VIRY.CZ

Dobrý večer, blúdením internetom som omylom stiahol nesprávny exe súbor, otvoril ho a neželané súbory vykonali inštalácie...Prosím Vás o pomoc, nepoznám tieto súbory a nechcem ich mať v počítači, spúšťajú sa samé a neustále majú potrebu niečo inštalovať + počítač je spomalený // prestal mi fungovať Google Chrome, mám nainštalovaný nejaký Opera toolbar a mám akési problémy s pripojením
Neviem priložiť log z FRST pretože pri spustení Launcheru mi je zobrazené upozornenie, že mou stiahnutý FRST64.exe sa nenachádza na ploche
Takže prikladám log z RSIT

Tu prikladám screenshoty
http://tinypic.com/r/2ujnthh/9

http://tinypic.com/r/2wnsjdi/9 (a iné)

RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by D.B.I at 2015-12-06 16:27:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 169 GB (55%) free of 305 GB
Total RAM: 5735 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:27:06, on 06/12/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SystemHealer\HealerConsole.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
C:\Users\D.B.I\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
C:\Users\DB0E23~1.I\AppData\Local\Temp\nsvF47F.tmp
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\mbot_gb_014010168\mbot_gb_014010168.exe
C:\Program Files (x86)\Note-up\Note-up.exe
C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebApp.exe
C:\Program Files (x86)\rec_en_77\rec_en_77.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168\upgmsd_gb_005010168.exe
C:\Program Files (x86)\gmsd_gb_005010168\gmsd_gb_005010168.exe
C:\Users\DB0E23~1.I\AppData\Local\Temp\nseBE06.tmp
C:\Program Files\trend micro\D.B.I.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www-searching.com/?pid=s&s=FC6zf ... ch&prd=set
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Kensington TrackballWorks Helper] C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mbot_gb_014010168] "C:\Program Files (x86)\mbot_gb_014010168\mbot_gb_014010168.exe"
O4 - HKLM\..\Run: [Note-up] C:\Program Files (x86)\Note-up\note-up.exe /watch
O4 - HKLM\..\Run: [SmartWeb] C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe
O4 - HKLM\..\Run: [gmsd_gb_005010168] "C:\Program Files (x86)\gmsd_gb_005010168\gmsd_gb_005010168.exe"
O4 - HKLM\..\Run: [rec_en_77] "C:\Program Files (x86)\rec_en_77\rec_en_77.exe"
O4 - HKLM\..\RunOnce: [upgmsd_gb_005010168.exe] C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168\upgmsd_gb_005010168.exe -runonce
O4 - HKLM\..\RunOnce: [upmbot_gb_014010168.exe] C:\Users\D.B.I\AppData\Local\mbot_gb_014010168\upmbot_gb_014010168.exe -runonce
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
O4 - HKCU\..\Run: [Viber] "C:\Users\D.B.I\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [Kensington TrackballWorks] "C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\D.B.I\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\D.B.I\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SearchModule] C:\Users\D.B.I\AppData\Local\SearchModule\dblaunch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk = ?
O4 - Startup: SmartWeb.lnk = D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\acengine.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
O23 - Service: acengine - Abengine - C:\Program Files (x86)\Fast-Search\acengine.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Normal Blind Carbon Copy (hidekoqe) - Unknown owner - C:\Users\D.B.I\AppData\Local\B24876A0-1449419025-11E0-9F18-E89A8FA3B59C\qnsyCA62.tmp
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) - Unknown owner - C:\Users\D.B.I\AppData\Roaming\NetService\netservice.exe
O23 - Service: Add Telephone Line (nyneryxo) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Free Up Joystick (roqenufe) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: The Calendar Service (TheCalendarService) - Unknown owner - C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Inkjet Printer Log Onto (vykevuty) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WIFIGXENDHCPSER - Unknown owner - C:\Program Files (x86)\MyWIFIRouter\bmser.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Bus Topology Loudspeaker (woforemu) - Unknown owner - C:\Users\D.B.I\AppData\Local\B24876A0-1449419241-11E0-9F18-E89A8FA3B59C\snsf35F.tmp

--
End of file - 19023 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2e8
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\system32\WLANExt.exe 30538000
\??\C:\Windows\system32\conhost.exe "-4753580391942756267-329752472-1874646340-95023125460165433975171249-1700063917
C:\Windows\System32\spoolsv.exe
taskeng.exe {AFF27E25-81E0-42B2-8122-18B73A457A4A}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
taskeng.exe {25B6F5FE-708C-41A3-8E69-41096422AA3E}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Users\D.B.I\AppData\Roaming\NetService\netservice.exe -start
"C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\hnstCF34.tmp"
C:\Windows\system32\rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\xqajjr.dll",#1
C:\Windows\SysWOW64\svchost.exe -k ORBTR
C:\PROGRA~2\FAST-S~1\gte3014.exe
"C:\Program Files (x86)\SystemHealer\HealerConsole.exe"
"C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\jnstB156.tmp"
"C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe"
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe"
"C:\Program Files (x86)\CalendarTool\2.0.0.11061\Calendar.exe" from_service
"C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\knse92C9.tmpfs"
"C:\Program Files (x86)\MyWIFIRouter\bmser.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Users\D.B.I\AppData\Local\B24876A0-1449419241-11E0-9F18-E89A8FA3B59C\snsf35F.tmp
WLIDSvcM.exe 2412
"C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe"
"C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
C:\Windows\system32\rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\xqajjr.dll",#1
"C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe"
C:\PROGRA~2\SEARCH~1\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SEARCH~1\UI\bin\cltmngui.exe
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\Fast-Search\acengine.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\system32\GWX\GWX.exe"
taskeng.exe {91EE9754-F30A-4320-BABC-D2CE21D8A239}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\PROGRA~2\FAST-S~1\uninstall.exe" /S _?=C:\PROGRA~2\FAST-S~1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe"
"C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Program Files\Toshiba\Power Saver\TPwrMain.exe"
"C:\Program Files\Toshiba\FlashCards\TCrdMain.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Toshiba\TECO\Teco.exe" /r
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Windows\System32\ico.exe"
"C:\Windows\System32\xManager\PELKBD.EXE"
FSRremoS.EXE
"C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" /STAR
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Users\D.B.I\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe"
C:\Users\DB0E23~1.I\AppData\Local\Temp\nsvF47F.tmp /idn
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe"
Pelmiced.exe
"C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe"
taskmgr.exe /3
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Windows\system32\RunDll32.exe" "C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1CL435Z205PJ;CONNECTION=USB;MONITOR=1;
"C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe"
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\mbot_gb_014010168\mbot_gb_014010168.exe"
"C:\Program Files (x86)\Note-up\Note-up.exe" /watch
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
SmartWebApp.exe
"C:\Program Files (x86)\rec_en_77\rec_en_77.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\\TosA2dp.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\\TosBtHid.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\\TosBtHsp.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe"
TosBtBty.exe
"C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe"
"C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe" --ran-launcher
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
"c:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe" --type=gpu-process --channel="2672.0.152209930\544722931" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,26,51 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9806 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.863.0.0 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --ignored=" --type=renderer " /prefetch:822062411
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="2672.2.544762658\992639326" /prefetch:673131151
"C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="2672.3.1170474454\934425828" /prefetch:673131151
"C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=en-US --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="2672.4.267758145\1209038921" /prefetch:673131151
"C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=en-US --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="2672.6.247320902\2040003976" /prefetch:673131151
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
"C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=en-US --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="2672.8.223726702\536591669" /prefetch:673131151
C:\Users\D.B.I\AppData\Local\B24876A0-1449419025-11E0-9F18-E89A8FA3B59C\qnsyCA62.tmp
"C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168\upgmsd_gb_005010168.exe" -runhelper
"C:\Program Files (x86)\gmsd_gb_005010168\gmsd_gb_005010168.exe"
C:\Users\DB0E23~1.I\AppData\Local\Temp\nseBE06.tmp
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\D.B.I\Downloads\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\System HealerPeriod.job - C:\Program Files (x86)\SystemHealer\SystemHealer.exe -scan
C:\Windows\tasks\System HealerStartUp.job - C:\Program Files (x86)\SystemHealer\SystemHealer.exe -scan

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04 551848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04 212904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-03-03 597928]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-12-14 38304]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-03-02 566696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824]
"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-12-15 973176]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592]
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2010-12-08 1519016]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-12-08 710040]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-07-01 712096]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2011-08-03 150992]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2014-02-24 5581888]
"Mouse Suite 98 Daemon"=C:\Windows\system32\ICO.EXE [2007-09-17 92160]
"Keyboard Suite Daemon"=C:\Windows\system32\xManager\PELKBD.EXE [2008-04-10 526848]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"SpaceSoundPro"=C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [2015-08-03 4203520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [2011-05-16 846936]
"Viber"=C:\Users\D.B.I\AppData\Local\Viber\Viber.exe [2015-11-09 51657424]
"Kensington TrackballWorks"=C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [2012-02-20 504320]
"AdobeBridge"= []
"Spotify"=C:\Users\D.B.I\AppData\Roaming\Spotify\Spotify.exe [2015-11-18 8281920]
"Spotify Web Helper"=C:\Users\D.B.I\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-11-18 2344768]
"SearchModule"=C:\Users\D.B.I\AppData\Local\SearchModule\dblaunch.exe [2015-11-11 239104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"=c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-29 1409424]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2014-12-03 40336]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-06-28 336384]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START []
"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2010-11-29 1294712]
"Kensington TrackballWorks Helper"=C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [2012-02-20 504320]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"mbot_gb_014010168"=C:\Program Files (x86)\mbot_gb_014010168\mbot_gb_014010168.exe [2015-12-06 3975344]
"Note-up"=C:\Program Files (x86)\Note-up\note-up.exe [2015-10-09 6772736]
"SmartWeb"=C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17 270368]
"gmsd_gb_005010168"=C:\Program Files (x86)\gmsd_gb_005010168\gmsd_gb_005010168.exe [2015-12-06 3977392]
"rec_en_77"=C:\Program Files (x86)\rec_en_77\rec_en_77.exe [2015-12-06 3976920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"upgmsd_gb_005010168.exe"=C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168\upgmsd_gb_005010168.exe [2015-12-06 3278000]
"upmbot_gb_014010168.exe"=C:\Users\D.B.I\AppData\Local\mbot_gb_014010168\upmbot_gb_014010168.exe [2015-12-06 3277488]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk - C:\Windows\system32\RunDll32.exe
SmartWeb.lnk - C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acengine]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux4"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-12-06 16:43:08 ----D---- C:\Program Files (x86)\CalendarTool
2015-12-06 16:43:07 ----D---- C:\Program Files (x86)\rec_en_77
2015-12-06 16:43:04 ----D---- C:\Users\D.B.I\AppData\Roaming\CalendarTool
2015-12-06 16:40:09 ----D---- C:\Program Files (x86)\gmsd_gb_005010168
2015-12-06 16:38:13 ----D---- C:\Program Files (x86)\SearchProtect
2015-12-06 16:37:58 ----D---- C:\Program Files (x86)\ORBTR
2015-12-06 16:37:45 ----D---- C:\Users\D.B.I\AppData\Roaming\RunDir
2015-12-06 16:37:45 ----D---- C:\Users\D.B.I\AppData\Roaming\NetService
2015-12-06 16:37:42 ----D---- C:\Program Files (x86)\jogotempo
2015-12-06 16:37:31 ----D---- C:\Program Files\SpaceSoundPro
2015-12-06 16:37:30 ----D---- C:\Program Files (x86)\SpaceSondPro_v53.10293
2015-12-06 16:37:30 ----D---- C:\Program Files (x86)\SpaceSondPro
2015-12-06 16:36:38 ----D---- C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-06 16:27:02 ----D---- C:\rsit
2015-12-06 16:26:06 ----D---- C:\Users\D.B.I\AppData\Roaming\shortCutStore
2015-12-06 16:26:00 ----A---- C:\Windows\SYSWOW64\acengineOff.ini
2015-12-06 16:26:00 ----A---- C:\Windows\system32\acengineOff.ini
2015-12-06 16:25:44 ----A---- C:\Windows\SYSWOW64\acengine.dll
2015-12-06 16:25:39 ----A---- C:\Windows\system32\acengine64.dll
2015-12-06 16:25:27 ----D---- C:\Program Files (x86)\Fast-Search
2015-12-06 16:24:38 ----D---- C:\Users\D.B.I\AppData\Roaming\Note-UP
2015-12-06 16:24:36 ----D---- C:\Program Files (x86)\Note-up
2015-12-06 16:24:15 ----D---- C:\Users\D.B.I\AppData\Roaming\NUIns
2015-12-06 16:24:15 ----D---- C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C
2015-12-06 16:22:18 ----D---- C:\Program Files (x86)\mbot_gb_014010168
2015-12-06 15:43:40 ----D---- C:\ProgramData\aa3fdb8a-37a1-0
2015-12-06 15:43:36 ----D---- C:\ProgramData\aa3fdb8a-1135-1
2015-11-16 00:39:58 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-11-16 00:39:58 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-11-16 00:39:58 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-11-16 00:39:58 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-11-16 00:39:57 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-11-16 00:39:57 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-11-16 00:39:57 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-11-16 00:39:57 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-11-16 00:39:57 ----A---- C:\Windows\system32\iernonce.dll
2015-11-16 00:39:57 ----A---- C:\Windows\system32\ie4uinit.exe
2015-11-16 00:39:56 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-11-16 00:39:56 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-11-16 00:39:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-11-16 00:39:56 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-11-16 00:39:56 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-11-16 00:39:56 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-16 00:39:53 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-11-16 00:39:53 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-11-16 00:39:53 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-11-16 00:39:53 ----A---- C:\Windows\system32\urlmon.dll
2015-11-16 00:39:53 ----A---- C:\Windows\system32\occache.dll
2015-11-16 00:39:53 ----A---- C:\Windows\system32\iedkcs32.dll
2015-11-16 00:39:52 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-11-16 00:39:52 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-11-16 00:39:51 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-11-16 00:39:51 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-11-16 00:39:51 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-11-16 00:39:51 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-16 00:39:50 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-11-16 00:39:50 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-11-16 00:39:50 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-11-16 00:39:50 ----A---- C:\Windows\system32\msfeeds.dll
2015-11-16 00:39:50 ----A---- C:\Windows\system32\dxtrans.dll
2015-11-16 00:39:49 ----A---- C:\Windows\system32\iesetup.dll
2015-11-16 00:39:49 ----A---- C:\Windows\system32\ieapfltr.dll
2015-11-16 00:39:47 ----A---- C:\Windows\system32\iertutil.dll
2015-11-16 00:39:46 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-11-16 00:39:46 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-11-16 00:39:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-11-16 00:39:46 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-11-16 00:39:46 ----A---- C:\Windows\system32\vbscript.dll
2015-11-16 00:39:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-11-16 00:39:45 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-11-16 00:39:45 ----A---- C:\Windows\system32\jsproxy.dll
2015-11-16 00:39:44 ----A---- C:\Windows\system32\ieui.dll
2015-11-16 00:39:44 ----A---- C:\Windows\system32\ieframe.dll
2015-11-16 00:39:44 ----A---- C:\Windows\system32\dxtmsft.dll
2015-11-16 00:39:43 ----A---- C:\Windows\system32\mshtmled.dll
2015-11-16 00:39:42 ----A---- C:\Windows\system32\webcheck.dll
2015-11-16 00:39:42 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-11-16 00:39:42 ----A---- C:\Windows\system32\ieUnatt.exe
2015-11-16 00:39:41 ----A---- C:\Windows\system32\jscript9diag.dll
2015-11-16 00:39:41 ----A---- C:\Windows\system32\jscript9.dll
2015-11-16 00:39:41 ----A---- C:\Windows\system32\jscript.dll
2015-11-16 00:39:40 ----A---- C:\Windows\system32\wininet.dll
2015-11-16 00:39:39 ----A---- C:\Windows\system32\msrating.dll
2015-11-16 00:39:39 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-11-16 00:39:38 ----A---- C:\Windows\system32\mshtml.dll
2015-11-16 00:18:44 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-16 00:18:42 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-16 00:18:42 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-16 00:18:42 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-16 00:18:42 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-16 00:18:42 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wups2.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wups.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wudriver.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wucltux.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wuapp.exe
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wuapi.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-16 00:18:42 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-16 00:18:34 ----A---- C:\Windows\system32\win32k.sys
2015-11-16 00:17:53 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-16 00:17:51 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-16 00:17:51 ----A---- C:\Windows\system32\schannel.dll
2015-11-16 00:17:51 ----A---- C:\Windows\system32\kerberos.dll
2015-11-16 00:17:50 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-16 00:17:50 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-16 00:17:50 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-16 00:17:50 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-16 00:17:50 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-16 00:17:50 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-16 00:17:48 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-16 00:17:47 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-16 00:17:46 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-16 00:17:46 ----A---- C:\Windows\system32\ntdll.dll
2015-11-16 00:17:46 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-16 00:17:46 ----A---- C:\Windows\system32\kernel32.dll
2015-11-16 00:17:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-16 00:17:46 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-16 00:17:45 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-16 00:17:44 ----A---- C:\Windows\system32\wow64.dll
2015-11-16 00:17:43 ----A---- C:\Windows\system32\srcore.dll
2015-11-16 00:17:43 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-16 00:17:43 ----A---- C:\Windows\system32\conhost.exe
2015-11-16 00:17:42 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-16 00:17:42 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-16 00:17:42 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-16 00:17:42 ----A---- C:\Windows\system32\winsrv.dll
2015-11-16 00:17:42 ----A---- C:\Windows\system32\wdigest.dll
2015-11-16 00:17:42 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-16 00:17:42 ----A---- C:\Windows\system32\sspicli.dll
2015-11-16 00:17:42 ----A---- C:\Windows\system32\smss.exe
2015-11-16 00:17:42 ----A---- C:\Windows\system32\rstrui.exe
2015-11-16 00:17:42 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-16 00:17:41 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-16 00:17:41 ----A---- C:\Windows\system32\wow64win.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\srclient.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\secur32.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\lsass.exe
2015-11-16 00:17:41 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-16 00:17:41 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-16 00:17:41 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-16 00:17:41 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\credssp.dll
2015-11-16 00:17:41 ----A---- C:\Windows\system32\auditpol.exe
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 00:17:40 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 00:17:40 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-16 00:17:40 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 00:17:39 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-16 00:17:39 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-16 00:17:39 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-16 00:17:39 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-16 00:17:38 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-16 00:17:38 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-16 00:17:38 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-16 00:17:38 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-16 00:17:38 ----A---- C:\Windows\system32\msobjs.dll
2015-11-16 00:17:38 ----A---- C:\Windows\system32\msaudite.dll
2015-11-16 00:17:38 ----A---- C:\Windows\system32\adtschema.dll
2015-11-16 00:15:05 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-16 00:15:05 ----A---- C:\Windows\system32\InkEd.dll
2015-11-16 00:15:04 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-16 00:14:03 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-16 00:14:03 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-16 00:14:03 ----A---- C:\Windows\system32\shimeng.dll
2015-11-16 00:14:03 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-16 00:14:03 ----A---- C:\Windows\system32\apphelp.dll
2015-11-16 00:14:03 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-16 00:14:02 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-15 06:14:57 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-15 06:14:57 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-15 05:55:35 ----A---- C:\Windows\system32\drivers\ndis.sys

