VIRY.CZ

Dobrý den!

Pokaždé, když zapnu počítač, do půl hodiny systém zamrzne - audio funguje i myš, ale po chvíli kurzor přestane reagovat také. Počítač nereaguje na žádné klávesové příkazy jako např. alt-tab, ctrl-alt-del. Pak počítač musím zresetovat manuálně (tlačítkem na krabici), nebo po nějakém čase systém sám nahodí restart i bez mého zásahu. Poté vždy následuje černá obrazovka s možnostmi jestli chci systém spustit v safe mode atd.
Občas se tohle zamrznutí a pád objeví i během dne (Už se stalo několikrát, že se tenhle problém opakoval i 3-4x za den.), ale není to tak časté.
Dále, internet je v některých intervalech (většinou mezi 18:00 a 1:00) pomalejší. Tuším, že to bude spíše nedostatek na straně providera. Ale pro větší klid bych ráda věděla, že se na tom nepodílí nějaká ta havěť

Předem díky za pomoc!
____________________________________________________________________________________________________
Log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by TDW at 2016-09-04 12:20:59
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 362 GB (76%) free of 477 GB
Total RAM: 3575 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:03 PM, on 04-Sep-16
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18427)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.26\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\LoLPatcher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\LolClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\TDW\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\trend micro\TDW.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
O2 - BHO: surf and keeP - {0451830B-94C5-4CF4-CFCA-2F06DF13BF18} - C:\Program Files\surf and keeP\MhFaMvjkgH.dll (file missing)
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: surf and keep - {C635E43A-42F4-7B54-C7A8-124A2ECE0D07} - C:\Program Files\surf and keep\FiD5.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: NCdownloader.lnk = C:\Program Files\Solibo Ltd\NCdownloader\NCdownloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update service - Popcorn Time - C:\Program Files\Popcorn Time\Updater.exe
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Unknown owner - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (file missing)
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

