\Users\HP\AppData\Local\Temp\Quarantine.exe
C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe
C:\Users\HP\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Norton Product InstallerIdle.job => C:\windows\system32\Adobe\Shockwave 12\SymInstallStub.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\HP\Desktop" je 145132 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
  HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
  HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
  HKLM\...\Run: [Sticky] => [X]
  HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
  HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
  HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
  HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
  HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\MountPoints2: {5969420a-102a-11e0-8abc-70f39553c15e} - D:\setup.exe
  Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk [2011-03-31]
  ShortcutTarget: fliptoast.lnk -> C:\Program Files\fliptoast\fliptoast.exe (No File)
  
  HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
  SearchScopes: HKLM -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\.DEFAULT -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60446
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
  SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
  Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
  
  U3 ab9j0yxf; C:\windows\system32\Drivers\ab9j0yxf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
  
  2015-07-09 13:31 - 2015-07-09 13:33 - 00019672 _____ C:\Users\HP\Desktop\FRST.txt
  2015-07-09 13:21 - 2015-07-09 13:24 - 00000000 ____D C:\AdwCleaner
  2015-07-09 13:19 - 2015-07-09 13:19 - 02244096 _____ C:\Users\HP\Desktop\adwcleaner_4.207.exe
  2015-07-09 08:26 - 2015-07-09 08:27 - 00007436 _____ C:\Users\HP\Desktop\Addition.rar
  2015-07-09 08:11 - 2015-07-09 08:11 - 00112107 _____ (forum.viry.cz) C:\Users\HP\Desktop\VerzeOS.exe
  2015-07-09 00:14 - 2015-07-09 00:14 - 00002599 _____ C:\Users\HP\Desktop\aswMBR.txt
  2015-07-09 00:14 - 2015-07-09 00:14 - 00000512 _____ C:\Users\HP\Desktop\MBR.dat
  2015-07-08 18:10 - 2015-07-08 18:11 - 05198336 _____ (AVAST Software) C:\Users\HP\Desktop\aswMBR.exe
  2015-07-09 08:14 - 2015-07-09 08:14 - 00112640 _____ (forum.viry.cz) C:\Users\HP\Desktop\FRSTLauncher.exe
  2010-12-08 18:03 - 2010-12-08 18:04 - 0000088 __RSH () C:\ProgramData\70BAE259A8.sys
  2010-03-27 05:36 - 2015-07-09 13:26 - 0000176 _____ () C:\ProgramData\HPWALog.txt
  2010-12-08 18:03 - 2010-12-08 18:04 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
  
  Task: {FADA0296-FFD1-4149-848A-DA0887D31178} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File <==== ATTENTION
  Task: {9E29DC83-0547-4701-B401-CE840A2F6C30} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION
  Task: C:\windows\Tasks\Norton Product InstallerIdle.job => C:\windows\system32\Adobe\Shockwave 12\SymInstallStub.exe
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

posielam fixlog

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by HP at 2015-07-09 13:57:41 Run:1
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Sticky] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\...\MountPoints2: {5969420a-102a-11e0-8abc-70f39553c15e} - D:\setup.exe
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk [2011-03-31]
ShortcutTarget: fliptoast.lnk -> C:\Program Files\fliptoast\fliptoast.exe (No File)

HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
SearchScopes: HKLM -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60446
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3787904305-2975268458-854645899-1002 -> {783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

U3 ab9j0yxf; C:\windows\system32\Drivers\ab9j0yxf.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