======List of files/folders modified in the last 1 month======

2015-12-06 16:39:09 ----D---- C:\Windows\AppPatch
2015-12-06 16:37:31 ----RD---- C:\Program Files
2015-12-06 16:36:21 ----SHD---- C:\Windows\Installer
2015-12-06 16:36:21 ----SHD---- C:\Config.Msi
2015-12-06 16:27:04 ----D---- C:\Program Files\trend micro
2015-12-06 16:27:03 ----D---- C:\Windows\Temp
2015-12-06 16:25:25 ----D---- C:\Users\D.B.I\AppData\Roaming\Spotify
2015-12-06 16:25:06 ----D---- C:\Windows\system32\drivers\etc
2015-12-06 16:23:03 ----D---- C:\Windows\System32
2015-12-06 16:23:02 ----D---- C:\Windows\inf
2015-12-06 16:23:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-06 16:20:06 ----D---- C:\Users\D.B.I\AppData\Roaming\ViberPC
2015-12-06 16:16:55 ----D---- C:\Windows\SysWOW64
2015-12-06 16:16:15 ----D---- C:\Windows\system32\config
2015-12-06 16:16:10 ----D---- C:\Windows\system32\drivers
2015-12-06 16:15:28 ----HD---- C:\ProgramData
2015-12-06 16:14:51 ----D---- C:\Windows\system32\catroot2
2015-12-06 15:59:51 ----D---- C:\Program Files (x86)\Opera
2015-12-06 15:59:42 ----D---- C:\Windows\system32\Tasks
2015-12-06 15:50:00 ----D---- C:\Users\D.B.I\AppData\Roaming\BitTorrent
2015-12-06 15:48:01 ----D---- C:\Users\D.B.I\AppData\Roaming\System Healer
2015-12-06 15:43:48 ----D---- C:\Program Files (x86)\SystemHealer
2015-12-06 15:43:46 ----D---- C:\Windows\Tasks
2015-12-05 15:35:34 ----D---- C:\Users\D.B.I\AppData\Roaming\vlc
2015-12-01 18:40:36 ----SHD---- C:\System Volume Information
2015-11-30 19:01:12 ----D---- C:\Windows\Prefetch
2015-11-20 02:03:27 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-11-18 17:02:28 ----D---- C:\Windows\rescache
2015-11-17 17:43:11 ----D---- C:\Windows\Microsoft.NET
2015-11-17 15:11:39 ----RSD---- C:\Windows\assembly
2015-11-17 03:20:13 ----HD---- C:\$WINDOWS.~BT
2015-11-17 03:12:43 ----D---- C:\Windows\Panther
2015-11-17 00:59:51 ----D---- C:\Windows\winsxs
2015-11-17 00:56:26 ----D---- C:\Windows\SYSWOW64\en-US
2015-11-17 00:56:26 ----D---- C:\Windows\system32\en-US
2015-11-17 00:56:25 ----D---- C:\Program Files\Internet Explorer
2015-11-17 00:56:16 ----D---- C:\Program Files (x86)\Internet Explorer
2015-11-16 21:32:06 ----D---- C:\ProgramData\Microsoft Help
2015-11-16 21:10:14 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-16 03:03:18 ----D---- C:\Program Files\Windows Journal
2015-11-15 23:57:42 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-09-17 239320]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2010-11-29 82224]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-09-17 157432]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-06-28 9371136]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-06-28 309760]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2010-12-17 2675712]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\Windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-01-27 1577088]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
R3 QIOMem;Generic IO & Memory Access; C:\Windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
R3 SPPD;SPPD; \??\C:\Windows\system32\drivers\SPPD.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 toshidpt;Bluetooth HID Port; C:\Windows\system32\drivers\Toshidpt.sys [2009-06-19 9608]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 54664]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2011-05-10 292024]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2010-08-30 94528]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2014-06-16 38080]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-06-16 110336]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver; C:\Windows\system32\DRIVERS\ffusb2audio.sys [2014-03-17 127280]
S3 RDID1121;RC-300; C:\Windows\system32\Drivers\rdwm1121.sys [2011-02-06 199552]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2014-06-16 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2014-06-16 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2014-06-16 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2014-06-16 158024]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-06-16 206080]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-06-16 206080]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2010-11-11 50864]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2010-04-26 63488]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acengine;acengine; C:\Program Files (x86)\Fast-Search\acengine.exe [2015-11-19 2436152]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-06-28 204288]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 CltMngSvc;Search Protect Service; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2015-12-02 3241744]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2014-02-24 1343408]
R2 hidekoqe;Normal Blind Carbon Copy; C:\Users\D.B.I\AppData\Local\B24876A0-1449419025-11E0-9F18-E89A8FA3B59C\qnsyCA62.tmp [2015-10-13 142336]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R2 NetTcpHandler;Net.Tcp Service Handler; C:\Users\D.B.I\AppData\Roaming\NetService\netservice.exe [2015-07-09 173088]
R2 nyneryxo;Add Telephone Line; C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\hnstCF34.tmp [2015-12-06 134656]
R2 Orbiter;Orbiter; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 roqenufe;Free Up Joystick; C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\jnstB156.tmp [2015-12-06 307200]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-06-16 741640]
R2 TheCalendarService;The Calendar Service; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [2015-11-23 151688]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2010-12-09 489384]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
R2 vykevuty;Inkjet Printer Log Onto; C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\knse92C9.tmpfs [2015-12-04 239616]
R2 WIFIGXENDHCPSER;WIFIGXENDHCPSER; C:\Program Files (x86)\MyWIFIRouter\bmser.exe [2013-12-12 1656416]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-20 269512]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-13 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-10-30 114688]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-05-03 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Krasny den Vam preju


Az budete delat log z FRST, spustte jen samotny FRST64.exe (bez FRSTLauncheru).

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Môj deň bol krásny kým mi prácu neznemožnila táto háveď :/ , aj Vám pekný večer

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by D.B.I (administrator) on DBI-TOSH (06-12-2015 17:19:34)
Running from C:\Users\D.B.I\Downloads\Desktop
Loaded Profiles: D.B.I (Available Profiles: D.B.I)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Users\D.B.I\AppData\Roaming\NetService\netservice.exe
() C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\hnstCF34.tmp
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Fast-Search\gte3014.exe
() C:\Program Files (x86)\SystemHealer\HealerConsole.exe
() C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\jnstB156.tmp
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
() C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\knse92C9.tmpfs
() C:\Program Files (x86)\MyWIFIRouter\bmser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\D.B.I\AppData\Local\B24876A0-1449419241-11E0-9F18-E89A8FA3B59C\snsf35F.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Abengine) C:\Program Files (x86)\Fast-Search\acengine.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Woden Hyacinth) C:\Program Files (x86)\Fast-Search\uninstall.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(PRIMAX) C:\Windows\System32\xManager\PELKBD.EXE
() C:\Windows\System32\FSRremoS.EXE
(Space Sound Pro) C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\D.B.I\AppData\Local\Viber\Viber.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
() C:\Users\DB0E23~1.I\AppData\Local\Temp\nsvF47F.tmp
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Primax Electronics Ltd.) C:\Windows\System32\PELMICED.EXE
(Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SoftBrain Technologies Ltd.) C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\mbot_gb_014010168\mbot_gb_014010168.exe
(TODO: <Company name>) C:\Program Files (x86)\Note-up\Note-up.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftBrain Technologies Ltd.) C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebApp.exe
() C:\Program Files (x86)\rec_en_77\rec_en_77.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
() C:\Users\DB0E23~1.I\AppData\Local\Temp\nseBE06.tmp
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe
() C:\Program Files\shopperz061220151824\Awermas.exe
() C:\Program Files\shopperz061220151824\Hokjaj.exe
() C:\Program Files\shopperz061220151824\Hokjaj64.exe
() C:\Program Files\shopperz061220151824\csrcc.exe
() C:\Program Files\shopperz061220151824\Michil.exe
() C:\Program Files\shopperz061220151824\Ykupnakla.EXE
() C:\Users\D.B.I\AppData\Local\B24876A0-1449420506-11E0-9F18-E89A8FA3B59C\qnsm6182.tmp
() C:\Program Files\shopperz061220151824\ToliroNuer.exe
() C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
(Goobzo) C:\Program Files (x86)\YTDownloader\BrowserHelper.exe
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
() C:\Users\DB0E23~1.I\AppData\Local\Temp\nss597A.tmp
() C:\Users\DB0E23~1.I\AppData\Local\Temp\nsc8CEB.tmp
() C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168\upgmsd_gb_005010168.exe
() C:\Program Files (x86)\gmsd_gb_005010168\gmsd_gb_005010168.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\Windows\system32\ICO.EXE [92160 2007-09-17] (Primax Electronics Ltd.)
HKLM\...\Run: [Keyboard Suite Daemon] => C:\Windows\system32\xManager\PELKBD.EXE [526848 2008-04-10] (PRIMAX)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mbot_gb_014010168] => C:\Program Files (x86)\mbot_gb_014010168\mbot_gb_014010168.exe [3975344 2015-12-06] ()
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_gb_005010168] => C:\Program Files (x86)\gmsd_gb_005010168\gmsd_gb_005010168.exe [3977392 2015-12-06] ()
HKLM-x32\...\Run: [rec_en_77] => C:\Program Files (x86)\rec_en_77\rec_en_77.exe [3976920 2015-12-06] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader)
HKLM-x32\...\RunOnce: [upgmsd_gb_005010168.exe] => C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168\upgmsd_gb_005010168.exe [3278000 2015-12-06] ()
HKLM-x32\...\RunOnce: [upmbot_gb_014010168.exe] => C:\Users\D.B.I\AppData\Local\mbot_gb_014010168\upmbot_gb_014010168.exe [3277488 2015-12-06] ()
HKLM-x32\...\RunOnce: [cmdrun] => cmd.exe /C ipconfig /flushdns
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Viber] => C:\Users\D.B.I\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Spotify] => C:\Users\D.B.I\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-18] (Spotify Ltd)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Spotify Web Helper] => C:\Users\D.B.I\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-18] (Spotify Ltd)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [SearchModule] => C:\Users\D.B.I\AppData\Local\SearchModule\dblaunch.exe [239104 2015-11-11] ()
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\MountPoints2: E - E:\setup.exe /VERYSILENT
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-12-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-12-02] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-10-24]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk [2011-08-03]
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2015-12-06]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-06]
ShortcutTarget: SmartWeb.lnk -> C:\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-04-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-04-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\Ykupnakla.dll [289120 2015-12-06] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Ykupnakla.dll [289120 2015-12-06] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Ykupnakla.dll [289120 2015-12-06] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Ykupnakla.dll [289120 2015-12-06] ()
Winsock: Catalog9 05 C:\Windows\SysWOW64\acengine.dll [260752 2015-11-07] (Abengine)
Winsock: Catalog9 06 C:\Windows\SysWOW64\acengine.dll [260752 2015-11-07] (Abengine)
Winsock: Catalog9 07 C:\Windows\SysWOW64\acengine.dll [260752 2015-11-07] (Abengine)
Winsock: Catalog9 08 C:\Windows\SysWOW64\acengine.dll [260752 2015-11-07] (Abengine)
Winsock: Catalog9 20 C:\Windows\SysWOW64\acengine.dll [260752 2015-11-07] (Abengine)
Winsock: Catalog9 21 C:\Windows\SysWOW64\Ykupnakla.dll [289120 2015-12-06] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Ykupnakla64.dll [375136 2015-12-06] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Ykupnakla64.dll [375136 2015-12-06] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Ykupnakla64.dll [375136 2015-12-06] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Ykupnakla64.dll [375136 2015-12-06] ()
Winsock: Catalog9-x64 05 C:\Windows\system32\acengine64.dll [308144 2015-11-07] (Abengine)
Winsock: Catalog9-x64 06 C:\Windows\system32\acengine64.dll [308144 2015-11-07] (Abengine)
Winsock: Catalog9-x64 07 C:\Windows\system32\acengine64.dll [308144 2015-11-07] (Abengine)
Winsock: Catalog9-x64 08 C:\Windows\system32\acengine64.dll [308144 2015-11-07] (Abengine)
Winsock: Catalog9-x64 20 C:\Windows\system32\acengine64.dll [308144 2015-11-07] (Abengine)
Winsock: Catalog9-x64 21 C:\Windows\system32\Ykupnakla64.dll [375136 2015-12-06] ()
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0F881DA4-8E37-4BA7-BA0C-CCD8FAB26E37}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{0F881DA4-8E37-4BA7-BA0C-CCD8FAB26E37}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A5D75751-25F5-4D7C-89EF-3CB17938BCD9}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D8CDBF04-423E-45AE-940C-BDD4DC19329C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2533499994-360040-1962647933-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88&vp=ch&prd=set
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2533499994-360040-1962647933-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3 ... 41TB_sp_ie
SearchScopes: HKU\S-1-5-21-2533499994-360040-1962647933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&r ... {startPage}
SearchScopes: HKU\S-1-5-21-2533499994-360040-1962647933-1000 -> {7C55C822-DF0B-4BB9-8968-41DF289B8885} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2533499994-360040-1962647933-1000 -> {863F9DBE-EE0D-47C9-A514-319CA58FACD2} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: shopperz061220151824 -> {98EF07AE-BE7B-4E61-81C1-77FD5195973B} -> C:\Program Files\shopperz061220151824\Tojjiar64.dll [2015-12-06] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: shopperz061220151824 -> {98EF07AE-BE7B-4E61-81C1-77FD5195973B} -> C:\Program Files\shopperz061220151824\Tojjiar.dll [2015-12-06] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2533499994-360040-1962647933-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\D.B.I\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{98EF07AE-BE7B-4E61-81C1-77FD5195973B}] - C:\Program Files\shopperz061220151824\Firefox\{98EF07AE-BE7B-4E61-81C1-77FD5195973B}.xpi
FF Extension: shopperz061220151824 - C:\Program Files\shopperz061220151824\Firefox\{98EF07AE-BE7B-4E61-81C1-77FD5195973B}.xpi [2015-12-06] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-06-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{98EF07AE-BE7B-4E61-81C1-77FD5195973B}] - C:\Program Files\shopperz061220151824\Firefox\{98EF07AE-BE7B-4E61-81C1-77FD5195973B}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88&vp=ch&prd=set
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88&vp=ch&prd=set"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR Extension: (Extutil) - C:\Users\DB0E23~1.I\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-12-06]
CHR Extension: (Managera) - C:\Users\DB0E23~1.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-12-06]
CHR Extension: (Image Food) - C:\Users\D.B.I\AppData\Local\Image Food\Component [2015-12-06]
CHR HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\D.B.I\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-12-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acengine; C:\Program Files (x86)\Fast-Search\acengine.exe [2436152 2015-11-19] (Abengine) [File not signed]
R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-10-22] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3241744 2015-12-02] (Client Connect LTD)
R3 csrcc; C:\Program Files\shopperz061220151824\csrcc.exe [1515872 2015-12-06] ()
R3 DD8F7683-4910-4793-820A-07D019A935F2; C:\Program Files\shopperz061220151824\Awermas.exe [252256 2015-12-06] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 FeilcOxaf; C:\Program Files\shopperz061220151824\ToliroNuer.exe [178528 2015-12-06] ()
R2 hidekoqe; C:\Users\D.B.I\AppData\Local\B24876A0-1449420506-11E0-9F18-E89A8FA3B59C\qnsm6182.tmp [142336 2015-10-13] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
R2 NetTcpHandler; C:\Users\D.B.I\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
R2 nyneryxo; C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\hnstCF34.tmp [134656 2015-12-06] () [File not signed]
R2 Orbiter; C:\Program Files (x86)\ORBTR\orbiter.dll [558544 2015-12-06] (Client Connect LTD)
R2 roqenufe; C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\jnstB156.tmp [307200 2015-12-06] () [File not signed]
R2 shopperz061220151824 Updater; C:\Program Files\shopperz061220151824\Michil.exe [150880 2015-12-06] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 swsesrvc_1.10.0.25; C:\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe [301648 2015-09-22] (SS)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 WIFIGXENDHCPSER; C:\Program Files (x86)\MyWIFIRouter\bmser.exe [1656416 2013-12-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 woforemu; C:\Users\D.B.I\AppData\Local\B24876A0-1449419241-11E0-9F18-E89A8FA3B59C\snsf35F.tmp [337920 2015-12-06] () [File not signed]
R3 Ykupnakla; C:\Program Files\shopperz061220151824\Ykupnakla.exe [2029920 2015-12-06] ()
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
R2 vykevuty; C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C\knse92C9.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-12-06] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-06] (Cherimoya Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RDID1121; C:\Windows\System32\Drivers\rdwm1121.sys [199552 2011-02-06] (Roland Corporation)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-10-22] (YTDownloader)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 swsedrvr_vt_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vt_1_10_0_25.sys [61304 2015-09-22] (SS)
R3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 17:17 - 2015-12-06 17:19 - 00000000 ____D C:\FRST
2015-12-06 16:50 - 2015-12-06 16:50 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Google
2015-12-06 16:49 - 2015-12-06 16:50 - 00000000 ____D C:\Users\D.B.I\AppData\Local\BrowserHelper
2015-12-06 16:48 - 2015-12-06 16:48 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-12-06 16:48 - 2015-12-06 16:48 - 00004736 _____ C:\Windows\SysWOW64\Ykupnakla.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00003904 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
2015-12-06 16:48 - 2015-12-06 16:48 - 00003582 _____ C:\Windows\System32\Tasks\YTDownloader
2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\SysWOW64\YkupnaklaOff.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\system32\YkupnaklaOff.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Windows\system32\uuuh
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\LariLhki
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Tempfolder
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Local\B24876A0-1449420506-11E0-9F18-E89A8FA3B59C
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2015-12-06 16:48 - 2015-12-06 16:26 - 00375136 _____ C:\Windows\system32\Ykupnakla64.dll
2015-12-06 16:48 - 2015-12-06 16:26 - 00289120 _____ C:\Windows\SysWOW64\Ykupnakla.dll
2015-12-06 16:47 - 2015-12-06 16:48 - 00000000 ____D C:\Program Files\shopperz061220151824
2015-12-06 16:47 - 2015-12-06 16:47 - 00003338 _____ C:\Windows\System32\Tasks\Puhxuw
2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\Company
2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\uninst
2015-12-06 16:43 - 2015-12-06 16:49 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\CalendarTool
2015-12-06 16:43 - 2015-12-06 16:43 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-12-06 16:43 - 2015-12-06 16:43 - 00000000 ____D C:\Users\D.B.I\AppData\Local\rec_en_77
2015-12-06 16:43 - 2015-12-06 16:43 - 00000000 ____D C:\Program Files (x86)\rec_en_77
2015-12-06 16:43 - 2015-12-06 16:43 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-12-06 16:42 - 2015-12-06 16:42 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-06 16:40 - 2015-12-06 16:52 - 00000000 ____D C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168
2015-12-06 16:40 - 2015-12-06 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
2015-12-06 16:40 - 2015-12-06 16:49 - 00000000 ____D C:\Program Files (x86)\gmsd_gb_005010168
2015-12-06 16:39 - 2015-12-06 16:39 - 00003466 _____ C:\Windows\System32\Tasks\bvxvyxxvcy
2015-12-06 16:39 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\bvxvyxxvcy
2015-12-06 16:38 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\SearchProtect
2015-12-06 16:38 - 2015-12-06 16:39 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-12-06 16:37 - 2015-12-06 16:40 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.10293
2015-12-06 16:37 - 2015-12-06 16:38 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-12-06 16:37 - 2015-12-06 16:37 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\NetService
2015-12-06 16:37 - 2015-12-06 16:37 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
2015-12-06 16:37 - 2015-12-06 16:37 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo
2015-12-06 16:37 - 2015-12-06 16:37 - 00000000 ____D C:\Program Files\SpaceSoundPro
2015-12-06 16:37 - 2015-12-06 16:37 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-12-06 16:37 - 2015-12-06 16:26 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\RunDir
2015-12-06 16:37 - 2015-12-06 16:18 - 00000000 ____D C:\Program Files (x86)\jogotempo
2015-12-06 16:36 - 2015-12-06 16:36 - 00000000 ____D C:\Users\D.B.I\AppData\Local\SmartWeb
2015-12-06 16:36 - 2015-12-06 16:36 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-06 16:36 - 2015-12-06 16:17 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\SmartWeb
2015-12-06 16:34 - 2015-12-06 16:34 - 00004186 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2015-12-06 16:34 - 2015-12-06 16:34 - 00004174 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2015-12-06 16:34 - 2015-12-06 16:34 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2015-12-06 16:27 - 2015-12-06 16:27 - 00000000 ____D C:\rsit
2015-12-06 16:27 - 2015-12-06 16:26 - 00000000 ____D C:\Users\D.B.I\AppData\Local\B24876A0-1449419241-11E0-9F18-E89A8FA3B59C
2015-12-06 16:26 - 2015-12-06 16:47 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-12-06 16:26 - 2015-12-06 16:26 - 00003088 _____ C:\Windows\System32\Tasks\kol3015
2015-12-06 16:26 - 2015-12-06 16:26 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\shortCutStore
2015-12-06 16:26 - 2015-12-06 16:15 - 00010480 _____ C:\Windows\SysWOW64\acengineOff.ini
2015-12-06 16:26 - 2015-12-06 16:15 - 00010480 _____ C:\Windows\system32\acengineOff.ini
2015-12-06 16:26 - 2015-12-06 15:58 - 00000002 _____ C:\END
2015-12-06 16:25 - 2015-12-06 16:25 - 00015327 _____ C:\Users\D.B.I\Desktop\LM.bat
2015-12-06 16:25 - 2015-12-06 16:16 - 00000000 ____D C:\Program Files (x86)\Fast-Search
2015-12-06 16:25 - 2015-12-06 15:57 - 00000000 ____D C:\Users\D.B.I\AppData\Local\SearchModule
2015-12-06 16:25 - 2015-11-07 09:24 - 00308144 _____ (Abengine) C:\Windows\system32\acengine64.dll
2015-12-06 16:25 - 2015-11-07 09:24 - 00260752 _____ (Abengine) C:\Windows\SysWOW64\acengine.dll
2015-12-06 16:25 - 2014-06-25 06:42 - 00000840 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-06 16:24 - 2015-12-06 16:40 - 00000000 ____D C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C
2015-12-06 16:24 - 2015-12-06 16:24 - 00001822 _____ C:\Users\D.B.I\Desktop\Note-Up.lnk
2015-12-06 16:24 - 2015-12-06 16:24 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\NUIns
2015-12-06 16:24 - 2015-12-06 16:24 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Note-UP
2015-12-06 16:24 - 2015-12-06 16:24 - 00000000 ____D C:\Program Files (x86)\Note-up
2015-12-06 16:22 - 2015-12-06 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2015-12-06 16:22 - 2015-12-06 16:22 - 00000000 ____D C:\Program Files (x86)\mbot_gb_014010168
2015-12-06 16:22 - 2015-12-06 16:16 - 00000000 ____D C:\Users\D.B.I\AppData\Local\mbot_gb_014010168
2015-12-06 16:20 - 2015-12-06 16:20 - 00003138 _____ C:\Windows\System32\Tasks\Image Food
2015-12-06 16:20 - 2015-12-06 16:20 - 00003132 _____ C:\Windows\System32\Tasks\Image Food2
2015-12-06 16:20 - 2015-12-06 16:20 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Image Food
2015-12-06 16:16 - 2015-12-06 16:26 - 00001237 _____ C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-06 15:58 - 2015-12-06 15:58 - 00003088 _____ C:\Windows\System32\Tasks\gte3014
2015-12-06 15:43 - 2015-12-06 16:17 - 00000272 _____ C:\Windows\Tasks\System HealerStartUp.job
2015-12-06 15:43 - 2015-12-06 16:15 - 00000272 _____ C:\Windows\Tasks\System HealerPeriod.job
2015-12-06 15:43 - 2015-12-06 15:43 - 00003568 _____ C:\Windows\System32\Tasks\System Healer Task
2015-12-06 15:43 - 2015-12-06 15:43 - 00003306 _____ C:\Windows\System32\Tasks\SystemHealer Run Delay
2015-12-06 15:43 - 2015-12-06 15:43 - 00003240 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
2015-12-06 15:43 - 2015-12-06 15:43 - 00002848 _____ C:\Windows\System32\Tasks\System HealerPeriod
2015-12-06 15:43 - 2015-12-06 15:43 - 00002546 _____ C:\Windows\System32\Tasks\System HealerStartUp
2015-12-06 15:43 - 2015-12-06 15:43 - 00001058 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-37a1-0
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-1135-1
2015-12-06 15:20 - 2015-12-06 15:21 - 07043020 _____ C:\Users\D.B.I\Downloads\The Delta Rhythm Boys - St. Louis Blues.mp4
2015-12-06 13:35 - 2015-12-06 13:36 - 38119762 _____ C:\Users\D.B.I\Downloads\Anuncio Lotería de Navidad 2015 - La historia de Justino [Oficial] HD.mp4
2015-11-27 23:15 - 2015-11-27 23:56 - 730600588 _____ C:\Users\D.B.I\Downloads\Forrest-Gump-CZ-(1994).avi
2015-11-21 09:52 - 2015-11-21 09:52 - 00046540 _____ C:\Users\D.B.I\Downloads\boarding-pass.pdf
2015-11-20 00:51 - 2015-11-20 00:52 - 52324975 _____ C:\Users\D.B.I\Downloads\Karaoke September - Earth, Wind & Fire .mp4
2015-11-20 00:16 - 2015-11-20 00:17 - 55878619 _____ C:\Users\D.B.I\Downloads\Isn't She Lovely, Stevie Wonder - fingerstyle guitar arrangement, Jake Reichbart.mp4
2015-11-18 13:57 - 2015-11-18 13:57 - 00017730 _____ C:\Users\D.B.I\Downloads\[otorrents.com]forrest-gump-1994-720p.torrent
2015-11-17 01:05 - 2015-11-17 01:08 - 268444856 _____ C:\Users\D.B.I\Downloads\cigani idu do volieb tak toto je pecka celi film gypsy totik.mp4
2015-11-16 00:39 - 2015-11-03 22:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-16 00:39 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-16 00:39 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-16 00:39 - 2015-10-30 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-16 00:39 - 2015-10-30 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-16 00:39 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-16 00:39 - 2015-10-30 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-16 00:39 - 2015-10-30 23:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-16 00:39 - 2015-10-30 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-16 00:39 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-16 00:39 - 2015-10-30 23:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-16 00:39 - 2015-10-30 23:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-16 00:39 - 2015-10-30 23:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-16 00:39 - 2015-10-30 23:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-16 00:39 - 2015-10-30 23:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-16 00:39 - 2015-10-30 23:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-16 00:39 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-16 00:39 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-16 00:39 - 2015-10-30 23:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-16 00:39 - 2015-10-30 23:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-16 00:39 - 2015-10-30 23:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-16 00:39 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-16 00:39 - 2015-10-30 22:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-16 00:39 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-16 00:39 - 2015-10-30 22:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-16 00:39 - 2015-10-30 22:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-16 00:39 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-16 00:39 - 2015-10-30 22:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-16 00:39 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-16 00:39 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-16 00:39 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-16 00:39 - 2015-10-30 22:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-16 00:39 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-16 00:39 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-16 00:39 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-16 00:39 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-16 00:39 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-16 00:39 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-16 00:39 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-16 00:39 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-16 00:39 - 2015-10-30 22:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-16 00:39 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-16 00:39 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-16 00:39 - 2015-10-30 22:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-16 00:39 - 2015-10-30 22:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-16 00:39 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-16 00:39 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-16 00:39 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-16 00:39 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-16 00:39 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-16 00:39 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-16 00:39 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-16 00:39 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-16 00:39 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-16 00:39 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-16 00:39 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-16 00:39 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-16 00:39 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-16 00:39 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-16 00:39 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-16 00:39 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-16 00:39 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-16 00:39 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-16 00:39 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-16 00:18 - 2015-11-03 17:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-16 00:18 - 2015-10-20 18:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-16 00:18 - 2015-10-20 18:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-16 00:18 - 2015-10-20 18:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-16 00:18 - 2015-10-20 18:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-16 00:18 - 2015-10-20 18:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-16 00:18 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-16 00:17 - 2015-10-20 01:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-16 00:17 - 2015-10-20 01:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-16 00:17 - 2015-10-20 01:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-16 00:17 - 2015-10-20 01:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-16 00:17 - 2015-10-20 01:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-16 00:17 - 2015-10-20 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-16 00:17 - 2015-10-20 01:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-16 00:17 - 2015-10-20 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-16 00:17 - 2015-10-20 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-16 00:17 - 2015-10-20 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-16 00:17 - 2015-10-20 00:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-16 00:17 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-16 00:17 - 2015-10-20 00:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-16 00:17 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-16 00:17 - 2015-10-20 00:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-16 00:17 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-16 00:17 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-16 00:17 - 2015-10-19 23:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-16 00:17 - 2015-10-19 23:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-16 00:17 - 2015-10-19 23:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-16 00:17 - 2015-10-19 23:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-16 00:17 - 2015-10-19 23:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-16 00:17 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-16 00:17 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-16 00:17 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-16 00:15 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-16 00:15 - 2015-10-01 18:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-16 00:15 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-16 00:14 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-16 00:14 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-16 00:14 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-16 00:02 - 2015-11-16 00:04 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Viber
2015-11-15 06:14 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-15 06:14 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-15 05:55 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-06 19:27 - 2015-11-06 19:28 - 160302615 _____ C:\Users\D.B.I\Downloads\Jimi Hendrix - All Along The Watchtower - Intro Guitar Lesson, Tutorial.mp4
2015-11-06 19:27 - 2015-11-06 19:27 - 40239533 _____ C:\Users\D.B.I\Downloads\Jimi Hendrix All Along The Watch Tower Solos Lesson.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 17:17 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-12-06 17:16 - 2015-07-22 21:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 17:03 - 2014-04-26 17:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-06 16:27 - 2014-06-23 18:32 - 00000000 ____D C:\Program Files\trend micro
2015-12-06 16:26 - 2014-04-26 16:45 - 00001237 _____ C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-12-06 16:26 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-06 16:26 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-06 16:25 - 2015-04-06 22:11 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Spotify
2015-12-06 16:25 - 2014-06-26 06:41 - 00029696 _____ C:\Users\D.B.I\AppData\Local\MSGBOX.EXE
2015-12-06 16:23 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-06 16:23 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-06 16:20 - 2015-05-16 00:53 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\ViberPC
2015-12-06 16:16 - 2015-10-23 20:04 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-12-06 16:16 - 2015-07-22 21:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 16:15 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-06 16:13 - 2015-10-20 21:26 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\BitTorrent
2015-12-06 15:59 - 2015-08-09 21:46 - 00003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1398531229
2015-12-06 15:59 - 2014-04-26 16:53 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-06 15:53 - 2014-08-26 20:12 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Adobe
2015-12-06 15:50 - 2014-04-27 02:03 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\BitTorrent
2015-12-06 15:48 - 2015-06-07 11:48 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\System Healer
2015-12-06 15:43 - 2015-06-07 11:47 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2015-12-06 14:04 - 2015-04-06 22:15 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Spotify
2015-12-05 16:11 - 2011-08-03 03:56 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 16:11 - 2011-08-03 03:56 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 15:35 - 2014-05-03 06:59 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\vlc
2015-12-04 06:42 - 2015-05-16 00:55 - 00000000 ____D C:\Users\D.B.I\Documents\ViberDownloads
2015-11-29 16:44 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-20 02:03 - 2014-04-26 17:25 - 00796872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-20 02:03 - 2014-04-26 17:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-20 02:03 - 2014-04-26 17:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-18 17:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-11-17 03:20 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-17 03:12 - 2011-08-03 02:28 - 00000000 ____D C:\Windows\Panther
2015-11-16 21:32 - 2014-10-18 02:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-16 21:10 - 2014-05-03 13:07 - 00766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-16 21:01 - 2009-07-14 04:45 - 04914208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-16 03:03 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2013-02-17 03:27 - 2013-02-17 03:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-06-26 06:41 - 2015-12-06 16:25 - 0029696 _____ () C:\Users\D.B.I\AppData\Local\MSGBOX.EXE
2015-03-21 10:24 - 2015-03-21 10:24 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\D.B.I\AppData\Local\Temp\amisetup1963__16165.exe
C:\Users\D.B.I\AppData\Local\Temp\amisetup7727__15940.exe
C:\Users\D.B.I\AppData\Local\Temp\avgFB42.exe
C:\Users\D.B.I\AppData\Local\Temp\fsd192E.exe
C:\Users\D.B.I\AppData\Local\Temp\fsd423D.exe
C:\Users\D.B.I\AppData\Local\Temp\fsdFCB6.exe
C:\Users\D.B.I\AppData\Local\Temp\gzgi9fuw.dll
C:\Users\D.B.I\AppData\Local\Temp\Nuance+Dragon+NaturallySp__10924_i1772636006_il2234292.exe
C:\Users\D.B.I\AppData\Local\Temp\oprun23710.exe
C:\Users\D.B.I\AppData\Local\Temp\oprun9808.exe
C:\Users\D.B.I\AppData\Local\Temp\SpOrder.dll
C:\Users\D.B.I\AppData\Local\Temp\Uninstall.exe
C:\Users\D.B.I\AppData\Local\Temp\winpcap4.1.3repark.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-08-03 03:33] - [2011-08-03 03:33] - 0357888 ____A (Microsoft Corporation) E55A6929548F1B18DAF07F949F2F769D