--
End of file - 8451 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job - C:\Program Files\Citrix\GoToMeeting\3164\g2mupdate.exe
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job - C:\Program Files\Citrix\GoToMeeting\5530\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job - C:\Program Files\Citrix\GoToMeeting\3164\g2mupload.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job - C:\Program Files\Citrix\GoToMeeting\5530\g2mupload.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8b17df2dec8d.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0451830B-94C5-4CF4-CFCA-2F06DF13BF18}]
surf and keeP - C:\Program Files\surf and keeP\MhFaMvjkgH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
Splashtop Connect VisualBookmark - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll [2011-03-05 345968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25 1637504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C635E43A-42F4-7B54-C7A8-124A2ECE0D07}]
surf and keep - C:\Program Files\surf and keep\FiD5.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-06-07 10082920]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"STCAgent"=C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-03-05 776064]
"ZyngaGamesAgent"=C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\steam.exe [2016-08-23 2857248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2015-09-02 721504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
C:\Program Files\Optimizer Pro\OptProLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2016-07-13 29494400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent]
C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-03-05 776064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NCdownloader.lnk - C:\Program Files\Solibo Ltd\NCdownloader\NCdownloader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ESETOlmarikOlmascoCleaner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ESETOlmarikOlmascoCleaner.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McNaiAnn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2016-09-04 12:21:00 ----D---- C:\Program Files\trend micro
2016-09-04 12:20:59 ----D---- C:\rsit
2016-09-03 18:29:29 ----D---- C:\Nexon
2016-08-26 22:19:30 ----D---- C:\Users\TDW\AppData\Roaming\uTorrent
2016-08-25 10:34:07 ----D---- C:\Program Files\Popcorn Time
2016-08-21 11:21:59 ----D---- C:\Users\TDW\AppData\Roaming\Mozilla
2016-08-21 11:16:37 ----D---- C:\Program Files\Avira
2016-08-17 06:50:49 ----A---- C:\Windows\system32\tzres.dll
2016-08-16 10:53:00 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-08-10 12:06:30 ----A---- C:\Windows\system32\wdigest.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\TSpkg.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\sspisrv.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\sspicli.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\secur32.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\schannel.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\rpcrt4.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\rpchttp.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\ncrypt.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\msv1_0.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\msobjs.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\msaudite.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\lsass.exe
2016-08-10 12:06:30 ----A---- C:\Windows\system32\lsasrv.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\kerberos.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-08-10 12:06:30 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-08-10 12:06:30 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-08-10 12:06:30 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-08-10 12:06:30 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-08-10 12:06:30 ----A---- C:\Windows\system32\cryptbase.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\credssp.dll
2016-08-10 12:06:30 ----A---- C:\Windows\system32\auditpol.exe
2016-08-10 12:06:30 ----A---- C:\Windows\system32\adtschema.dll
2016-08-10 12:06:21 ----A---- C:\Windows\system32\win32k.sys
2016-08-10 12:06:18 ----A---- C:\Windows\system32\occache.dll
2016-08-10 12:06:18 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 12:06:18 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 12:06:18 ----A---- C:\Windows\system32\inseng.dll
2016-08-10 12:06:18 ----A---- C:\Windows\system32\iernonce.dll
2016-08-10 12:06:18 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-08-10 12:06:18 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-08-10 12:06:18 ----A---- C:\Windows\system32\iedkcs32.dll
2016-08-10 12:06:18 ----A---- C:\Windows\system32\ie4uinit.exe
2016-08-10 12:06:17 ----A---- C:\Windows\system32\urlmon.dll
2016-08-10 12:06:17 ----A---- C:\Windows\system32\msfeeds.dll
2016-08-10 12:06:17 ----A---- C:\Windows\system32\jsproxy.dll