2015-07-09 13:31 - 2015-07-09 13:33 - 00019672 _____ C:\Users\HP\Desktop\FRST.txt
2015-07-09 13:21 - 2015-07-09 13:24 - 00000000 ____D C:\AdwCleaner
2015-07-09 13:19 - 2015-07-09 13:19 - 02244096 _____ C:\Users\HP\Desktop\adwcleaner_4.207.exe
2015-07-09 08:26 - 2015-07-09 08:27 - 00007436 _____ C:\Users\HP\Desktop\Addition.rar
2015-07-09 08:11 - 2015-07-09 08:11 - 00112107 _____ (forum.viry.cz) C:\Users\HP\Desktop\VerzeOS.exe
2015-07-09 00:14 - 2015-07-09 00:14 - 00002599 _____ C:\Users\HP\Desktop\aswMBR.txt
2015-07-09 00:14 - 2015-07-09 00:14 - 00000512 _____ C:\Users\HP\Desktop\MBR.dat
2015-07-08 18:10 - 2015-07-08 18:11 - 05198336 _____ (AVAST Software) C:\Users\HP\Desktop\aswMBR.exe
2015-07-09 08:14 - 2015-07-09 08:14 - 00112640 _____ (forum.viry.cz) C:\Users\HP\Desktop\FRSTLauncher.exe
2010-12-08 18:03 - 2010-12-08 18:04 - 0000088 __RSH () C:\ProgramData\70BAE259A8.sys
2010-03-27 05:36 - 2015-07-09 13:26 - 0000176 _____ () C:\ProgramData\HPWALog.txt
2010-12-08 18:03 - 2010-12-08 18:04 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys

Task: {FADA0296-FFD1-4149-848A-DA0887D31178} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File <==== ATTENTION
Task: {9E29DC83-0547-4701-B401-CE840A2F6C30} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION
Task: C:\windows\Tasks\Norton Product InstallerIdle.job => C:\windows\system32\Adobe\Shockwave 12\SymInstallStub.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sticky => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully.
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully.
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value removed successfully.
"HKU\S-1-5-21-3787904305-2975268458-854645899-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5969420a-102a-11e0-8abc-70f39553c15e}" => key removed successfully.
HKCR\CLSID\{5969420a-102a-11e0-8abc-70f39553c15e} => key not found.
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk => moved successfully.
C:\Program Files\fliptoast\fliptoast.exe not found.
HKU\S-1-5-21-3787904305-2975268458-854645899-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{783FB0DE-DAD1-42CA-BEEF-3AA2038443F1}" => key removed successfully.
HKCR\CLSID\{783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" => key removed successfully.
HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3787904305-2975268458-854645899-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
"HKU\S-1-5-21-3787904305-2975268458-854645899-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{783FB0DE-DAD1-42CA-BEEF-3AA2038443F1}" => key removed successfully.
HKCR\CLSID\{783FB0DE-DAD1-42CA-BEEF-3AA2038443F1} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value removed successfully.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => key not found.
ab9j0yxf => Service removed successfully.
"C:\Users\HP\Desktop\FRST.txt" => File/Folder not found.
C:\AdwCleaner => moved successfully.
C:\Users\HP\Desktop\adwcleaner_4.207.exe => moved successfully.
C:\Users\HP\Desktop\Addition.rar => moved successfully.
C:\Users\HP\Desktop\VerzeOS.exe => moved successfully.
C:\Users\HP\Desktop\aswMBR.txt => moved successfully.
C:\Users\HP\Desktop\MBR.dat => moved successfully.
C:\Users\HP\Desktop\aswMBR.exe => moved successfully.
C:\Users\HP\Desktop\FRSTLauncher.exe => moved successfully.
C:\ProgramData\70BAE259A8.sys => moved successfully.
C:\ProgramData\HPWALog.txt => moved successfully.
C:\ProgramData\KGyGaAvL.sys => moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FADA0296-FFD1-4149-848A-DA0887D31178} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E29DC83-0547-4701-B401-CE840A2F6C30} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => key removed successfully.
C:\windows\Tasks\Norton Product InstallerIdle.job => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 3.8 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:02:14 ====

Supr, jak se chova nas pacient??

hm, myslím že lepšie, predtým bola aj ventilácia výrazne hlučná, teraz to vyzerá celkom normálne, ale ja sa veľmi nevyznám, bude to už teda v poriadku?

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

ďakujem veľmi pekne za Vašu pomoc, veľmi ste mi pomohli naozaj. Chcem sa ešte spýtať, teraz som odinštalovala Spyware Terminator, čo by ste namiesto neho odporučili? Najlepšie niečo free.

Doporucil bych jeste odinstalovat Microsoft Security Client - nepatri mezi kvalitni antiviry

A na zabezpeci pouzivat jen Avast Free https://www.avast.com/cs-cz/index ktery zabezpeci PC spolehlive a dostatecne