C:\Windows\SysWOW64\dnsapi.dll
[2011-08-03 03:33] - [2011-08-03 03:33] - 0270336 ____A (Microsoft Corporation) C110ACCC7C6A2A0D2AABAC95B9D05DB1

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-03 17:16

==================== End of FRST.txt ============================

Adw Cleaner

# AdwCleaner v5.023 - Logfile created 06/12/2015 at 17:32:16
# Updated 30/11/2015 by Xplode
# Database : 2015-12-06.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : D.B.I - DBI-TOSH
# Running from : C:\Users\D.B.I\Downloads\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : BrsHelper
[-] Service Deleted : bsdriver
[-] Service Deleted : cherimoya
[-] Service Deleted : CltMngSvc
[-] Service Deleted : csrcc
[-] Service Deleted : Orbiter
[-] Service Deleted : sbmntr
[-] Service Deleted : SPPD
[-] Service Deleted : acengine
[-] Service Deleted : NETTCPHANDLER
[-] Service Deleted : TheCalendarService
[-] Service Deleted : hidekoqe
[-] Service Deleted : nyneryxo
[-] Service Deleted : roqenufe
[-] Service Deleted : vykevuty
[-] Service Deleted : woforemu
[-] Service Deleted : swsedrvr_vt_1_10_0_25
[-] Service Deleted : swsesrvc_1.10.0.25
[!] Service Not Deleted : csrcc
[-] Service Deleted : DD8F7683-4910-4793-820A-07D019A935F2
[-] Service Deleted : FeilcOxaf
[-] Service Deleted : shopperz061220151824 Updater
[-] Service Deleted : Ykupnakla
[!] Service Not Deleted : DD8F7683-4910-4793-820A-07D019A935F2
[!] Service Not Deleted : shopperz061220151824 Updater

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[#] Folder Deleted : C:\Program Files\shopperz061220151824
[#] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\YTDownloader
[-] Folder Deleted : C:\Program Files (x86)\ORBTR
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro
[-] Folder Deleted : C:\Program Files (x86)\Note-up
[-] Folder Deleted : C:\Program Files (x86)\Fast-Search
[-] Folder Deleted : C:\Program Files (x86)\jogotempo
[-] Folder Deleted : C:\Program Files (x86)\CalendarTool
[-] Folder Deleted : C:\Program Files (x86)\B24876A0-1449419055-11E0-9F18-E89A8FA3B59C
[-] Folder Deleted : C:\Program Files (x86)\SwiftSearch_1.10.0.25
[-] Folder Deleted : C:\Program Files (x86)\gmsd_gb_005010168
[-] Folder Deleted : C:\Program Files (x86)\mbot_gb_014010168
[-] Folder Deleted : C:\Program Files (x86)\rec_en_77
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v53.10293
[-] Folder Deleted : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBestOffersToday
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\SearchModule
[#] Folder Deleted : C:\Users\D.B.I\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\SmartWeb
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\BrowserHelper
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\gmsd_gb_005010168
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\mbot_gb_014010168
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\rec_en_77
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\B24876A0-1449419241-11E0-9F18-E89A8FA3B59C
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\B24876A0-1449420506-11E0-9F18-E89A8FA3B59C
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\Installer\Install_14321
[-] Folder Deleted : C:\Users\D.B.I\AppData\Local\Installer\Install_21558
[-] Folder Deleted : C:\Users\D.B.I\AppData\LocalLow\SmartWeb
[-] Folder Deleted : C:\Users\D.B.I\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\NUIns
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\Note-up
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\shortCutStore
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\RunDir
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\NetService
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\CalendarTool
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
[-] Folder Deleted : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo
[-] Folder Deleted : C:\Users\Public\Documents\Guid
[#] Folder Deleted : C:\Windows\SysNative\Tasks\YTDownloader
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\acengine
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\CalendarTool

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage
[-] File Deleted : C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage-journal
[-] File Deleted : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
[-] File Deleted : C:\Users\D.B.I\Downloads\Desktop\YTDownloader.lnk
[-] File Deleted : C:\Users\D.B.I\Downloads\Desktop\SpaceSoundPro.lnk
[-] File Deleted : C:\Users\D.B.I\Downloads\Desktop\jogotempo.lnk
[-] File Deleted : C:\Users\DB0E23~1.I\AppData\Local\Temp\lengine.ini.log
[-] File Deleted : C:\Users\DB0E23~1.I\AppData\Local\Temp\acengine.log
[-] File Deleted : C:\Windows\apppatch\apppatch64\vcldr64.dll
[-] File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\Windows\AppPatch\nbin\VC32Loader.dll
[-] File Deleted : C:\Windows\SysNative\acengineOff.ini
[-] File Deleted : C:\Windows\SysNative\acengine64.dll
[-] File Deleted : C:\Windows\SysNative\Ykupnakla64.dll
[-] File Deleted : C:\Windows\SysNative\drivers\bsdriver.sys
[-] File Deleted : C:\Windows\SysNative\drivers\cherimoya.sys
[-] File Deleted : C:\Windows\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys
[-] File Deleted : C:\Windows\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys
[-] File Deleted : C:\Windows\SysWOW64\acengineOff.ini
[-] File Deleted : C:\Windows\SysWOW64\acengine.dll
[-] File Deleted : C:\Windows\SysWOW64\Ykupnakla.dll

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet-Explorer (No Add-ons).lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\D.B.I\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : YTDownloader
[-] Task Deleted : YTDownloaderUpd
[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Core
[-] Task Deleted : SwiftSearch Auto Updater 1.10.0.25 Pending Update