2016-08-10 12:06:17 ----A---- C:\Windows\system32\jscript9diag.dll
2016-08-10 12:06:17 ----A---- C:\Windows\system32\ieUnatt.exe
2016-08-10 12:06:17 ----A---- C:\Windows\system32\ieapfltr.dll
2016-08-10 12:06:17 ----A---- C:\Windows\system32\dxtmsft.dll
2016-08-10 12:06:16 ----A---- C:\Windows\system32\webcheck.dll
2016-08-10 12:06:15 ----A---- C:\Windows\system32\wininet.dll
2016-08-10 12:06:15 ----A---- C:\Windows\system32\msrating.dll
2016-08-10 12:06:15 ----A---- C:\Windows\system32\iesetup.dll
2016-08-10 12:06:15 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 12:06:14 ----A---- C:\Windows\system32\dxtrans.dll
2016-08-10 12:06:13 ----A---- C:\Windows\system32\ieui.dll
2016-08-10 12:06:13 ----A---- C:\Windows\system32\ieframe.dll
2016-08-10 12:06:11 ----A---- C:\Windows\system32\mshtmled.dll
2016-08-10 12:06:10 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-08-10 12:06:10 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-08-10 12:06:09 ----A---- C:\Windows\system32\iertutil.dll
2016-08-10 12:06:08 ----A---- C:\Windows\system32\mshtml.dll
2016-08-10 12:06:06 ----A---- C:\Windows\system32\jscript9.dll
2016-08-10 12:06:04 ----A---- C:\Windows\system32\vbscript.dll
2016-08-10 12:06:04 ----A---- C:\Windows\system32\jscript.dll
2016-07-31 20:40:36 ----D---- C:\ProgramData\0a3aab23-03f1-0
2016-07-31 20:40:35 ----D---- C:\ProgramData\0a3aab23-2bc3-1
2016-07-16 19:05:14 ----D---- C:\Program Files\Common Files\AV
2016-07-14 20:46:17 ----D---- C:\ProgramData\NortonInstaller
2016-07-14 20:46:17 ----D---- C:\Program Files\NortonInstaller
2016-07-14 20:32:48 ----D---- C:\ProgramData\Norton
2016-07-13 06:35:48 ----A---- C:\Windows\system32\wpnpinst.exe
2016-07-13 06:35:48 ----A---- C:\Windows\system32\win32spl.dll
2016-07-13 06:35:48 ----A---- C:\Windows\system32\ntprint.exe
2016-07-13 06:35:48 ----A---- C:\Windows\system32\ntprint.dll
2016-07-13 06:35:48 ----A---- C:\Windows\system32\localspl.dll
2016-07-13 06:35:48 ----A---- C:\Windows\system32\inetppui.dll
2016-07-13 06:35:48 ----A---- C:\Windows\system32\inetpp.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\invagent.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\generaltel.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\devinv.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-07-13 06:35:41 ----A---- C:\Windows\system32\centel.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\appraiser.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\aepic.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\aeinv.dll
2016-07-13 06:35:41 ----A---- C:\Windows\system32\acmigration.dll
2016-06-27 16:31:51 ----D---- C:\Program Files\Steam
2016-06-15 09:24:39 ----A---- C:\Windows\system32\StructuredQuery.dll
2016-06-15 09:24:37 ----A---- C:\Windows\system32\shell32.dll
2016-06-15 09:24:37 ----A---- C:\Windows\system32\ExplorerFrame.dll
2016-06-15 09:24:37 ----A---- C:\Windows\explorer.exe
2016-06-15 09:24:23 ----A---- C:\Windows\system32\lpk.dll
2016-06-15 09:24:23 ----A---- C:\Windows\system32\fontsub.dll
2016-06-15 09:24:23 ----A---- C:\Windows\system32\dciman32.dll
2016-06-15 09:24:23 ----A---- C:\Windows\system32\atmlib.dll
2016-06-15 09:24:23 ----A---- C:\Windows\system32\atmfd.dll
2016-06-15 09:24:21 ----A---- C:\Windows\system32\webio.dll
2016-06-15 09:24:20 ----A---- C:\Windows\system32\winipsec.dll
2016-06-15 09:24:20 ----A---- C:\Windows\system32\polstore.dll
2016-06-15 09:24:20 ----A---- C:\Windows\system32\IPSECSVC.DLL
2016-06-15 09:24:20 ----A---- C:\Windows\system32\gpsvc.dll
2016-06-15 09:24:20 ----A---- C:\Windows\system32\gpscript.exe
2016-06-15 09:24:20 ----A---- C:\Windows\system32\gpscript.dll
2016-06-15 09:24:20 ----A---- C:\Windows\system32\gpprefcl.dll
2016-06-15 09:24:20 ----A---- C:\Windows\system32\gpapi.dll
2016-06-15 09:24:20 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 09:24:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2016-06-15 09:24:15 ----A---- C:\Windows\system32\drivers\srv2.sys
2016-06-15 09:24:15 ----A---- C:\Windows\system32\drivers\srv.sys
2016-06-15 09:24:15 ----A---- C:\Windows\system32\drivers\cng.sys
2016-06-15 09:24:15 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-06-15 09:23:59 ----A---- C:\Windows\system32\ws2_32.dll
2016-06-15 09:23:59 ----A---- C:\Windows\system32\winhttp.dll
2016-06-15 09:23:59 ----A---- C:\Windows\system32\netbtugc.exe
2016-06-15 09:23:59 ----A---- C:\Windows\system32\mswsock.dll
2016-06-15 09:23:59 ----A---- C:\Windows\system32\drivers\netbt.sys
2016-06-15 09:23:57 ----A---- C:\Windows\system32\msimsg.dll
2016-06-15 09:23:57 ----A---- C:\Windows\system32\msihnd.dll
2016-06-15 09:23:57 ----A---- C:\Windows\system32\msiexec.exe
2016-06-15 09:23:57 ----A---- C:\Windows\system32\msi.dll
2016-06-15 09:23:57 ----A---- C:\Windows\system32\consent.exe
2016-06-15 09:23:57 ----A---- C:\Windows\system32\authui.dll
2016-06-15 09:23:57 ----A---- C:\Windows\system32\appinfo.dll
2016-06-15 09:22:13 ----A---- C:\Windows\system32\gdi32.dll

======List of files/folders modified in the last 3 months======

2016-09-04 12:21:01 ----D---- C:\Windows\Temp
2016-09-04 12:21:00 ----RD---- C:\Program Files
2016-09-04 12:12:11 ----D---- C:\Windows\Tasks
2016-09-04 12:12:04 ----D---- C:\Windows\Prefetch
2016-09-04 10:54:36 ----A---- C:\Windows\system32\log.txt
2016-09-04 10:52:16 ----D---- C:\Windows\Minidump
2016-09-04 10:14:12 ----D---- C:\Windows\system32\config
2016-09-03 18:11:56 ----D---- C:\ProgramData\NexonUS
2016-09-03 18:03:00 ----D---- C:\Users\TDW\AppData\Roaming\Skype
2016-09-03 05:07:36 ----D---- C:\Users\TDW\AppData\Roaming\vlc
2016-09-02 18:20:55 ----D---- C:\Windows\system32\NDF
2016-08-30 21:21:55 ----SHD---- C:\System Volume Information
2016-08-26 13:51:29 ----D---- C:\Program Files\Common Files\Steam
2016-08-21 12:08:45 ----SHD---- C:\Windows\Installer
2016-08-21 12:08:45 ----HD---- C:\ProgramData
2016-08-21 12:08:43 ----SHD---- C:\Config.Msi
2016-08-21 12:08:20 ----D---- C:\Windows\system32\drivers
2016-08-21 12:04:34 ----D---- C:\Windows\system32\Tasks
2016-08-21 11:34:57 ----D---- C:\Windows\pss
2016-08-21 11:28:45 ----D---- C:\Windows
2016-08-21 11:22:39 ----RSD---- C:\Windows\Fonts
2016-08-21 11:20:27 ----D---- C:\Windows\system32\catroot
2016-08-19 00:44:59 ----D---- C:\ProgramData\Microsoft Help
2016-08-18 14:49:50 ----D---- C:\Windows\inf
2016-08-17 17:41:20 ----D---- C:\Windows\rescache
2016-08-17 08:32:52 ----D---- C:\Windows\winsxs
2016-08-17 08:32:35 ----D---- C:\Windows\system32\he-IL
2016-08-17 08:32:35 ----D---- C:\Windows\system32\en-US
2016-08-17 08:32:34 ----D---- C:\Windows\System32
2016-08-15 21:00:01 ----D---- C:\Windows\system32\LogFiles
2016-08-15 11:38:26 ----D---- C:\Windows\debug
2016-08-15 11:32:53 ----D---- C:\Game
2016-08-11 10:26:26 ----D---- C:\Program Files\Internet Explorer
2016-08-10 23:14:41 ----D---- C:\Windows\system32\MRT
2016-08-10 23:14:16 ----AC---- C:\Windows\system32\MRT.exe
2016-08-10 12:02:24 ----D---- C:\Windows\system32\catroot2
2016-08-09 19:44:13 ----SD---- C:\Users\TDW\AppData\Roaming\Microsoft
2016-08-09 12:34:41 ----D---- C:\ProgramData\Skype
2016-08-09 12:34:39 ----RD---- C:\Program Files\Skype
2016-07-28 09:04:58 ----D---- C:\Program Files\Common Files
2016-07-26 14:24:26 ----N---- C:\Windows\system32\MpSigStub.exe
2016-07-21 16:48:52 ----A---- C:\Windows\NeroDigital.ini
2016-07-21 03:00:36 ----SD---- C:\Windows\system32\GWX
2016-07-18 22:05:23 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-07-16 02:52:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-07-14 19:45:16 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-07-13 20:35:30 ----D---- C:\Windows\Microsoft.NET
2016-07-13 20:34:32 ----RSD---- C:\Windows\assembly
2016-07-13 16:22:23 ----D---- C:\Program Files\Windows Journal
2016-07-13 16:22:22 ----D---- C:\Windows\AppPatch
2016-07-13 16:22:21 ----D---- C:\Windows\system32\appraiser
2016-07-12 13:45:04 ----D---- C:\Windows\system32\Macromed
2016-06-16 09:00:45 ----D---- C:\Windows\he-IL
2016-06-16 09:00:45 ----D---- C:\Windows\en-US
2016-06-16 09:00:44 ----D---- C:\Windows\system32\wbem
2016-06-12 16:34:58 ----D---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 388096]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2013-03-22 229208]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-10-26 8853504]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-10-26 264192]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-05-25 41600]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-05-25 61824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-06-07 3514152]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MEI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 133632]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S2 sbmntr;SBMNTR; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag.sys []
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys []
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter; C:\Windows\system32\DRIVERS\lgandnetndis.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 ESETOlmarikOlmascoCleaner;ESET Olmarik/Olmasco Cleaner; \??\C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [2014-05-26 126472]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-12-05 17488]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-19 26176]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [2015-09-21 94936]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2009-07-14 5632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 35968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-06-25 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-10-26 176128]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-05-25 1364096]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-05-25 1687680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 SCBackService;Splashtop Connect Service; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R2 Update service;Update service; C:\Program Files\Popcorn Time\Updater.exe [2016-08-03 339968]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 149352]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2016-05-23 324224]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14 270016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2015-11-05 45744]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-08-02 102912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2016-02-24 4362656]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2016-08-23 1465120]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-04 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

Zdravím!
Jak je na tom váš oper. systém s legalitou?