***** [ Registry ] *****

[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.DataContainer
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acengine
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.WFPController
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\acengineLib.WFPController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Note-up]
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\acengine.EXE
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\jg.exe
[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchModule]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mbot_gb_014010168]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_gb_005010168]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [rec_en_77]
[-] Key Deleted : HKLM\SOFTWARE\shopperz061220151824
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{98EF07AE-BE7B-4E61-81C1-77FD5195973B}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{98EF07AE-BE7B-4E61-81C1-77FD5195973B}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9F2949D6-977B-4B61-B513-0C2EE52C2B4F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34EBA76A-E745-4B18-96C9-2B8E2BA8B246}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A8E009B-E66D-4016-87CF-EC57FA9A4BC1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D4D0357-0376-4656-A040-65AC089E84A2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D5AF218-5F7E-40E0-B49D-54FFAFE2001A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{89E46EA6-2F87-4D79-8FFA-8B264F93F54A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9ECCDEFC-1C26-4BB3-B6DF-252672D9FFFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1BC674D-15D8-46C5-AC51-12AB16D67616}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F811C371-1DC7-4E2F-8676-D96B85BE4AF1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{038795DB-F475-4EF3-8D0D-2E79F7571ADF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2F71B6F1-2559-416C-9C6A-2DFDE80C138F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39A9E5A3-9D4F-4C78-81A3-99B6F1C4A3D8}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B731F44-94EA-4CF8-87FA-9B9D9C78FFC8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8EAD8FFD-380F-40A9-a2E4-A81824C3275C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98EF07AE-BE7B-4E61-81C1-77FD5195973B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB7559C4-0032-4970-84E5-A58EAC478440}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3323765B-5B83-4406-841E-473DBA4B8F29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{389562C4-59D9-40C4-966E-28DA91725FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F8D3B31-AEB8-4ED7-8B05-5556068D6B54}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6ED1EF08-DFF4-4252-8986-691D06C54131}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{83E07061-02D1-41EC-8751-BB176B823C38}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0948E7-227A-4F1B-9849-2D8912F185A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A471A4AA-5C18-429F-81BF-6C760941DB74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0A7C2B3-86D6-42AF-8221-79C9E4AD50BA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F2FB003D-07C7-4E4D-80E3-00B49468A6F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7971E81-FC71-4659-8CCE-C903576E0924}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{00E3D575-A24C-4BBC-A708-BCDB8BBCA6C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{024BF4C8-B53D-45B9-957F-D3BA9655FF39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{074DCA49-F6A1-417F-B79E-D5E3ADC30330}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C2627D4-C238-4C49-A830-34C47D2A26AF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{38CC1CC3-209E-4A9D-8B1F-0C4C8729F33B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D932D06-FFCF-4623-84C0-A5AD57113E53}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{975A54E5-7B97-4CED-A6B0-6024574359D7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E1DEA92-4F9E-4709-978B-BEC8FBC45282}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B00E0F22-F2A9-4FE3-BDA6-A81ECF7BC69C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C17703D8-8417-4C42-A760-1889F4E48FB7}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F75A3210-A4E0-41A6-88D3-5F2E71A42668}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{029AF757-A988-4BDD-A744-A4C7BCEBB011}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C1375FB-BE7F-46D1-872F-5FFDA55B42EA}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCA9AF88-8771-4932-84C3-5FEB3F8B0191}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98EF07AE-BE7B-4E61-81C1-77FD5195973B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{98EF07AE-BE7B-4E61-81C1-77FD5195973B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3323765B-5B83-4406-841E-473DBA4B8F29}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{389562C4-59D9-40C4-966E-28DA91725FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F8D3B31-AEB8-4ED7-8B05-5556068D6B54}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6ED1EF08-DFF4-4252-8986-691D06C54131}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{83E07061-02D1-41EC-8751-BB176B823C38}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0948E7-227A-4F1B-9849-2D8912F185A7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A471A4AA-5C18-429F-81BF-6C760941DB74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0A7C2B3-86D6-42AF-8221-79C9E4AD50BA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F2FB003D-07C7-4E4D-80E3-00B49468A6F4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7971E81-FC71-4659-8CCE-C903576E0924}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{00E3D575-A24C-4BBC-A708-BCDB8BBCA6C7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{024BF4C8-B53D-45B9-957F-D3BA9655FF39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{074DCA49-F6A1-417F-B79E-D5E3ADC30330}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0C2627D4-C238-4C49-A830-34C47D2A26AF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{38CC1CC3-209E-4A9D-8B1F-0C4C8729F33B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7D932D06-FFCF-4623-84C0-A5AD57113E53}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{975A54E5-7B97-4CED-A6B0-6024574359D7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E1DEA92-4F9E-4709-978B-BEC8FBC45282}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B00E0F22-F2A9-4FE3-BDA6-A81ECF7BC69C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C17703D8-8417-4C42-A760-1889F4E48FB7}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F75A3210-A4E0-41A6-88D3-5F2E71A42668}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98EF07AE-BE7B-4E61-81C1-77FD5195973B}
[-] Key Deleted : HKCU\Software\SearchProtect
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\YTDownloader
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\SpaceSoundPro
[-] Key Deleted : HKCU\Software\DeskBar
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\{4D76E092-813F-4E48-8FA2-C9FBD11F266C}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\ORBTR
[-] Key Deleted : HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\searchult
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\acengine
[-] Key Deleted : HKLM\SOFTWARE\Fast-Search
[-] Key Deleted : HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : HKLM\SOFTWARE\SVH
[-] Key Deleted : HKLM\SOFTWARE\SAKURA
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\SwiftSearch_1.10.0.25
[!] Key Not Deleted : HKLM\SOFTWARE\shopperz061220151824
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast-Search
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jogotempo
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SwiftSearch_1.10.0.25
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_gb_005010168_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mbot_gb_014010168_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_en_77_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\searchult
[-] Key Deleted : [x64] HKLM\SOFTWARE\SpaceSoundPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : [x64] HKLM\SOFTWARE\SAKURA
[-] Key Deleted : [x64] HKLM\SOFTWARE\CALENDARTOOL
[-] Key Deleted : [x64] HKLM\SOFTWARE\shopperz061220151824
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceSoundPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}
[-] Key Deleted : HKU\.DEFAULT\Software\{4D76E092-813F-4E48-8FA2-C9FBD11F266C}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-19\Software\{4D76E092-813F-4E48-8FA2-C9FBD11F266C}
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\{4D76E092-813F-4E48-8FA2-C9FBD11F266C}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-21-2533499994-360040-1962647933-1000_Classes\Software\{4D76E092-813F-4E48-8FA2-C9FBD11F266C}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7C55C822-DF0B-4BB9-8968-41DF289B8885}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{863F9DBE-EE0D-47C9-A514-319CA58FACD2}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0F881DA4-8E37-4BA7-BA0C-CCD8FAB26E37} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{0F881DA4-8E37-4BA7-BA0C-CCD8FAB26E37} [NameServer]

***** [ Web browsers ] *****

[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com_
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com__
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com___
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www-searching.com/?pid=s&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88&vp=ch&prd=set
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=FC6ztutdk0000,7245610a-5e15-440b-82ad-a5e5992c6d88&vp=ch&prd=set

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [26009 bytes] ##########

Otestujte na virustotal.com C:\Windows\system32\dnsapi.dll a C:\Windows\SysWOW64\dnsapi.dll - pokud uz byly soubory otestovany, zvolte Reanalyse. Do pristiho prispevku dejte linky (odkazy) s vysledky analyz.


Pote dejte nove logy FRST.txt a Addition.txt (pro vytvoreni Addition.txt tuto volbu musite explicitne zatrhnout).

C:\Windows\system32\dnsapi.dll
https://www.virustotal.com/en/file/601c ... 449429083/

C:\Windows\SysWOW64\dnsapi.dll
https://www.virustotal.com/en/file/601c ... 449429562/

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by D.B.I (administrator) on DBI-TOSH (06-12-2015 18:20:49)
Running from C:\Users\D.B.I\Downloads\Desktop
Loaded Profiles: D.B.I (Available Profiles: D.B.I)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\MyWIFIRouter\bmser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\SystemHealer\HealerConsole.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(PRIMAX) C:\Windows\System32\xManager\PELKBD.EXE
() C:\Windows\System32\FSRremoS.EXE
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
() C:\Users\D.B.I\AppData\Local\Viber\Viber.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Primax Electronics Ltd.) C:\Windows\System32\PELMICED.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba) C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtBty.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Spotify Ltd) C:\Users\D.B.I\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\D.B.I\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\D.B.I\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\D.B.I\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\D.B.I\AppData\Roaming\Spotify\Spotify.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [150992 2011-08-03] (Toshiba Europe GmbH)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\Windows\system32\ICO.EXE [92160 2007-09-17] (Primax Electronics Ltd.)
HKLM\...\Run: [Keyboard Suite Daemon] => C:\Windows\system32\xManager\PELKBD.EXE [526848 2008-04-10] (PRIMAX)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [NBAgent] => c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ITSecMng] => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Viber] => C:\Users\D.B.I\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Spotify] => C:\Users\D.B.I\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-12-06] (Spotify Ltd)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [Spotify Web Helper] => C:\Users\D.B.I\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-06] (Spotify Ltd)
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\MountPoints2: E - E:\setup.exe /VERYSILENT
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-12-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-12-02] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-10-24]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk [2011-08-03]
ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\Toshiba\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)
Startup: C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-10-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk [2015-12-06]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-04-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-04-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0F881DA4-8E37-4BA7-BA0C-CCD8FAB26E37}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A5D75751-25F5-4D7C-89EF-3CB17938BCD9}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{D8CDBF04-423E-45AE-940C-BDD4DC19329C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2533499994-360040-1962647933-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&r ... {startPage}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2533499994-360040-1962647933-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\D.B.I\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-06-20] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Profile: C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
CHR Extension: (Google Drive) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Search Module Plus v2) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR Extension: (Extutil) - C:\Users\DB0E23~1.I\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-12-06]
CHR Extension: (Managera) - C:\Users\DB0E23~1.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-12-06]
CHR Extension: (Image Food) - C:\Users\D.B.I\AppData\Local\Image Food\Component [2015-12-06]
CHR HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\D.B.I\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-12-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3241744 2015-12-02] (Client Connect LTD)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 WIFIGXENDHCPSER; C:\Program Files (x86)\MyWIFIRouter\bmser.exe [1656416 2013-12-12] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-12-06] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RDID1121; C:\Windows\System32\Drivers\rdwm1121.sys [199552 2011-02-06] (Roland Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 toshidpt; C:\Windows\System32\drivers\Toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 17:17 - 2015-12-06 18:20 - 00000000 ____D C:\FRST
2015-12-06 16:50 - 2015-12-06 16:50 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Google
2015-12-06 16:48 - 2015-12-06 16:48 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-12-06 16:48 - 2015-12-06 16:48 - 00004736 _____ C:\Windows\SysWOW64\Ykupnakla.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\SysWOW64\YkupnaklaOff.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\system32\YkupnaklaOff.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Windows\system32\uuuh
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\LariLhki
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Tempfolder
2015-12-06 16:47 - 2015-12-06 17:40 - 00000000 ____D C:\Program Files\shopperz061220151824
2015-12-06 16:47 - 2015-12-06 16:47 - 00003338 _____ C:\Windows\System32\Tasks\Puhxuw
2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\Company
2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\uninst
2015-12-06 16:42 - 2015-12-06 16:42 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-06 16:39 - 2015-12-06 16:39 - 00003466 _____ C:\Windows\System32\Tasks\bvxvyxxvcy
2015-12-06 16:39 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\bvxvyxxvcy
2015-12-06 16:38 - 2015-12-06 17:32 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-12-06 16:38 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\SearchProtect
2015-12-06 16:27 - 2015-12-06 16:27 - 00000000 ____D C:\rsit
2015-12-06 16:26 - 2015-12-06 16:47 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-12-06 16:26 - 2015-12-06 16:26 - 00003088 _____ C:\Windows\System32\Tasks\kol3015
2015-12-06 16:25 - 2015-12-06 16:25 - 00015327 _____ C:\Users\D.B.I\Desktop\LM.bat
2015-12-06 16:25 - 2014-06-25 06:42 - 00000840 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-06 16:24 - 2015-12-06 16:24 - 00001822 _____ C:\Users\D.B.I\Desktop\Note-Up.lnk
2015-12-06 16:20 - 2015-12-06 16:20 - 00003138 _____ C:\Windows\System32\Tasks\Image Food
2015-12-06 16:20 - 2015-12-06 16:20 - 00003132 _____ C:\Windows\System32\Tasks\Image Food2
2015-12-06 16:20 - 2015-12-06 16:20 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Image Food
2015-12-06 16:16 - 2015-12-06 17:41 - 00001061 _____ C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-06 15:58 - 2015-12-06 15:58 - 00003088 _____ C:\Windows\System32\Tasks\gte3014
2015-12-06 15:43 - 2015-12-06 17:41 - 00000272 _____ C:\Windows\Tasks\System HealerStartUp.job
2015-12-06 15:43 - 2015-12-06 16:15 - 00000272 _____ C:\Windows\Tasks\System HealerPeriod.job
2015-12-06 15:43 - 2015-12-06 15:43 - 00003568 _____ C:\Windows\System32\Tasks\System Healer Task
2015-12-06 15:43 - 2015-12-06 15:43 - 00003306 _____ C:\Windows\System32\Tasks\SystemHealer Run Delay
2015-12-06 15:43 - 2015-12-06 15:43 - 00003240 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
2015-12-06 15:43 - 2015-12-06 15:43 - 00002848 _____ C:\Windows\System32\Tasks\System HealerPeriod
2015-12-06 15:43 - 2015-12-06 15:43 - 00002546 _____ C:\Windows\System32\Tasks\System HealerStartUp
2015-12-06 15:43 - 2015-12-06 15:43 - 00001058 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-37a1-0
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-1135-1
2015-12-06 15:20 - 2015-12-06 15:21 - 07043020 _____ C:\Users\D.B.I\Downloads\The Delta Rhythm Boys - St. Louis Blues.mp4
2015-12-06 13:35 - 2015-12-06 13:36 - 38119762 _____ C:\Users\D.B.I\Downloads\Anuncio Lotería de Navidad 2015 - La historia de Justino [Oficial] HD.mp4
2015-11-27 23:15 - 2015-11-27 23:56 - 730600588 _____ C:\Users\D.B.I\Downloads\Forrest-Gump-CZ-(1994).avi
2015-11-21 09:52 - 2015-11-21 09:52 - 00046540 _____ C:\Users\D.B.I\Downloads\boarding-pass.pdf
2015-11-20 00:51 - 2015-11-20 00:52 - 52324975 _____ C:\Users\D.B.I\Downloads\Karaoke September - Earth, Wind & Fire .mp4
2015-11-20 00:16 - 2015-11-20 00:17 - 55878619 _____ C:\Users\D.B.I\Downloads\Isn't She Lovely, Stevie Wonder - fingerstyle guitar arrangement, Jake Reichbart.mp4
2015-11-18 13:57 - 2015-11-18 13:57 - 00017730 _____ C:\Users\D.B.I\Downloads\[otorrents.com]forrest-gump-1994-720p.torrent
2015-11-17 01:05 - 2015-11-17 01:08 - 268444856 _____ C:\Users\D.B.I\Downloads\cigani idu do volieb tak toto je pecka celi film gypsy totik.mp4
2015-11-16 00:39 - 2015-11-03 22:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-16 00:39 - 2015-11-03 21:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-16 00:39 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-16 00:39 - 2015-10-30 23:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-16 00:39 - 2015-10-30 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-16 00:39 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-16 00:39 - 2015-10-30 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-16 00:39 - 2015-10-30 23:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-16 00:39 - 2015-10-30 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-16 00:39 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-16 00:39 - 2015-10-30 23:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-16 00:39 - 2015-10-30 23:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-16 00:39 - 2015-10-30 23:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-16 00:39 - 2015-10-30 23:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-16 00:39 - 2015-10-30 23:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-16 00:39 - 2015-10-30 23:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-16 00:39 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-16 00:39 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-16 00:39 - 2015-10-30 23:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-16 00:39 - 2015-10-30 23:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-16 00:39 - 2015-10-30 23:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-16 00:39 - 2015-10-30 22:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-16 00:39 - 2015-10-30 22:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-16 00:39 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-16 00:39 - 2015-10-30 22:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-16 00:39 - 2015-10-30 22:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-16 00:39 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-16 00:39 - 2015-10-30 22:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-16 00:39 - 2015-10-30 22:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-16 00:39 - 2015-10-30 22:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-16 00:39 - 2015-10-30 22:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-16 00:39 - 2015-10-30 22:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-16 00:39 - 2015-10-30 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-16 00:39 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-16 00:39 - 2015-10-30 22:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-16 00:39 - 2015-10-30 22:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-16 00:39 - 2015-10-30 22:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-16 00:39 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-16 00:39 - 2015-10-30 22:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-16 00:39 - 2015-10-30 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-16 00:39 - 2015-10-30 22:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-16 00:39 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-16 00:39 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-16 00:39 - 2015-10-30 22:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-16 00:39 - 2015-10-30 22:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-16 00:39 - 2015-10-30 22:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-16 00:39 - 2015-10-30 22:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-16 00:39 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-16 00:39 - 2015-10-30 22:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-16 00:39 - 2015-10-30 22:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-16 00:39 - 2015-10-30 22:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-16 00:39 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-16 00:39 - 2015-10-30 22:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-16 00:39 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-16 00:39 - 2015-10-30 22:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-16 00:39 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-16 00:39 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-16 00:39 - 2015-10-30 22:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-16 00:39 - 2015-10-30 22:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-16 00:39 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-16 00:39 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-16 00:39 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-16 00:39 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-16 00:39 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-16 00:18 - 2015-11-03 17:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-16 00:18 - 2015-10-20 18:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-16 00:18 - 2015-10-20 18:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-16 00:18 - 2015-10-20 18:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-16 00:18 - 2015-10-20 18:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-16 00:18 - 2015-10-20 18:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-16 00:18 - 2015-10-20 18:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-16 00:18 - 2015-10-20 17:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-16 00:18 - 2015-10-20 17:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-16 00:17 - 2015-10-20 01:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-16 00:17 - 2015-10-20 01:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-16 00:17 - 2015-10-20 01:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-16 00:17 - 2015-10-20 01:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-16 00:17 - 2015-10-20 01:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-16 00:17 - 2015-10-20 01:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-16 00:17 - 2015-10-20 01:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-16 00:17 - 2015-10-20 01:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-16 00:17 - 2015-10-20 01:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-16 00:17 - 2015-10-20 01:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-16 00:17 - 2015-10-20 01:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-16 00:17 - 2015-10-20 01:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-16 00:17 - 2015-10-20 00:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-16 00:17 - 2015-10-20 00:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-16 00:17 - 2015-10-20 00:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-16 00:17 - 2015-10-20 00:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-16 00:17 - 2015-10-20 00:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-16 00:17 - 2015-10-20 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-16 00:17 - 2015-10-20 00:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-16 00:17 - 2015-10-20 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-16 00:17 - 2015-10-20 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 00:17 - 2015-10-20 00:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-16 00:17 - 2015-10-19 23:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-16 00:17 - 2015-10-19 23:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-16 00:17 - 2015-10-19 23:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-16 00:17 - 2015-10-19 23:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-16 00:17 - 2015-10-19 23:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 00:17 - 2015-10-19 23:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-16 00:17 - 2015-09-23 13:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-16 00:17 - 2015-09-23 13:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-16 00:17 - 2015-09-23 13:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-16 00:15 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-16 00:15 - 2015-10-01 18:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-16 00:15 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-16 00:14 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-16 00:14 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-16 00:14 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-16 00:14 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-16 00:02 - 2015-11-16 00:04 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Viber
2015-11-15 06:14 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-15 06:14 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-15 05:55 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-06 19:27 - 2015-11-06 19:28 - 160302615 _____ C:\Users\D.B.I\Downloads\Jimi Hendrix - All Along The Watchtower - Intro Guitar Lesson, Tutorial.mp4
2015-11-06 19:27 - 2015-11-06 19:27 - 40239533 _____ C:\Users\D.B.I\Downloads\Jimi Hendrix All Along The Watch Tower Solos Lesson.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-06 18:16 - 2015-07-22 21:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 18:15 - 2015-04-06 22:11 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\Spotify
2015-12-06 18:03 - 2014-04-26 17:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-06 17:54 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-06 17:54 - 2009-07-14 04:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-06 17:48 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-06 17:48 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-06 17:44 - 2015-05-16 00:53 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\ViberPC
2015-12-06 17:44 - 2015-04-06 22:15 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Spotify
2015-12-06 17:40 - 2015-10-23 20:04 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-12-06 17:40 - 2015-07-22 21:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 17:40 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-06 17:35 - 2014-04-26 16:45 - 00001103 _____ C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-12-06 17:35 - 2011-08-03 03:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-06 17:32 - 2014-06-25 19:16 - 00000000 ____D C:\AdwCleaner
2015-12-06 17:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-12-06 16:27 - 2014-06-23 18:32 - 00000000 ____D C:\Program Files\trend micro
2015-12-06 16:25 - 2014-06-26 06:41 - 00029696 _____ C:\Users\D.B.I\AppData\Local\MSGBOX.EXE
2015-12-06 16:13 - 2015-10-20 21:26 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\BitTorrent
2015-12-06 15:59 - 2015-08-09 21:46 - 00003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1398531229
2015-12-06 15:59 - 2014-04-26 16:53 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-06 15:53 - 2014-08-26 20:12 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Adobe
2015-12-06 15:50 - 2014-04-27 02:03 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\BitTorrent
2015-12-06 15:48 - 2015-06-07 11:48 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\System Healer
2015-12-06 15:43 - 2015-06-07 11:47 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2015-12-05 16:11 - 2011-08-03 03:56 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 16:11 - 2011-08-03 03:56 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 15:35 - 2014-05-03 06:59 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\vlc
2015-12-04 06:42 - 2015-05-16 00:55 - 00000000 ____D C:\Users\D.B.I\Documents\ViberDownloads
2015-11-29 16:44 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-20 02:03 - 2014-04-26 17:25 - 00796872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-20 02:03 - 2014-04-26 17:25 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-20 02:03 - 2014-04-26 17:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-18 17:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-11-17 03:20 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-17 03:12 - 2011-08-03 02:28 - 00000000 ____D C:\Windows\Panther
2015-11-16 21:32 - 2014-10-18 02:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-16 21:10 - 2014-05-03 13:07 - 00766100 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-16 21:01 - 2009-07-14 04:45 - 04914208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-16 03:03 - 2010-11-21 07:17 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2013-02-17 03:27 - 2013-02-17 03:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-06-26 06:41 - 2015-12-06 16:25 - 0029696 _____ () C:\Users\D.B.I\AppData\Local\MSGBOX.EXE
2015-03-21 10:24 - 2015-03-21 10:24 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\D.B.I\AppData\Local\Temp\amisetup1963__16165.exe
C:\Users\D.B.I\AppData\Local\Temp\amisetup7727__15940.exe
C:\Users\D.B.I\AppData\Local\Temp\avgFB42.exe
C:\Users\D.B.I\AppData\Local\Temp\fsd192E.exe
C:\Users\D.B.I\AppData\Local\Temp\fsd423D.exe
C:\Users\D.B.I\AppData\Local\Temp\fsdFCB6.exe
C:\Users\D.B.I\AppData\Local\Temp\gzgi9fuw.dll
C:\Users\D.B.I\AppData\Local\Temp\Nuance+Dragon+NaturallySp__10924_i1772636006_il2234292.exe
C:\Users\D.B.I\AppData\Local\Temp\oprun23710.exe
C:\Users\D.B.I\AppData\Local\Temp\oprun9808.exe
C:\Users\D.B.I\AppData\Local\Temp\SpOrder.dll
C:\Users\D.B.I\AppData\Local\Temp\sqlite3.dll
C:\Users\D.B.I\AppData\Local\Temp\Uninstall.exe
C:\Users\D.B.I\AppData\Local\Temp\winpcap4.1.3repark.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-03 17:16

==================== End of FRST.txt ============================

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by D.B.I (2015-12-06 18:22:24)
Running from C:\Users\D.B.I\Downloads\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-04-26 16:39:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2533499994-360040-1962647933-500 - Administrator - Disabled)
D.B.I (S-1-5-21-2533499994-360040-1962647933-1000 - Administrator - Enabled) => C:\Users\D.B.I
Guest (S-1-5-21-2533499994-360040-1962647933-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2533499994-360040-1962647933-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 7.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Lite (HKLM\...\{95AD793E-357A-4ABD-B7EE-BD29A7943B3B}) (Version: 9.0.0.0 - Ableton)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6167672A-758D-9960-C32C-47A15E180A70}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVS Audio Converter version 6.1 (HKLM-x32\...\AVS Audio Converter 6.1_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.0.7 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.0.7 - British Broadcasting Corp.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.09(T) - TOSHIBA CORPORATION)
BlueVoda Website Builder 15 (HKLM-x32\...\BlueVoda_Website_Builder_1.0) (Version: 15 - Vodahost)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
eJay HipHop 4 (HKLM-x32\...\eJayHipHop4_is1) (Version: - Yelsi AG)
ESET NOD32 Antivirus (HKLM\...\{FBC0F617-1AA0-4483-8153-3FD97FE01D9E}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Spoločnosť Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 7.3.10900.8.0 - Nero AG) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Image Food (HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\{F88F4803-BD1C-1A46-2878-2B639132F0D3}) (Version: 1.9.5 - Bus Virtual corp)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kensington SlimBlade Driver (HKLM\...\MouseSuite98) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MP3 Speed Changer 2.85 (HKLM-x32\...\MP3SpeedChanger_is1) (Version: - Crazy Boomerang Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MyWIFIRouter 2014.01.17.001 (HKLM-x32\...\QWi-Fi) (Version: 2014.01.17.001 - Banma Media, Inc.)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10900.8.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.15100.59.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{2063D199-D79F-471A-9019-9E647296394D}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
RC-300 Driver (HKLM\...\RolandRDID0121) (Version: - Roland Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.14 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Red 2 & Red 3 Plug-in Suite version 1.0 (HKLM\...\Red 2 & Red 3 Plug-in Suite_is1) (Version: 1.0 - Focusrite Audio Engineering Limited)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
Scarlett Plug-in Suite 1.7 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.7 - Focusrite)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.100.41 - Client Connect LTD) <==== ATTENTION
SearchModule (HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\{D2E9FE6A-7003-42A0-96F6-5569DFC2A3A8}_is1) (Version: 2.7.6.1776 - Goobzo LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
shopperz (HKLM-x32\...\{E5C11632-776F-4650-8159-2968F195C88E}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SpaceSoundPro Service (HKLM-x32\...\zz.10293.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
Spotify (HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Healer (HKLM-x32\...\SystemHealer) (Version: 4.1.0.0 - SystemHealer)
TagScanner 5.1.652 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{28F05B12-E618-48A8-839A-0755FC8C9081}) (Version: 8.0.39 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.23.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.09.01.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.0.2.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.09.01.00 - )
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.25 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.1.18 - Kensington Computer Products Group)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Viber (HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.5 - WildTangent) Hidden
Windows Driver Package - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.5.20141031 - Xilisoft)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2533499994-360040-1962647933-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)

==================== Restore Points =========================

19-11-2015 06:26:44 Scheduled Checkpoint
20-11-2015 14:07:02 Windows Update
26-11-2015 11:24:03 Windows Update
01-12-2015 18:40:00 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-06-25 06:42 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0416F07F-3A85-4C29-AD39-BE14F67FC115} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {09BC16AE-4044-49E8-9014-2738602E41A9} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-04-21] (TOSHIBA CORPORATION)
Task: {18137D4B-AF29-4216-8B45-7223D9F9A044} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2533499994-360040-1962647933-1000Core => C:\Users\D.B.I\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {1BC457D8-E473-4924-94E6-B7129DB6A3B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {1F16BE19-93ED-4CFE-BD7A-3877E288CCD9} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {1F2FA347-4B71-4FFC-A396-B37BD00458D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2533499994-360040-1962647933-1000UA => C:\Users\D.B.I\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {1F3824D8-1C3F-4FA6-A6F7-2825EC9FFA88} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
Task: {36FD2E22-7B79-481F-96DE-06C3C16091B2} - System32\Tasks\Image Food => Rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\ImageFood.dll",#1
Task: {3A460643-095B-4715-A016-051384671D10} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-03] ()
Task: {3DB57AEA-EEAB-4E73-8B7A-AE517D3E5C7D} - System32\Tasks\Opera scheduled Autoupdate 1398531229 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
Task: {424B1995-DDCF-4A3C-A075-A30EA89232C9} - System32\Tasks\{FA36E8A2-620C-423B-A95E-7CE529098730} => pcalua.exe -a C:\Users\D.B.I\Downloads\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe -d C:\Users\D.B.I\Downloads
Task: {4DFF5246-A968-4D7B-96C5-7ED49B0FF60C} - System32\Tasks\Puhxuw => C:\PROGRA~1\SHOPPE~1\Niaurr.bat
Task: {615DCB4A-36DE-4F70-8739-6D6514501AB0} - System32\Tasks\{1F57E4CB-72C3-4C1E-BFF8-0CF73D7A335A} => pcalua.exe -a "C:\Users\D.B.I\Downloads\FR JA v3.0 Setup.exe" -d C:\Users\D.B.I\Downloads
Task: {7B7BFA32-EB5C-40C0-91E4-9823F17E5BAE} - System32\Tasks\kol3015 => C:\PROGRA~2\FAST-S~1\kol3015.exe <==== ATTENTION
Task: {931F3B14-76A5-405F-B988-50A7BBCF3F36} - System32\Tasks\AdobeAAMUpdater-1.0-DBI-TOSH-D.B.I => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {9696BFCF-9D6A-4198-8B2E-0F9C75451DB6} - System32\Tasks\bvxvyxxvcy => C:\Users\D.B.I\AppData\Local\bvxvyxxvcy\bvxvyxxvcy.exe [2015-12-02] () <==== ATTENTION
Task: {9B727CFF-6B5C-4BF3-9725-7B0C2BA69F5B} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A32B6427-FCD1-45E7-9DF4-C0B87D8EF8A3} - System32\Tasks\Image Food2 => Rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\xqajjr.dll",#1
Task: {A5CDE4D8-1D11-45FB-A45D-2E20AB0DF949} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
Task: {C28CCC77-FD52-44C5-A701-698778655555} - System32\Tasks\gte3014 => C:\PROGRA~2\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {DA49EC74-2FBB-40A3-993C-C3903B00FC1D} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-03] ()
Task: {E16D4ED5-EF83-4734-8705-990713255BD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {EE098F1C-D8A7-4D84-BF5D-4F66501E4C26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-20] (Adobe Systems Incorporated)
Task: {F8023019-4CC4-4157-A25F-08969F840A24} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-12 13:55 - 2013-12-12 13:55 - 01656416 _____ () C:\Program Files (x86)\MyWIFIRouter\bmser.exe
2015-12-03 11:56 - 2015-12-03 11:56 - 00756656 _____ () C:\Program Files (x86)\SystemHealer\HealerConsole.exe
2010-11-18 15:18 - 2010-11-18 15:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 13:19 - 2010-12-15 13:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2014-10-06 18:03 - 2008-02-25 21:52 - 00368128 _____ () C:\Windows\System32\xManager\xTools.dll
2014-10-06 18:03 - 2007-05-11 09:32 - 00017920 _____ () C:\Windows\System32\FSRremoS.EXE
2011-08-03 04:54 - 2011-02-22 10:06 - 00563576 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\en\Humphrey.resources.dll
2015-11-16 00:02 - 2015-11-09 10:26 - 51657424 _____ () C:\Users\D.B.I\AppData\Local\Viber\Viber.exe
2011-08-03 04:12 - 2011-04-21 08:57 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2011-06-28 21:38 - 2011-06-28 21:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 08:17 - 2011-03-22 08:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-12-08 13:42 - 2010-12-08 13:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-11-04 15:40 - 2013-11-04 15:40 - 00193392 _____ () C:\Program Files (x86)\MyWIFIRouter\bmupdex.dll
2015-12-06 16:20 - 2015-12-06 16:20 - 00012288 _____ () C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\xqajjr.dll
2015-12-06 16:20 - 2015-12-06 16:20 - 00010752 _____ () C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\{06AF4132-4B9D-8ACC-5DCB-7E237423DC16}.dat
2015-12-06 16:20 - 2015-12-06 16:20 - 00025600 _____ () C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\ImageFood.dll
2015-11-15 03:14 - 2015-11-27 03:34 - 00226816 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\chrome_elf.dll
2015-11-15 03:14 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-15 03:14 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-16 00:03 - 2015-11-09 10:19 - 00089088 _____ () C:\Users\D.B.I\AppData\Local\Viber\qfacebook.dll
2015-11-16 00:03 - 2015-11-09 10:19 - 00389632 _____ () C:\Users\D.B.I\AppData\Local\Viber\imageformats\qsvg.dll
2015-11-16 00:03 - 2015-09-29 01:58 - 00012288 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-11-16 00:03 - 2015-09-29 14:25 - 00690176 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-16 00:03 - 2015-09-29 14:26 - 00057856 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-16 00:03 - 2015-09-29 01:58 - 00012288 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-11-16 00:03 - 2015-09-29 01:58 - 00012288 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtQml\Models.2\modelsplugin.dll
2015-11-16 00:03 - 2015-09-29 14:34 - 00425984 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtLocation\declarative_location.dll
2015-11-16 00:03 - 2015-09-29 02:03 - 00065024 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtPositioning\declarative_positioning.dll
2015-11-16 00:03 - 2015-09-29 02:04 - 00184320 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-11-16 00:03 - 2015-09-29 01:58 - 00044032 _____ () C:\Users\D.B.I\AppData\Local\Viber\QtQml\StateMachine\qtqmlstatemachine.dll
2015-09-03 14:45 - 2015-09-03 14:45 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-09-03 14:45 - 2015-09-03 14:45 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-11-15 03:14 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
2015-12-06 15:59 - 2015-11-16 10:19 - 60736120 _____ () C:\Program Files (x86)\Opera\33.0.1990.115_0\opera.dll
2015-12-06 15:59 - 2015-11-16 10:19 - 01919608 _____ () C:\Program Files (x86)\Opera\33.0.1990.115_0\libglesv2.dll
2015-12-06 15:59 - 2015-11-16 10:19 - 00081528 _____ () C:\Program Files (x86)\Opera\33.0.1990.115_0\libegl.dll
2015-04-06 22:15 - 2015-12-06 17:44 - 50679920 _____ () C:\Users\D.B.I\AppData\Roaming\Spotify\libcef.dll
2015-04-06 22:15 - 2015-12-06 17:44 - 01882224 _____ () C:\Users\D.B.I\AppData\Roaming\Spotify\libglesv2.dll
2015-04-06 22:15 - 2015-12-06 17:44 - 00082544 _____ () C:\Users\D.B.I\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ykupnakla => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2533499994-360040-1962647933-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\D.B.I\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2AF5DC60-8C7D-40B9-98EB-90E395EA876F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C46BDB51-F16A-474A-AF72-0CD8240D78F9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{311D6676-98FA-4518-AFE3-8196E28DD08F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{723F3A64-B9AB-4D16-BAC7-BCEF44C496DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{776A4E0E-7894-4336-BC2E-62786F80C9B9}] => (Allow) LPort=2869
FirewallRules: [{BEE83D48-CEA5-49AC-B299-66A98F11D757}] => (Allow) LPort=1900
FirewallRules: [{84106120-686A-4A3C-A173-D3CE891BACA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4289A481-AA12-40C3-A907-3BFA8912529B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ECE6DAE0-040A-4304-BAA1-1681A42870A0}] => (Allow) C:\Users\D.B.I\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6D728F2D-AFFC-4093-84A3-6A52EFF7C1F8}] => (Allow) C:\Users\D.B.I\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6B66FAED-67DE-4394-9EDA-6F08E2AC0B1B}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{9A6ADD38-B93B-413D-BBCA-3CA2D396D705}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe
FirewallRules: [{5E693F9A-D8DD-4420-AD5C-84CE45B2BB71}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{36E024FE-130D-4839-8780-7085BE447CB6}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe
FirewallRules: [{0DF81F33-47E8-4994-ABA6-D926195B9D3D}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{77E75477-C034-4C13-BE99-469E575569AF}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
FirewallRules: [{B466A8F6-1512-4190-BFBD-90FD11C5376C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CA7F85CF-4C93-459E-A982-38E92CC742B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4198660B-E739-4499-B0A2-00BD3F5D98B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{8D42076F-DE1F-4DC8-9246-4E1AAFD4F37C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{CF978795-3D23-4315-ABA9-5B273ECDF5C4}] => (Allow) C:\Users\D.B.I\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{46D88A3D-8D0D-4C4C-BF42-F3F269880368}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{11796A5F-0A37-4EC4-BBF7-2703A4A3BF08}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{45E05F81-75EA-4232-A982-FDD7BED8282E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{DB5DC498-BA5D-4F23-9E1E-F774DD498321}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{458C14DD-83A2-4FFE-A212-29D578A94DB8}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{FCF47EC6-C4BE-4A38-8DC6-207A8FF1C1FC}C:\users\d.b.i\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\d.b.i\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A5303400-CE32-4237-98BA-5CD27B9C981F}C:\users\d.b.i\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\d.b.i\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{02495187-ACF1-4B6A-BA59-AB9AC7143DF4}C:\users\d.b.i\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\d.b.i\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{216934CB-FBEB-4163-BCCF-C9CD4267D0BD}C:\users\d.b.i\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\d.b.i\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4D997CB4-ADB8-4259-BA11-CF324CC26519}] => (Allow) C:\Program Files (x86)\MyWIFIRouter\QWi-Fi.exe
FirewallRules: [{9D48DBA0-6AB9-444C-BA32-092CC3BA848C}] => (Allow) C:\Program Files (x86)\MyWIFIRouter\QWi-Fi.exe
FirewallRules: [{76D174DE-5195-4EB9-B52A-5BD276F9A0C2}] => (Allow) C:\Program Files (x86)\MyWIFIRouter\QWi-Fi.exe
FirewallRules: [{6CA17812-F911-41CB-9A9F-9839A0028CFF}] => (Allow) C:\Program Files (x86)\MyWIFIRouter\QWi-Fi.exe
FirewallRules: [{F2583198-135C-4F33-9580-07A782523A29}] => (Allow) C:\Program Files (x86)\MyWIFIRouter\QWi-Fi.exe
FirewallRules: [{7C65A8D3-CAC5-4906-99BB-6A6A925E02B9}] => (Allow) C:\Program Files (x86)\MyWIFIRouter\QWi-Fi.exe
FirewallRules: [{AF3A7567-61EB-4ED4-B82E-E2FE1FB3C5F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2015 05:44:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NDSTray.exe, version: 8.0.0.51, time stamp: 0x4dafb128
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000005
Fault offset: 0x0002e056
Faulting process id: 0x12c8
Faulting application start time: 0xNDSTray.exe0
Faulting application path: NDSTray.exe1
Faulting module path: NDSTray.exe2
Report Id: NDSTray.exe3

Error: (12/06/2015 05:41:44 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4964) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (12/06/2015 05:40:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2015 04:19:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NDSTray.exe, version: 8.0.0.51, time stamp: 0x4dafb128
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000005
Fault offset: 0x0002e056
Faulting process id: 0x1664
Faulting application start time: 0xNDSTray.exe0
Faulting application path: NDSTray.exe1
Faulting module path: NDSTray.exe2
Report Id: NDSTray.exe3

Error: (12/06/2015 04:19:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program spotify_installer-1.0.19.106.gb8a7150f-306.exe version 1.0.19.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1380

Start Time: 01d130419f25192a

Termination Time: 821

Application Path: C:\Users\D.B.I\AppData\Local\Spotify\Update\spotify_installer-1.0.19.106.gb8a7150f-306.exe

Report Id:

Error: (12/06/2015 04:17:02 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (7088) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (12/06/2015 04:16:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2015 03:53:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BitTorrent.exe version 7.9.5.41203 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ad0

Start Time: 01d1304119f50835

Termination Time: 59

Application Path: C:\Users\D.B.I\AppData\Roaming\BitTorrent\BitTorrent.exe

Report Id: 89e9a793-9c31-11e5-9c72-e89a8fa3b59c

Error: (12/06/2015 04:31:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TUTOBUN.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1318

Start Time: 01d1304375a1943c

Termination Time: 13

Application Path: C:\Users\DB0E23~1.I\AppData\Local\Temp\is-NE70T.tmp\TUTOBUN.tmp

Report Id:

Error: (12/06/2015 04:30:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program _iu14D2N.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dc8

Start Time: 01d13043656945bf

Termination Time: 23

Application Path: C:\Users\DB0E23~1.I\AppData\Local\Temp\_iu14D2N.tmp

Report Id:


System errors:
=============
Error: (12/06/2015 05:40:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (12/06/2015 05:39:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (12/06/2015 05:39:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (12/06/2015 05:39:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (12/06/2015 05:32:45 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: 0x80070057

Error: (12/06/2015 05:32:45 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0xc00d4268

Error: (12/06/2015 05:32:45 PM) (Source: WMPNetworkSvc) (EventID: 14356) (User: )
Description: 0x80070057

Error: (12/06/2015 05:32:45 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0xc00d4268

Error: (12/06/2015 05:32:45 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0xc00d4268

Error: (12/06/2015 05:32:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056


==================== Memory info ===========================

Processor: AMD E-450 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 43%
Total physical RAM: 5734.87 MB
Available physical RAM: 3231.85 MB
Total Virtual: 11467.94 MB
Available Virtual: 8137.39 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:297.45 GB) (Free:164.58 GB) NTFS
Drive d: (Data) (Fixed) (Total:298.33 GB) (Free:285.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C8C756AF)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=297.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=298.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

+ Objavil sa aj program "Launch System Healer", otvára sa a púšťa sa do akéhosi čistenia..

Proc pouzivate stary ESET NOD32 verze 7?


Aplikaci SpaceSoundPro poznavate?


Nemate jeste odkaz na soubor, ktery tohle vsechno zpusobil?

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
  HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
  HKLM-x32\...\Run: [] => [X]
  HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [AdobeBridge] => [X]
  HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\MountPoints2: E - E:\setup.exe /VERYSILENT
  AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-12-02] (Client Connect LTD)
  AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-12-02] (Client Connect LTD)
  GroupPolicy: Restriction - Chrome <======= ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
  FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
  CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?si ... t=v2&s=&q={searchTerms}
  CHR DefaultSearchKeyword: Default -> Search Module Plus
  CHR Extension: (Search Module Plus v2) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-12-06]
  CHR Extension: (Managera) - C:\Users\DB0E23~1.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-12-06]
  CHR Extension: (Image Food) - C:\Users\D.B.I\AppData\Local\Image Food\Component [2015-12-06]
  CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>
  S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
  R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
  2015-12-06 16:48 - 2015-12-06 16:48 - 00004736 _____ C:\Windows\SysWOW64\Ykupnakla.ini
  2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\SysWOW64\YkupnaklaOff.ini
  2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\system32\YkupnaklaOff.ini
  2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Windows\system32\uuuh
  2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\LariLhki
  2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Tempfolder
  2015-12-06 16:47 - 2015-12-06 17:40 - 00000000 ____D C:\Program Files\shopperz061220151824
  2015-12-06 16:47 - 2015-12-06 16:47 - 00003338 _____ C:\Windows\System32\Tasks\Puhxuw
  2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\Company
  2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\uninst
  2015-12-06 16:42 - 2015-12-06 16:42 - 00000000 ____D C:\Users\Public\Documents\Baidu
  2015-12-06 16:39 - 2015-12-06 16:39 - 00003466 _____ C:\Windows\System32\Tasks\bvxvyxxvcy
  2015-12-06 16:39 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\bvxvyxxvcy
  2015-12-06 16:38 - 2015-12-06 17:32 - 00000000 ____D C:\Program Files (x86)\SearchProtect
  2015-12-06 16:38 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\SearchProtect
  2015-12-06 16:27 - 2015-12-06 16:27 - 00000000 ____D C:\rsit
  2015-12-06 16:48 - 2015-12-06 16:48 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
  2015-12-06 16:26 - 2015-12-06 16:47 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
  2015-12-06 16:26 - 2015-12-06 16:26 - 00003088 _____ C:\Windows\System32\Tasks\kol3015
  2015-12-06 16:25 - 2015-12-06 16:25 - 00015327 _____ C:\Users\D.B.I\Desktop\LM.bat
  2015-12-06 16:24 - 2015-12-06 16:24 - 00001822 _____ C:\Users\D.B.I\Desktop\Note-Up.lnk
  2015-12-06 16:20 - 2015-12-06 16:20 - 00003138 _____ C:\Windows\System32\Tasks\Image Food
  2015-12-06 16:20 - 2015-12-06 16:20 - 00003132 _____ C:\Windows\System32\Tasks\Image Food2
  2015-12-06 16:20 - 2015-12-06 16:20 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Image Food
  2015-12-06 15:58 - 2015-12-06 15:58 - 00003088 _____ C:\Windows\System32\Tasks\gte3014
  2015-12-06 15:43 - 2015-12-06 17:41 - 00000272 _____ C:\Windows\Tasks\System HealerStartUp.job
  2015-12-06 15:43 - 2015-12-06 16:15 - 00000272 _____ C:\Windows\Tasks\System HealerPeriod.job
  2015-12-06 15:43 - 2015-12-06 15:43 - 00003568 _____ C:\Windows\System32\Tasks\System Healer Task
  2015-12-06 15:43 - 2015-12-06 15:43 - 00003306 _____ C:\Windows\System32\Tasks\SystemHealer Run Delay
  2015-12-06 15:43 - 2015-12-06 15:43 - 00003240 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
  2015-12-06 15:43 - 2015-12-06 15:43 - 00002848 _____ C:\Windows\System32\Tasks\System HealerPeriod
  2015-12-06 15:43 - 2015-12-06 15:43 - 00002546 _____ C:\Windows\System32\Tasks\System HealerStartUp
  2015-12-06 15:43 - 2015-12-06 15:43 - 00001058 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
  2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
  2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-37a1-0
  2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-1135-1
  2015-12-06 17:32 - 2014-06-25 19:16 - 00000000 ____D C:\AdwCleaner
  2015-12-06 16:27 - 2014-06-23 18:32 - 00000000 ____D C:\Program Files\trend micro
  2015-12-06 16:25 - 2014-06-26 06:41 - 00029696 _____ C:\Users\D.B.I\AppData\Local\MSGBOX.EXE
  Task: {1F16BE19-93ED-4CFE-BD7A-3877E288CCD9} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
  C:\Program Files (x86)\Pro PC Cleaner
  Task: {1F3824D8-1C3F-4FA6-A6F7-2825EC9FFA88} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
  C:\Program Files (x86)\SystemHealer
  Task: {36FD2E22-7B79-481F-96DE-06C3C16091B2} - System32\Tasks\Image Food => Rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\ImageFood.dll",#1
  C:\Users\D.B.I\AppData\Local\Image Food
  Task: {3A460643-095B-4715-A016-051384671D10} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-03] ()
  Task: {424B1995-DDCF-4A3C-A075-A30EA89232C9} - System32\Tasks\{FA36E8A2-620C-423B-A95E-7CE529098730} => pcalua.exe -a C:\Users\D.B.I\Downloads\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe -d C:\Users\D.B.I\Downloads
  Task: {4DFF5246-A968-4D7B-96C5-7ED49B0FF60C} - System32\Tasks\Puhxuw => C:\PROGRA~1\SHOPPE~1\Niaurr.bat
  C:\PROGRA~1\SHOPPE~1
  Task: {615DCB4A-36DE-4F70-8739-6D6514501AB0} - System32\Tasks\{1F57E4CB-72C3-4C1E-BFF8-0CF73D7A335A} => pcalua.exe -a "C:\Users\D.B.I\Downloads\FR JA v3.0 Setup.exe" -d C:\Users\D.B.I\Downloads
  Task: {7B7BFA32-EB5C-40C0-91E4-9823F17E5BAE} - System32\Tasks\kol3015 => C:\PROGRA~2\FAST-S~1\kol3015.exe <==== ATTENTION
  C:\PROGRA~2\FAST-S~1
  Task: {9696BFCF-9D6A-4198-8B2E-0F9C75451DB6} - System32\Tasks\bvxvyxxvcy => C:\Users\D.B.I\AppData\Local\bvxvyxxvcy\bvxvyxxvcy.exe [2015-12-02] () <==== ATTENTION
  C:\Users\D.B.I\AppData\Local\bvxvyxxvcy
  Task: {A32B6427-FCD1-45E7-9DF4-C0B87D8EF8A3} - System32\Tasks\Image Food2 => Rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\xqajjr.dll",#1
  C:\Users\D.B.I\AppData\Local\Image Food
  Task: {A5CDE4D8-1D11-45FB-A45D-2E20AB0DF949} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
  Task: {C28CCC77-FD52-44C5-A701-698778655555} - System32\Tasks\gte3014 => C:\PROGRA~2\FAST-S~1\gte3014.exe <==== ATTENTION
  Task: {DA49EC74-2FBB-40A3-993C-C3903B00FC1D} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-03] ()
  Task: {F8023019-4CC4-4157-A25F-08969F840A24} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
  Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ykupnakla => ""="service"
  CMD: dir "C:\Windows\System32\Tasks"
  CMD: dir "C:\PROGRA~1"
  CMD: dir "C:\PROGRA~2"
  CMD: dir "C:\PROGRA~3"
  CMD: dir "%localappdata%"
  CMD: dir "%appdata%"
  Hosts:
  EmptyTemp:
  End

1. Dobrá otázka a sám neviem, zanedbal som ochranu antivírusovým programom - nemám o nich absolútne prehľad..Existuje aj nejaká bezplatná efektívna ochrana? Alebo sú to len platené programy?

2. Myslím, že SpaceSoundPro prišlo s neželanými súbormi, nikdy predtým som túto aplikáciu nevidel

3. Odkaz na súbor sa snažím nájsť (používal som Google Chrome, história však už nie je prístupná), a pri otvorení sa mi otvára so zvláštnym vzhľadom, neviem či to má na svedomí tiež nejaký neželaný toolbar?

fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by D.B.I (2015-12-06 18:59:17) Run:1
Running from C:\Users\D.B.I\Downloads\Desktop
Loaded Profiles: D.B.I (Available Profiles: D.B.I)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2533499994-360040-1962647933-1000\...\MountPoints2: E - E:\setup.exe /VERYSILENT
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-12-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-12-02] (Client Connect LTD)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?si ... t=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Extension: (Search Module Plus v2) - C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-12-06]
CHR Extension: (Managera) - C:\Users\DB0E23~1.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-12-06]
CHR Extension: (Image Food) - C:\Users\D.B.I\AppData\Local\Image Food\Component [2015-12-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
2015-12-06 16:48 - 2015-12-06 16:48 - 00004736 _____ C:\Windows\SysWOW64\Ykupnakla.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\SysWOW64\YkupnaklaOff.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00002456 _____ C:\Windows\system32\YkupnaklaOff.ini
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Windows\system32\uuuh
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Roaming\LariLhki
2015-12-06 16:48 - 2015-12-06 16:48 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Tempfolder
2015-12-06 16:47 - 2015-12-06 17:40 - 00000000 ____D C:\Program Files\shopperz061220151824
2015-12-06 16:47 - 2015-12-06 16:47 - 00003338 _____ C:\Windows\System32\Tasks\Puhxuw
2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\Users\D.B.I\AppData\LocalLow\Company
2015-12-06 16:47 - 2015-12-06 16:47 - 00000000 ____D C:\uninst
2015-12-06 16:42 - 2015-12-06 16:42 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-06 16:39 - 2015-12-06 16:39 - 00003466 _____ C:\Windows\System32\Tasks\bvxvyxxvcy
2015-12-06 16:39 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\bvxvyxxvcy
2015-12-06 16:38 - 2015-12-06 17:32 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-12-06 16:38 - 2015-12-06 16:39 - 00000000 ____D C:\Users\D.B.I\AppData\Local\SearchProtect
2015-12-06 16:27 - 2015-12-06 16:27 - 00000000 ____D C:\rsit
2015-12-06 16:48 - 2015-12-06 16:48 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-12-06 16:26 - 2015-12-06 16:47 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-12-06 16:26 - 2015-12-06 16:26 - 00003088 _____ C:\Windows\System32\Tasks\kol3015
2015-12-06 16:25 - 2015-12-06 16:25 - 00015327 _____ C:\Users\D.B.I\Desktop\LM.bat
2015-12-06 16:24 - 2015-12-06 16:24 - 00001822 _____ C:\Users\D.B.I\Desktop\Note-Up.lnk
2015-12-06 16:20 - 2015-12-06 16:20 - 00003138 _____ C:\Windows\System32\Tasks\Image Food
2015-12-06 16:20 - 2015-12-06 16:20 - 00003132 _____ C:\Windows\System32\Tasks\Image Food2
2015-12-06 16:20 - 2015-12-06 16:20 - 00000000 ____D C:\Users\D.B.I\AppData\Local\Image Food
2015-12-06 15:58 - 2015-12-06 15:58 - 00003088 _____ C:\Windows\System32\Tasks\gte3014
2015-12-06 15:43 - 2015-12-06 17:41 - 00000272 _____ C:\Windows\Tasks\System HealerStartUp.job
2015-12-06 15:43 - 2015-12-06 16:15 - 00000272 _____ C:\Windows\Tasks\System HealerPeriod.job
2015-12-06 15:43 - 2015-12-06 15:43 - 00003568 _____ C:\Windows\System32\Tasks\System Healer Task
2015-12-06 15:43 - 2015-12-06 15:43 - 00003306 _____ C:\Windows\System32\Tasks\SystemHealer Run Delay
2015-12-06 15:43 - 2015-12-06 15:43 - 00003240 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
2015-12-06 15:43 - 2015-12-06 15:43 - 00002848 _____ C:\Windows\System32\Tasks\System HealerPeriod
2015-12-06 15:43 - 2015-12-06 15:43 - 00002546 _____ C:\Windows\System32\Tasks\System HealerStartUp
2015-12-06 15:43 - 2015-12-06 15:43 - 00001058 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-37a1-0
2015-12-06 15:43 - 2015-12-06 15:43 - 00000000 ____D C:\ProgramData\aa3fdb8a-1135-1
2015-12-06 17:32 - 2014-06-25 19:16 - 00000000 ____D C:\AdwCleaner
2015-12-06 16:27 - 2014-06-23 18:32 - 00000000 ____D C:\Program Files\trend micro
2015-12-06 16:25 - 2014-06-26 06:41 - 00029696 _____ C:\Users\D.B.I\AppData\Local\MSGBOX.EXE
Task: {1F16BE19-93ED-4CFE-BD7A-3877E288CCD9} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
C:\Program Files (x86)\Pro PC Cleaner
Task: {1F3824D8-1C3F-4FA6-A6F7-2825EC9FFA88} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
C:\Program Files (x86)\SystemHealer
Task: {36FD2E22-7B79-481F-96DE-06C3C16091B2} - System32\Tasks\Image Food => Rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\ImageFood.dll",#1
C:\Users\D.B.I\AppData\Local\Image Food
Task: {3A460643-095B-4715-A016-051384671D10} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-03] ()
Task: {424B1995-DDCF-4A3C-A075-A30EA89232C9} - System32\Tasks\{FA36E8A2-620C-423B-A95E-7CE529098730} => pcalua.exe -a C:\Users\D.B.I\Downloads\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe -d C:\Users\D.B.I\Downloads
Task: {4DFF5246-A968-4D7B-96C5-7ED49B0FF60C} - System32\Tasks\Puhxuw => C:\PROGRA~1\SHOPPE~1\Niaurr.bat
C:\PROGRA~1\SHOPPE~1
Task: {615DCB4A-36DE-4F70-8739-6D6514501AB0} - System32\Tasks\{1F57E4CB-72C3-4C1E-BFF8-0CF73D7A335A} => pcalua.exe -a "C:\Users\D.B.I\Downloads\FR JA v3.0 Setup.exe" -d C:\Users\D.B.I\Downloads
Task: {7B7BFA32-EB5C-40C0-91E4-9823F17E5BAE} - System32\Tasks\kol3015 => C:\PROGRA~2\FAST-S~1\kol3015.exe <==== ATTENTION
C:\PROGRA~2\FAST-S~1
Task: {9696BFCF-9D6A-4198-8B2E-0F9C75451DB6} - System32\Tasks\bvxvyxxvcy => C:\Users\D.B.I\AppData\Local\bvxvyxxvcy\bvxvyxxvcy.exe [2015-12-02] () <==== ATTENTION
C:\Users\D.B.I\AppData\Local\bvxvyxxvcy
Task: {A32B6427-FCD1-45E7-9DF4-C0B87D8EF8A3} - System32\Tasks\Image Food2 => Rundll32.exe "C:\Users\D.B.I\AppData\Local\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\xqajjr.dll",#1
C:\Users\D.B.I\AppData\Local\Image Food
Task: {A5CDE4D8-1D11-45FB-A45D-2E20AB0DF949} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
Task: {C28CCC77-FD52-44C5-A701-698778655555} - System32\Tasks\gte3014 => C:\PROGRA~2\FAST-S~1\gte3014.exe <==== ATTENTION
Task: {DA49EC74-2FBB-40A3-993C-C3903B00FC1D} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-03] ()
Task: {F8023019-4CC4-4157-A25F-08969F840A24} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-03] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ykupnakla => ""="service"
CMD: dir "C:\Windows\System32\Tasks"
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2533499994-360040-1962647933-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL" => Value data removed successfully.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\D.B.I\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa => moved successfully
C:\Users\DB0E23~1.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 => moved successfully
C:\Users\D.B.I\AppData\Local\Image Food\Component => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
McAfee SiteAdvisor Service => service removed successfully
SPPD => Service stopped successfully.
SPPD => service removed successfully
C:\Windows\SysWOW64\Ykupnakla.ini => moved successfully
C:\Windows\SysWOW64\YkupnaklaOff.ini => moved successfully
C:\Windows\system32\YkupnaklaOff.ini => moved successfully
C:\Windows\system32\uuuh => moved successfully
C:\Users\D.B.I\AppData\Roaming\LariLhki => moved successfully
C:\Users\D.B.I\AppData\Local\Tempfolder => moved successfully
C:\Program Files\shopperz061220151824 => moved successfully
C:\Windows\System32\Tasks\Puhxuw => moved successfully
C:\Users\D.B.I\AppData\LocalLow\Company => moved successfully
C:\uninst => moved successfully
C:\Users\Public\Documents\Baidu => moved successfully
C:\Windows\System32\Tasks\bvxvyxxvcy => moved successfully
C:\Users\D.B.I\AppData\Local\bvxvyxxvcy => moved successfully

"C:\Program Files (x86)\SearchProtect" folder move:

Could not move "C:\Program Files (x86)\SearchProtect" => Scheduled to move on reboot.


"C:\Users\D.B.I\AppData\Local\SearchProtect" folder move:

Could not move "C:\Users\D.B.I\AppData\Local\SearchProtect" => Scheduled to move on reboot.

C:\rsit => moved successfully
Could not move "C:\Windows\system32\Drivers\bsdriver.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\cherimoya.sys" => Scheduled to move on reboot.
C:\Windows\System32\Tasks\kol3015 => moved successfully
C:\Users\D.B.I\Desktop\LM.bat => moved successfully
C:\Users\D.B.I\Desktop\Note-Up.lnk => moved successfully
C:\Windows\System32\Tasks\Image Food => moved successfully
C:\Windows\System32\Tasks\Image Food2 => moved successfully
C:\Users\D.B.I\AppData\Local\Image Food => moved successfully
C:\Windows\System32\Tasks\gte3014 => moved successfully
C:\Windows\Tasks\System HealerStartUp.job => moved successfully
C:\Windows\Tasks\System HealerPeriod.job => moved successfully
C:\Windows\System32\Tasks\System Healer Task => moved successfully
C:\Windows\System32\Tasks\SystemHealer Run Delay => moved successfully
C:\Windows\System32\Tasks\SystemHealer Monitor => moved successfully
C:\Windows\System32\Tasks\System HealerPeriod => moved successfully
C:\Windows\System32\Tasks\System HealerStartUp => moved successfully
C:\Users\Public\Desktop\Launch System Healer.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer => moved successfully
C:\ProgramData\aa3fdb8a-37a1-0 => moved successfully
C:\ProgramData\aa3fdb8a-1135-1 => moved successfully
C:\AdwCleaner => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\D.B.I\AppData\Local\MSGBOX.EXE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F16BE19-93ED-4CFE-BD7A-3877E288CCD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F16BE19-93ED-4CFE-BD7A-3877E288CCD9}" => key removed successfully
C:\Windows\System32\Tasks\ProPCCleaner_Popup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully
"C:\Program Files (x86)\Pro PC Cleaner" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F3824D8-1C3F-4FA6-A6F7-2825EC9FFA88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F3824D8-1C3F-4FA6-A6F7-2825EC9FFA88}" => key removed successfully
C:\Windows\System32\Tasks\System HealerPeriod => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod" => key removed successfully
C:\Program Files (x86)\SystemHealer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36FD2E22-7B79-481F-96DE-06C3C16091B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FD2E22-7B79-481F-96DE-06C3C16091B2}" => key removed successfully
C:\Windows\System32\Tasks\Image Food => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Image Food" => key removed successfully
"C:\Users\D.B.I\AppData\Local\Image Food" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A460643-095B-4715-A016-051384671D10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A460643-095B-4715-A016-051384671D10}" => key removed successfully
C:\Windows\System32\Tasks\SystemHealer Monitor => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{424B1995-DDCF-4A3C-A075-A30EA89232C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{424B1995-DDCF-4A3C-A075-A30EA89232C9}" => key removed successfully
C:\Windows\System32\Tasks\{FA36E8A2-620C-423B-A95E-7CE529098730} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FA36E8A2-620C-423B-A95E-7CE529098730}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DFF5246-A968-4D7B-96C5-7ED49B0FF60C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DFF5246-A968-4D7B-96C5-7ED49B0FF60C}" => key removed successfully
C:\Windows\System32\Tasks\Puhxuw => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Puhxuw" => key removed successfully
"C:\PROGRA~1\SHOPPE~1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{615DCB4A-36DE-4F70-8739-6D6514501AB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615DCB4A-36DE-4F70-8739-6D6514501AB0}" => key removed successfully
C:\Windows\System32\Tasks\{1F57E4CB-72C3-4C1E-BFF8-0CF73D7A335A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1F57E4CB-72C3-4C1E-BFF8-0CF73D7A335A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B7BFA32-EB5C-40C0-91E4-9823F17E5BAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B7BFA32-EB5C-40C0-91E4-9823F17E5BAE}" => key removed successfully
C:\Windows\System32\Tasks\kol3015 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kol3015" => key removed successfully
"C:\PROGRA~2\FAST-S~1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9696BFCF-9D6A-4198-8B2E-0F9C75451DB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9696BFCF-9D6A-4198-8B2E-0F9C75451DB6}" => key removed successfully
C:\Windows\System32\Tasks\bvxvyxxvcy => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxxvcy" => key removed successfully
"C:\Users\D.B.I\AppData\Local\bvxvyxxvcy" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A32B6427-FCD1-45E7-9DF4-C0B87D8EF8A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A32B6427-FCD1-45E7-9DF4-C0B87D8EF8A3}" => key removed successfully
C:\Windows\System32\Tasks\Image Food2 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Image Food2" => key removed successfully
"C:\Users\D.B.I\AppData\Local\Image Food" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5CDE4D8-1D11-45FB-A45D-2E20AB0DF949}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5CDE4D8-1D11-45FB-A45D-2E20AB0DF949}" => key removed successfully
C:\Windows\System32\Tasks\SystemHealer Run Delay => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C28CCC77-FD52-44C5-A701-698778655555}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C28CCC77-FD52-44C5-A701-698778655555}" => key removed successfully
C:\Windows\System32\Tasks\gte3014 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gte3014" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA49EC74-2FBB-40A3-993C-C3903B00FC1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA49EC74-2FBB-40A3-993C-C3903B00FC1D}" => key removed successfully
C:\Windows\System32\Tasks\System Healer Task => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8023019-4CC4-4157-A25F-08969F840A24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8023019-4CC4-4157-A25F-08969F840A24}" => key removed successfully
C:\Windows\System32\Tasks\System HealerStartUp => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\System HealerPeriod.job => not found.
C:\Windows\Tasks\System HealerStartUp.job => not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ykupnakla" => key removed successfully

========= dir "C:\Windows\System32\Tasks" =========

Volume in drive C is WINDOWS
Volume Serial Number is D8EE-A1F5

Directory of C:\Windows\System32\Tasks

06/12/2015 19:00 <DIR> .
06/12/2015 19:00 <DIR> ..
20/11/2015 02:03 3,768 Adobe Flash Player Updater
20/02/2015 21:48 3,502 AdobeAAMUpdater-1.0-DBI-TOSH-D.B.I
26/04/2014 14:47 3,492 ConfigFree Startup Programs
01/07/2014 15:47 3,536 FacebookUpdateTaskUserS-1-5-21-2533499994-360040-1962647933-1000Core
01/07/2014 15:47 3,904 FacebookUpdateTaskUserS-1-5-21-2533499994-360040-1962647933-1000UA
05/12/2015 16:11 3,642 GoogleUpdateTaskMachineCore
05/12/2015 16:11 3,894 GoogleUpdateTaskMachineUA
21/03/2015 10:24 3,624 HPCustParticipation HP Deskjet 3050A J611 series
03/08/2011 04:38 <DIR> Microsoft
18/10/2014 02:13 <DIR> OfficeSoftwareProtectionPlatform
06/12/2015 15:59 3,820 Opera scheduled Autoupdate 1398531229
23/08/2015 15:13 <DIR> WPD
9 File(s) 33,182 bytes
5 Dir(s) 176,650,027,008 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~1" =========

Volume in drive C is WINDOWS
Volume Serial Number is D8EE-A1F5

Directory of C:\PROGRA~1

06/12/2015 19:00 <DIR> .
06/12/2015 19:00 <DIR> ..
20/02/2015 21:43 <DIR> Adobe
26/04/2014 14:18 <DIR> ATI
13/05/2015 14:29 <DIR> Common Files
26/04/2014 14:30 <DIR> CONEXANT
13/05/2015 14:33 <DIR> DIFX
11/02/2011 15:35 <DIR> DVD Maker
20/06/2014 12:18 <DIR> ESET
13/05/2015 14:31 <DIR> Focusrite
03/05/2014 06:52 <DIR> Google
21/03/2015 10:24 <DIR> HP
17/11/2015 00:56 <DIR> Internet Explorer
04/02/2015 15:26 <DIR> Java
03/08/2011 04:34 <DIR> Microsoft Games
18/10/2014 02:11 <DIR> Microsoft Office
16/08/2015 15:12 <DIR> Microsoft Silverlight
18/10/2014 02:11 <DIR> Microsoft SQL Server Compact Edition
18/10/2014 02:12 <DIR> Microsoft Synchronization Services
14/07/2009 05:32 <DIR> MSBuild
03/08/2011 03:46 <DIR> PlayReady
02/12/2014 17:04 <DIR> RdDrv001
26/04/2014 17:35 <DIR> REAPER (x64)
08/10/2015 11:32 <DIR> Recuva
14/07/2009 05:32 <DIR> Reference Assemblies
18/05/2015 02:43 <DIR> SAMSUNG
18/10/2014 01:38 <DIR> Sony
13/05/2015 14:29 <DIR> Steinberg
26/04/2014 14:35 <DIR> Synaptics
26/04/2014 14:57 <DIR> Toshiba
03/05/2014 06:57 <DIR> VideoLAN
07/06/2014 13:25 <DIR> Windows Defender
16/11/2015 03:03 <DIR> Windows Journal
03/08/2011 04:37 <DIR> Windows Live
07/06/2014 13:25 <DIR> Windows Mail
10/06/2015 19:06 <DIR> Windows Media Player
14/07/2009 05:32 <DIR> Windows NT
07/06/2014 13:25 <DIR> Windows Photo Viewer
21/11/2010 03:31 <DIR> Windows Portable Devices
07/06/2014 13:25 <DIR> Windows Sidebar
03/05/2014 15:17 <DIR> WinRAR
0 File(s) 0 bytes
41 Dir(s) 176,650,022,912 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~2" =========

Volume in drive C is WINDOWS
Volume Serial Number is D8EE-A1F5

Directory of C:\PROGRA~2

06/12/2015 19:00 <DIR> .
06/12/2015 19:00 <DIR> ..
20/02/2015 21:40 <DIR> Adobe
26/04/2014 17:30 <DIR> ASIO4ALL v2
26/04/2014 14:33 <DIR> Atheros
26/04/2014 14:19 <DIR> ATI Technologies
18/10/2014 00:54 <DIR> AVS4YOU
26/04/2014 16:48 <DIR> BBC iPlayer Desktop
12/06/2015 14:59 <DIR> BlueVoda Website Builder
21/09/2015 15:06 <DIR> Common Files
18/01/2015 15:07 <DIR> eJay
22/10/2015 12:34 <DIR> Evernote
13/05/2015 14:31 <DIR> Focusrite
07/06/2014 02:26 <DIR> Freemake
11/10/2014 03:48 <DIR> Google
21/03/2015 10:25 <DIR> HP
21/03/2015 10:25 <DIR> HP Photo Creations
17/11/2015 00:56 <DIR> Internet Explorer
04/02/2015 19:03 <DIR> Java
06/10/2014 17:41 <DIR> Kensington
14/06/2015 16:59 <DIR> Malwarebytes Anti-Malware
20/06/2014 16:19 <DIR> McAfee
06/06/2015 19:37 <DIR> Microsoft
18/10/2014 02:08 <DIR> Microsoft Office
16/08/2015 15:12 <DIR> Microsoft Silverlight
03/08/2011 04:41 <DIR> Microsoft SQL Server Compact Edition
03/08/2011 04:47 <DIR> Microsoft.NET
22/12/2014 14:40 <DIR> MP3 Speed Changer
14/07/2009 05:32 <DIR> MSBuild
27/04/2014 14:25 <DIR> MSXML 4.0
09/12/2014 19:26 <DIR> MuseScore
23/10/2015 20:05 <DIR> MyWIFIRouter
03/08/2011 04:09 <DIR> Nero
13/05/2015 14:24 <DIR> Novation
16/05/2014 01:03 <DIR> NVIDIA Corporation
06/12/2015 15:59 <DIR> Opera
12/04/2015 18:50 <DIR> PokerStars.UK
26/04/2014 14:40 <DIR> Realtek
14/07/2009 05:32 <DIR> Reference Assemblies
06/12/2015 17:32 <DIR> SearchProtect
21/09/2015 15:06 <DIR> Skype
18/10/2014 01:10 <DIR> Sony
11/10/2014 05:03 <DIR> Steam
20/06/2014 12:56 <DIR> Steinberg
19/10/2014 02:00 <DIR> TagScanner
26/04/2014 14:36 <DIR> TOH Class Filter
26/04/2014 14:57 <DIR> TOSHIBA
03/08/2011 04:34 <DIR> TOSHIBA Games
03/08/2011 04:14 <DIR> Toshiba TEMPRO
13/05/2015 14:24 <DIR> VSTPlugIns
18/10/2014 21:07 <DIR> Webteh
03/08/2011 04:16 <DIR> WildTangent Games
07/06/2014 13:25 <DIR> Windows Defender
03/08/2011 04:43 <DIR> Windows Live
07/06/2014 13:25 <DIR> Windows Mail
10/06/2015 19:06 <DIR> Windows Media Player
14/07/2009 05:32 <DIR> Windows NT
07/06/2014 13:25 <DIR> Windows Photo Viewer
21/11/2010 03:31 <DIR> Windows Portable Devices
07/06/2014 13:25 <DIR> Windows Sidebar
18/10/2014 01:01 <DIR> Xilisoft
0 File(s) 0 bytes
61 Dir(s) 176,650,018,816 bytes free

========= End of CMD: =========


========= dir "C:\PROGRA~3" =========

Volume in drive C is WINDOWS
Volume Serial Number is D8EE-A1F5

Directory of C:\PROGRA~3

13/05/2015 15:03 <DIR> Ableton
21/02/2015 22:06 <DIR> Adobe
21/03/2015 10:24 57 Ament.ini
26/04/2014 14:34 <DIR> Atheros
26/04/2014 14:21 <DIR> ATI
18/10/2014 00:55 <DIR> AVS4YOU
18/01/2015 15:13 <DIR> eJay
20/06/2014 12:18 <DIR> ESET
07/06/2014 02:26 <DIR> Freemake
03/05/2014 06:27 <DIR> Google
21/03/2015 10:24 <DIR> HP
21/03/2015 10:25 <DIR> HP Photo Creations
14/06/2015 16:59 <DIR> Malwarebytes
20/06/2014 16:19 <DIR> McAfee
16/11/2015 21:32 <DIR> Microsoft Help
03/08/2011 04:09 <DIR> Nero
15/11/2014 10:20 <DIR> Oracle
03/05/2014 07:42 <DIR> Pinnacle
20/02/2015 21:44 <DIR> regid.1986-12.com.adobe
18/05/2015 02:42 <DIR> Samsung
21/09/2015 15:06 <DIR> Skype
18/10/2014 01:38 <DIR> Sony
20/06/2014 12:57 <DIR> Steinberg
03/08/2011 03:47 <DIR> Sun
03/05/2014 08:03 <DIR> TOSHIBA
26/04/2014 16:42 <DIR> ToshibaEurope
21/03/2015 10:25 <DIR> Visan
13/05/2015 14:30 <DIR> VST3 Presets
03/08/2011 04:34 <DIR> WildTangent
18/10/2014 01:01 <DIR> Xilisoft
1 File(s) 57 bytes
29 Dir(s) 176,650,018,816 bytes free

========= End of CMD: =========


========= dir "%localappdata%" =========

Volume in drive C is WINDOWS
Volume Serial Number is D8EE-A1F5

Directory of C:\Users\D.B.I\AppData\Local

06/12/2015 19:00 <DIR> .
06/12/2015 19:00 <DIR> ..
16/05/2014 01:03 <DIR> 2K Games
06/12/2015 15:53 <DIR> Adobe
26/04/2014 16:46 <DIR> ATI
29/08/2015 18:04 <DIR> CEF
19/06/2014 19:12 <DIR> Comodo
22/12/2014 14:41 <DIR> Crazy_Boomerang_Software
02/10/2015 18:36 <DIR> Diagnostics
03/05/2014 07:42 <DIR> Downloaded Installations
20/06/2014 16:21 <DIR> ESET
22/10/2015 12:35 <DIR> Evernote
06/06/2015 19:37 <DIR> Facebook
13/05/2015 14:35 <DIR> Focusrite
13/06/2015 08:25 66,928 GDIPFONTCACHEV1.DAT
13/09/2015 23:10 <DIR> Google
01/06/2015 20:45 <DIR> GWX
21/03/2015 10:32 <DIR> HP
06/12/2015 17:32 <DIR> Installer
02/09/2015 01:03 <DIR> Microsoft
31/05/2015 20:18 <DIR> Microsoft Help
09/12/2014 19:26 <DIR> MusE
01/03/2015 00:34 <DIR> Nero_AG
26/04/2014 16:53 <DIR> Opera Software
19/06/2014 19:12 <DIR> Packages
19/04/2015 00:02 <DIR> PokerStars.UK
03/05/2014 07:23 <DIR> Programs
10/05/2015 13:52 <DIR> Pro_PC_Cleaner
06/12/2015 16:39 <DIR> SearchProtect
01/07/2014 18:40 <DIR> Skype
18/10/2014 01:38 <DIR> Sony
06/12/2015 18:35 <DIR> Spotify
06/12/2015 19:00 <DIR> Temp
03/05/2014 08:03 <DIR> Toshiba
16/11/2015 00:04 <DIR> Viber
06/10/2014 17:40 <DIR> VirtualStore
03/05/2014 07:21 <DIR> WinAVI
10/12/2014 17:23 <DIR> Windows Live
1 File(s) 66,928 bytes
37 Dir(s) 176,650,018,816 bytes free

========= End of CMD: =========


========= dir "%appdata%" =========

Volume in drive C is WINDOWS
Volume Serial Number is D8EE-A1F5

Directory of C:\Users\D.B.I\AppData\Roaming

06/12/2015 19:00 <DIR> .
06/12/2015 19:00 <DIR> ..
13/05/2015 15:08 <DIR> Ableton
20/02/2015 21:48 <DIR> Adobe
26/04/2014 16:46 <DIR> ATI
18/10/2014 00:55 <DIR> AVS4YOU
06/12/2015 15:50 <DIR> BitTorrent
18/10/2014 21:07 <DIR> BSplayer
11/05/2014 10:16 <DIR> BSplayer Pro
06/12/2015 16:50 <DIR> Google
20/08/2015 15:13 <DIR> HpUpdate
26/04/2014 16:44 <DIR> Identities
06/10/2014 17:41 <DIR> Kensington
26/04/2014 16:46 <DIR> Macromedia
21/11/2010 07:16 <DIR> Media Center Programs
09/12/2014 19:26 <DIR> MusE
23/02/2015 19:14 <DIR> Nero
26/04/2014 16:53 <DIR> Opera Software
25/07/2014 11:27 <DIR> Oracle
18/10/2014 01:43 <DIR> Publish Providers
14/01/2015 20:46 <DIR> REAPER
21/09/2015 15:36 <DIR> Skype
24/08/2015 00:07 <DIR> Sony
06/12/2015 18:37 <DIR> Spotify
20/06/2014 13:15 <DIR> Steinberg
06/12/2015 15:48 <DIR> System Healer
19/10/2014 02:00 <DIR> TagScanner
18/12/2014 13:28 <DIR> Toshiba
18/09/2014 06:18 <DIR> TP
06/12/2015 18:37 <DIR> ViberPC
06/12/2015 18:55 <DIR> vlc
03/05/2014 15:18 <DIR> WinRAR
18/10/2014 01:03 <DIR> Xilisoft
0 File(s) 0 bytes
33 Dir(s) 176,650,014,720 bytes free

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 3.8 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-06 19:03:45)

"C:\Program Files (x86)\SearchProtect" => Could not move
"C:\Users\D.B.I\AppData\Local\SearchProtect" => Could not move
"C:\Windows\system32\Drivers\bsdriver.sys" => Could not move
"C:\Windows\system32\Drivers\cherimoya.sys" => Could not move

==== End of Fixlog 19:03:50 ====

ESET poskytuje jednu z nejlepsich ochran. Existuji i neplacene alternativy jako napr. Avast, Avira (anglicky), AVG, BitDefender. Nazor na to, ktery je lepsi a ktery horsi si muzete udelat sam z vysledku srovnavacich testu http://forum.viry.cz/viewtopic.php?f=14 ... &start=150


SpaceSoundPro by totiz teoreticky mohl byt software ke sluchatkum nebo se muze jednat o malware, ktery se za jeho nazev pouze skryva https://www.spacesoundpro.com/


Pokud by se Vam zdroj nakazy podarilo vypatrat, verim, ze nejeden autor antimalwaroveho nastroje by byl vdecny, protoze tohle je krasa Rekl bych, ze jsme z nejhorsiho venku (ne zcela), ale jeste PC zkontrolujeme nekolika automatickymi skenery.


Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

1. Ďakujem, prezriem si to

2. SpaceSoundPro sa síce tvári ako software ku slúchadlám, no myslím, že takýto software sa nenainštaluje sám preto on určite nemám záujem

3. Pokúsim sa použit rovnaké vyhladávanie a dopátrat sa k tomu súboru, ak Vám to pomôže

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 06/12/2015
Cas skenování: 20:41
Protokol: MBAM.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.12.06.05
Databáze rootkitu: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: D.B.I

Typ skenu: Vlastní sken
Výsledek: Dokonceno
Prohledaných objektu: 597368
Uplynulý cas: 4 hod, 33 min, 14 sek

Pamet: Zapnuto
Po spuštení: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, 2116, , [7f5ee7ba4843c472befa72368d74ae52]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíce registru: 23
PUP.Optional.SearchProtect.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, , [7f5ee7ba4843c472befa72368d74ae52],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [ab327b268a011026338507a1c14042be],
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\*\SHELL\ADD EVENT REMINDER, , [5f7e366b008bda5c9e4a5aa0f50e2fd1],
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\*\SHELL\ADD EVENT REMINDER, , [16c7e8b9dcaf2d09a642cb2fb350748c],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, , [835ad4cd692256e0feafaaf4ec166f91],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, , [3aa38e131b70ce685955663820e27090],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, , [a736b8e9305b34029c136b33867cb749],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32, , [429b9b06f398082eef03f5cbc93a49b7],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS, , [ae2f940d3259f14521d1804033d052ae],
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR , , [06d7bbe6bdce66d0cfddeec418eb6a96],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [409d9f02a9e2f83e997a8c6aed16ec14],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [7865b8e953385ed8d83c8373c34023dd],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProPCCleaner_Start, , [c419d4cd94f793a36ab303a11ce713ed],
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\*\SHELL\ADD EVENT REMINDER, , [726b257c365502344f9910eac43f4bb5],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6, , [cd1091107516cd693f6ecbd346bc34cc],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\D830B6B8939ACB4928401060203BB648456BB4F8, , [ca13eeb30e7dcd69e1cda5f954aea35d],
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\F53E693DDABF57A88A9B12B608B09B26C0608B74, , [ad30e2bf73180036cee1079746bcee12],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, , [1dc0425ffa91181e2ceea74ff70c6b95],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, , [5f7eced32c5fdd59cf4c7284d82b7e82],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, , [33aa376ad4b78da9e9341dd93dc6c23e],
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\ProPCCleanerLanguage, , [b7260c95b6d55adc24f3198b768d43bd],
PUP.Optional.Searching, HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jlcgehabolcakkjhgmgpkagpolbjlhfa, , [28b5d3ced1babe789a72386b9e648977],
PUP.Optional.SystemHealer, HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\SYSTEM HEALER, , [28b5861b018a280ec37d9c5556ad36ca],

Hodnoty registru: 17
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\*\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, , [5f7e366b008bda5c9e4a5aa0f50e2fd1]
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\*\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, , [16c7e8b9dcaf2d09a642cb2fb350748c]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130938935499988625, , [4796475a6526ee48c1eabff3966d04fc]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130938935499988625, , [89540a971378d5614f5c7f33659e966a]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130938935499988625, , [68752879cbc0be7809a2ebc7ac57ef11]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130938935499988625, , [a03da4fde4a73df9377411a19b681ee2]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130938935499988625, , [6677a7faeaa12f0704a73181ba4924dc]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130938935499988625, , [b825bce537541521d9d2d4dedf243cc4]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130938935499988625, , [06d7bbe6bdce66d0cfddeec418eb6a96]
PUP.Optional.SpaceSoundPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SpaceSoundPro, "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe", , [48951f82becdb2845790d2dad330b848]
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\*\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, , [726b257c365502344f9910eac43f4bb5]
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHPROTECT|Publisher, Client Connect LTD, , [be1febb6a8e3db5bc653d620ea19ba46]
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, , [1dc0425ffa91181e2ceea74ff70c6b95]
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 1, , [5f7eced32c5fdd59cf4c7284d82b7e82]
PUP.Optional.SearchProtect.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, , [33aa376ad4b78da9e9341dd93dc6c23e]
PUP.Optional.SystemHealer, HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, , [28b5861b018a280ec37d9c5556ad36ca]
PUP.Optional.SystemHealer, HKU\S-1-5-21-2533499994-360040-1962647933-1000\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, , [835a574ae0abac8a8ab629c8b64d56aa]

Data registru: 3
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL , Dobré: (), Špatné: (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL),,[bb22f6ab0289e452a0187137b150d12f]
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL , Dobré: (), Špatné: (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL),,[0dd03f6204875bdb6652337531d09b65]
PUP.Optional.SimplyTech, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Dobré: (www.google.com), Špatné: (%appdata%\SimplyTech\home\home.htm),,[58851a87a8e347efe0573443c04401ff]

Složky: 20
PUP.Optional.ProPCCleaner, C:\Users\D.B.I\AppData\Local\Pro_PC_Cleaner, , [b726237edab1c37323e50c81956dba46],
PUP.Optional.ProPCCleaner, C:\Users\D.B.I\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue, , [b726237edab1c37323e50c81956dba46],
PUP.Optional.ProPCCleaner, C:\Users\D.B.I\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue\2.5.6.0, , [b726237edab1c37323e50c81956dba46],
PUP.Optional.ProPCCleaner, C:\Users\D.B.I\Documents\ProPCCleaner, , [5588d5cc4249082efd0d226bda285fa1],
PUP.Optional.Managera, C:\Users\D.B.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42, , [9f3e3c65fe8d3105bb8eddbc7191a35d],
PUP.Optional.ExTutil, C:\Users\D.B.I\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [ad30861bcfbc92a41c45efaab84a0bf5],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\WL, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\SearchProtect, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\SearchProtect\rep, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\SearchProtect\STG, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\UI, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\UI\rep, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main, , [aa33b3ee93f8fc3afa81b7e631d1629e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\bin, , [aa33b3ee93f8fc3afa81b7e631d1629e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep, , [aa33b3ee93f8fc3afa81b7e631d1629e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, , [8855d5cc7a11f6408cf0d5c8ed15649c],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\bin, , [6c716b36b2d96cca5627d4c9936f738d],

Soubory: 99
Rootkit.Komodia.PUA, C:\WINDOWS\SYSTEM32\drivers\bsdriver.sys, , [12e90d56382afec5fea715bbdff4bea4],
PUP.Optional.Cherimoya, C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys, , [2fed22167820da74dd6ffd68f375166b],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, , [7f5ee7ba4843c472befa72368d74ae52],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, , [825b940d2d5ebb7b6355f2b6a45dec14],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, , [8558277a9eed8aac605801a71de40ff1],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, , [bb22f6ab0289e452a0187137b150d12f],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, , [0dd03f6204875bdb6652337531d09b65],
Adware.PennyBee.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files\shopperz061220151824\rmvall.exe.vir, , [a13cfba66823d85e929c3c5fc43d5ca4],
PUP.Optional.Komodia.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files\shopperz061220151824\ToliroNuer.exe.vir, , [a03db0f13d4ea98d67891783df2254ac],
PUP.Optional.Komodia.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files\shopperz061220151824\Ykupnakla.dll.vir, , [8657c6db3d4e191de3f97f1b05fc20e0],
PUP.Optional.Komodia.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files\shopperz061220151824\Ykupnakla64.dll.vir, , [16c7b3ee4b40290d4ec896059f62e917],
PUP.Optional.Komodia.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\acengine.dll.vir, , [db02aff2d1ba79bd25b7347532cf26da],
Trojan.Agent, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\acwfp.sys.vir, , [d7065b46513abd7978710120f210c838],
PUP.Optional.FastSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\acwfp64.sys.vir, , [03da1a872c5f52e42f81397061a09d63],
PUP.Optional.FastSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\setupfa_7198.exe.vir, , [6578960b29623006ba70861343bebc44],
PUP.Optional.FastSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\Fast-Search\uninstall.exe.vir, , [1bc2ffa24b400c2ab5754e4b39c813ed],
Adware.EoRezo, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_gb_005010168\gmsd_gb_005010168.exe.vir, , [20bdb3ee1e6d1b1be453413e7d84b050],
PUP.Optional.Tuto4PC, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_gb_005010168\predm.exe.vir, , [e4f9c3de7714072f9686cdcb47bdcf31],
Adware.EoRezo, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_gb_014010168\mbot_gb_014010168.exe.vir, , [2eaf4d54d7b46fc768cf077816eb9e62],
PUP.Optional.Tuto4PC, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_gb_014010168\predm.exe.vir, , [a23b6041810a46f034e8920611f3d828],
PUP.Optional.NoteUp, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\Note-up\Note-up.exe.vir, , [4895960b4e3d1125b692a1b07c859967],
PUP.Optional.Conduit, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll.vir, , [4697c6dbbad101353bbf0327d72a48b8],
PUP.Optional.CSDI, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\rec_en_77\rec_en_77.exe.vir, , [934a6140a7e475c147ef6e2c689c5ea2],
PUP.Optional.SpaceSoundPro, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro\Spacesoundpro.exe.vir, , [825ba6fb6d1e42f46310372eb74d4db3],
PUP.Optional.CSDI, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.10293\ioproduct.exe.vir, , [35a8fea396f5e05698ade3b72dd76799],
PUP.Optional.CSDI, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SpaceSondPro_v53.10293\SpaceSondPro_Service.exe.vir, , [4796564b78139f9789ad603a59aba35d],
PUP.Optional.SwiftSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Uninstall.exe.vir, , [6b728f12038839fd8bd9e8c53cc54bb5],
PUP.Optional.SwiftSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Service\swsesrvc.exe.vir, , [4e8f178a3556ac8ad6edf8a162a2ad53],
PUP.Optional.SwiftSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe.vir, , [cf0e0b966a21c2740eb5594049bb4cb4],
PUP.Optional.APNToolBar, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir, , [9a43752c147757dfde3156d431d0e21e],
PUP.Optional.BrowseFox, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Local\B24876A0-1449420506-11E0-9F18-E89A8FA3B59C\qnsm6182.tmp.vir, , [a23bcad7a4e7092d33fdd5d4bf4237c9],
PUP.Optional.Tuto4PC, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Local\mbot_gb_014010168\Download\myoffergroup_gb4.exe.vir, , [cf0e4f5237543df99693108f32cf8b75],
PUP.Optional.Goobzo, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Local\SearchModule\dblaunch.exe.vir, , [528b7b26eaa145f19b801f81dc2517e9],
PUP.Optional.SmartWeb, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Local\SmartWeb\SmartWebApp.exe.vir, , [13caa2ff4a411125be4844ec02ff748c],
PUP.Optional.SmartWeb, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Local\SmartWeb\SmartWebHelper.exe.vir, , [6b72a6fb6c1fb1856a9c3000a35e56aa],
PUP.Optional.SmartWeb, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Local\SmartWeb\swhk.dll.vir, , [46970998216a42f47a8c08280df43ac6],
PUP.Optional.SmartWeb, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Local\SmartWeb\__u.exe.vir, , [a439752c4744f145a363dc540af7867a],
PUP.Optional.QuarkNetwork, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\D.B.I\AppData\Roaming\NetService\sc.exe.vir, , [ffde9c0594f7a492f2cda7f9d0311ae6],
Trojan.FilePatch.DNSApi, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Windows\SysNative\dnsapi.dll.vir, , [726babf65c2f4fe75d2436ca827e5ba5],
PUP.Optional.Komodia.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Windows\SysNative\Ykupnakla64.dll.vir, , [3ba28d14abe080b643d3b7e457aadf21],
PUP.Optional.SwiftSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vt_1_10_0_25.sys.vir, , [c5187130d7b4d4620eb5742510f407f9],
PUP.Optional.SwiftSearch, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Windows\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys.vir, , [39a4544d7d0ea591962dbedb70946f91],
PUP.Optional.Komodia.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Windows\SysWOW64\acengine.dll.vir, , [0fce69380f7c82b499430a9f986951af],
Trojan.FilePatch.DNSApi, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Windows\SysWOW64\dnsapi.dll.vir, , [e8f50899becdda5c344c2cd423dd6e92],
PUP.Optional.Komodia.WnskRST, C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Windows\SysWOW64\Ykupnakla.dll.vir, , [c11c940d701bb97defedd9c1ae53c43c],
Backdoor.Bot, C:\FRST\Quarantine\C\Program Files\shopperz061220151824\csrcc.exe, , [617cb5ec5b30ff37b4132b07f90833cd],
PUP.Optional.SystemHealer, C:\FRST\Quarantine\C\Program Files (x86)\SystemHealer\Uninstaller.exe, , [cc11fca5fb90ed49d0c46a32bc45f907],
PUP.Optional.SearchProtect.AppFlsh, C:\FRST\Quarantine\C\Users\D.B.I\AppData\Local\bvxvyxxvcy\bvxvyxxvcy.exe, , [17c6ccd5e5a68da9e3d79f097c857e82],
PUP.Optional.SearchProtect.AppFlsh, C:\FRST\Quarantine\C\Users\D.B.I\AppData\Local\bvxvyxxvcy\pbqrmvbub, , [3aa3772aa4e7f244e0d8beea857c6f91],
PUP.Optional.CrossRider, C:\FRST\Quarantine\C\Users\D.B.I\AppData\Local\Image Food\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\ImageFood.dll, , [f0edebb6503b89ad6325dc8f9c68bb45],
PUP.Optional.CrossRider, C:\FRST\Quarantine\C\Users\D.B.I\AppData\Local\Image Food\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\xqajjr.dll, , [f5e85b466d1e290d5f735e5619e8b24e],
PUP.Optional.CrossRider, C:\FRST\Quarantine\C\Users\D.B.I\AppData\Local\Image Food\Image Food\{A3EBE9C2-C555-4221-169A-44D6E1D19DF4}\{2AFFA19D-062E-6D19-043A-8AE6B649DBE4}.dll, , [49942879c9c273c36523e08bfd07c937],
CrackTool.Agent, C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\amtlib.dll, , [7f5ee8b94f3c78bef6031cf33ac8fa06],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll, , [24b9f2af018aba7c2098a206a061c23e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, , [ab327b268a011026338507a1c14042be],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, , [deffabf6355693a39f19a404db26dc24],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, , [97469908a6e5c3735b5ddacec140bc44],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, , [c31a960b14770036ceeac3e53fc2c040],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll, , [518c6d34adde9e9864549a0ec73a0ef2],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll, , [5a8359485239181e05b3c7e1738e13ed],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, , [9f3e960bbad101358c2c7830c33e56aa],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\nbin\VC32Loader.dll, , [736a4a57117ae0566a4e4d5b12eff808],
PUP.Optional.ClientConnect, C:\zoek_backup\C_Users_D.B.I_Downloads_bsplayer267-1076.exe.vir, , [e1fc554ca5e67bbb4df4f3cd8e7252ae],
PUP.Optional.RocketTab.PrxySvrRST, C:\zoek_backup\C_PROGRA~2_Browsersafeguard\BrowserSafeguard.exe, , [c419b0f1830802348d2a91825aa6cc34],
PUP.Optional.Spigot, C:\zoek_backup\C_Users_DB0E23~1.I_AppData_Roaming_Search Protection\SearchProtection.exe, , [bd205e43deadf54125738d310af6649c],
PUP.Optional.Spigot, C:\zoek_backup\C_Users_DB0E23~1.I_AppData_Roaming_Search Protection\Uninstall.exe, , [4c91059ceba0b48273230eb0e31da15f],
PUP.Optional.Spigot, C:\zoek_backup\C_Users_D.B.I_AppData_Roaming_Search Protection\SearchProtection.exe, , [08d5920f5c2f51e5f5a37b43b24e0ff1],
PUP.Optional.Spigot, C:\zoek_backup\C_Users_D.B.I_AppData_Roaming_Search Protection\Uninstall.exe, , [bb227c250d7ebb7bb4e2f8c6a858be42],
PUP.Optional.FakeIELaunch, C:\Users\D.B.I\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, , [04d92180fb9025118810e6dba75c9d63],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, , [a439267b4744a88e01020de9ba4938c8],
PUP.Optional.SearchProtect.AppFlsh, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [825b524fc0cb62d4f70d7c7acb384fb1],
PUP.Optional.ProPCCleaner, C:\Users\D.B.I\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue\2.5.6.0\user.config, , [b726237edab1c37323e50c81956dba46],
PUP.Optional.ProPCCleaner, C:\Users\D.B.I\Documents\ProPCCleaner\log.txt, , [5588d5cc4249082efd0d226bda285fa1],
PUP.Optional.ProPCCleaner, C:\Users\D.B.I\Documents\ProPCCleaner\logerror.txt, , [5588d5cc4249082efd0d226bda285fa1],
PUP.Optional.Managera, C:\Users\D.B.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [9f3e3c65fe8d3105bb8eddbc7191a35d],
PUP.Optional.Managera, C:\Users\D.B.I\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [9f3e3c65fe8d3105bb8eddbc7191a35d],
PUP.Optional.ExTutil, C:\Users\D.B.I\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [ad30861bcfbc92a41c45efaab84a0bf5],
PUP.Optional.ExTutil, C:\Users\D.B.I\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [ad30861bcfbc92a41c45efaab84a0bf5],
PUP.Optional.ExTutil, C:\Users\D.B.I\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [ad30861bcfbc92a41c45efaab84a0bf5],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Danish.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Dutch.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\English.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\French.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\German.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Italian.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Norwegian.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Parameters.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Portuguese.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Spanish.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SystemHealer, C:\Users\D.B.I\AppData\Roaming\System Healer\Languages\Swedish.xml, , [8e4fb1f05932cd6970720b905da5f010],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Users\D.B.I\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [a835901108833afca0d8910c79893ec2],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, , [aa33b3ee93f8fc3afa81b7e631d1629e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, , [aa33b3ee93f8fc3afa81b7e631d1629e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, , [aa33b3ee93f8fc3afa81b7e631d1629e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, , [aa33b3ee93f8fc3afa81b7e631d1629e],
PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, , [aa33b3ee93f8fc3afa81b7e631d1629e],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Vsechny nalezy smazte.


Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• Aktualizujte virovou databazi klikem na Update a pokracujte na Next
• Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

MBAR
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.12.07.01
rootkit: v2015.11.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18097
D.B.I :: DBI-TOSH [administrator]

07/12/2015 10:42:22
mbar-log-2015-12-07 (10-42-22).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 390172
Time elapsed: 49 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER (Rootkit.Komodia.PUA) -> Delete on reboot. [a8953969bdced3638e3def070af97f81]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER|DisplayName (Rootkit.Komodia.PUA) -> Data: bsdriver -> Delete on reboot. [a8953969bdced3638e3def070af97f81]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\SPPD.sys (PUP.Optional.Conduit) -> Delete on reboot. [9a6b21450c0b4dd3ca6be4856e19d4d0]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Dejte prosim nove logy FRST.txt a Addition.txt