Systém je legální Počítač byl zakoupen s již nainstalovaným Win7 Ultimate.

Udělejte následující sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<. Dejte oba logy.

Extras:

OTL Extras logfile created on: 04-Sep-16 5:29:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TDW\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18426)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.49 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 49.52% Memory free
6.98 Gb Paging File | 4.62 Gb Available in Paging File | 66.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 358.48 Gb Free Space | 76.98% Space Free | Partition Type: NTFS
Drive E: | 931.48 Gb Total Space | 711.67 Gb Free Space | 76.40% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B35DA02-7CEA-439F-AA1F-A3036ED0A6A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C9DEDD9-849C-45A7-8123-F83CFDC63BAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C9A111B-4695-4129-8CC3-8EC8EA1344A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2025F2BF-4103-4DEC-9CF9-12F25DBB4FD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{228DB114-F1D2-414B-87A4-E4418AC150FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{345257F5-6C2D-4B2E-AE36-CB62C06D6B10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36098344-4401-4226-ACCB-DB84E6501D0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E2B6090-31F9-4137-BD9B-F9AF0ACB084E}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F648397-CD08-4028-8E72-2F8C923F8FE3}" = lport=49499 | protocol=6 | dir=in | name=akamai netsession interface |
"{457678A1-C2D0-4B44-8D70-A811DD9741C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A06A43B-D795-43A3-8964-A1B3356AE893}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4CD22E5A-7124-42F2-A113-47E6761F1F20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4DD6801B-7D12-44BC-95D5-36BAC6B5B247}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EC4BD35-8E36-487F-AFB8-353AE85456F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58F8DD00-8789-476B-AFD6-C23B7727C26B}" = rport=139 | protocol=6 | dir=out | app=system |
"{5AD38050-823E-4976-81CB-AA3C89EE6C9B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6496AE51-002E-4869-AC22-F1CC2A403C76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73066EC1-B3A9-431F-B1B1-C04D5B2B2618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75ECA52D-7F0D-469B-AAD5-84E68E6702FF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{8F15B0D9-6818-476F-BB33-AA927F2614BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A237AF85-07F8-4BF2-BA0E-C9C1E62A82C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A53B6314-015C-4D25-9C03-B6ED15C38593}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B154AEAE-697C-499D-99B1-88F435D14F29}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B8C46A1F-395F-4EFC-8B49-ED9136F39D78}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA6056DE-A2E4-4592-81CF-99C25EE52514}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BAFD7EDD-7B8E-41E3-A719-40CA5E2917F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE479846-5208-46BB-891C-AD417DE3E106}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5B72CAD-AA34-424D-8441-D457B0EA3A56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D32DC071-F023-4EA4-8C2E-CFD1C090CD94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7AACAEB-F28A-4783-B5D7-D6A771E444B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF085BF1-A320-47FD-B849-6FF35A357742}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFDC2732-4220-45C6-990E-9DACE0B1A714}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECB0DA81-DD9B-4EF9-9131-0FBC2F9D36A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{F787D0CE-35AA-4EC5-9C85-2AE7ED1A3C58}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9DA1587-2855-4E18-8EB2-283905232ADE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1403D39D-E57C-49E4-91FE-525D857B1FD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{160E6E3D-36D9-425B-AF48-D2FED5F47ABE}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{1A9C0D13-B33C-47D9-BA5A-D95A5007B543}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2455543C-0D4F-4E15-98F1-EAF68828D708}" = protocol=17 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{329184B8-5555-491F-A418-F8CA55E67111}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{33B30456-46EE-4A49-A2FC-9EEC18C0D45D}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{3E5594D9-6FB4-465E-8E28-633BAE32A90B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{440C54CB-D868-49A4-AB38-F88DCC685AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44280504-F9B5-4DA5-820E-E2ED588A83A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44700AA7-0094-4AD8-89A8-C0FD5333FE92}" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{44DA2AB8-EA29-4A6C-AB40-BA5CB29DB64A}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{476FB747-C0A0-4054-8DD2-DD6D916B7776}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4A483A83-E6F4-4D0B-BDBB-2CD253FD5012}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{4D2FF0BA-3662-4415-AB34-F455F28AFF21}" = dir=in | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{4D7E7CA4-E999-47D7-BAAB-1E673EFB84DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F7C41EE-B83E-44EC-82DE-4A24D1DD3303}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{4F9D1607-6A47-4338-ACAE-4BC6E88CA436}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FB75942-6ED0-460F-927D-03AE31EE31C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4FC1068D-72C1-4A5A-AEBD-0E46EE2EB0B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5171407A-83E6-496C-ACDF-2BE5D7C038F3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{52856F35-9218-47B0-A3B4-5C28CDB459AD}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"{59D69DD9-2E93-4946-A65D-4EC73D64CB5C}" = protocol=6 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{5B29FEB3-D498-477F-8BA6-F11503211D77}" = protocol=6 | dir=out | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{5E86803E-F45B-44E0-BD3C-69736217356C}" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{65AE1174-8412-42D9-94C4-2B73500CB79A}" = protocol=17 | dir=out | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{666890D1-EAAF-4698-83E6-131A3D0EFC48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AD27EF7-9E4B-4960-9FBD-5BB71AC45559}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B086C99-7F3B-4599-A5EC-6FF0E1712C5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{702D34B7-F259-494C-88CE-A7B4BD91616B}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{713F40E2-EFB5-493D-AFA1-FC1EA499578A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{716D9032-7991-42FF-8BD8-102567202634}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{73155B89-A6A2-4701-AEBC-AC437B8F9BD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79C96A0D-C7E0-49F5-A5F0-EE3EB7D6F996}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7B0E9B86-A628-4EDB-9689-8C34AEBCCFAF}" = protocol=17 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{86E20E4D-DEAD-40D5-BE7C-F37D3B0317BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{912DDE0F-0AAA-4CAC-A66B-C98E8686B313}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{91C57CEE-75CF-4C64-B1FC-9442060CCFA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{931AC6E2-E689-4F25-A82D-7D3663B92451}" = dir=out | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{956C75E4-7C76-4214-ABA1-AB0077E96B92}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{9604DB96-52C2-428F-AA96-68A6AEBBCD36}" = protocol=17 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{9CAAE851-D8F6-42E1-BB90-0ABAD7C26E86}" = protocol=6 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{A41063BB-3E4B-465E-810F-A4CC6333B651}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{A8304BC4-8555-4E12-9F67-4CF9AB5FE248}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A84018DC-A728-45BD-9C7D-8DAB81656A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8C4EBBB-FEC4-4D9C-9387-0EA7BA121B76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{ABCC3A4D-B2BF-4991-8F7C-7A424A1631D8}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{AD9EAD9F-B1C7-4A08-AA21-66ACFDE90C74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0698859-F5BE-419A-89C0-63A87D8EB193}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B2E28C16-BBFD-4396-96D0-334BF3C0E18F}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B49759F6-733C-44B3-BB3C-AD427A7560B8}" = protocol=6 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{BC9FE2BA-E0E5-4FD4-A038-F82BF725D5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0D08202-3A3B-4456-BCF2-136E83D66F41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1160032-8C70-402C-A583-1CDCB7E9ADEE}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{C2C60C41-0196-4C95-9C11-F45CE470E9DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7115288-0E41-4F9A-ADAB-849F1D8B90B2}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{CF13FBAB-BA68-4AF3-AC10-B37A1A54412C}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{D1D412AD-8FDE-4478-974C-F44D1744B444}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{D8322C20-68D9-4E70-AE09-C4A3B1AFA3BB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D891DECA-0D48-4A0F-9E9D-7F80E48012D8}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{D9BB816E-74FD-4E52-B1C5-591F1CE12E72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DB969D94-1E87-41FA-B60C-44690562E4EB}" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{E018C2F5-98B4-47FC-B741-A11D5CFD01DB}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{E8450F88-E969-4F5B-9D3E-C8F79A15DE93}" = protocol=6 | dir=out | app=system |
"{EB23E3F2-7181-49B4-8B24-EB908B7EAB0E}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F08A5D4A-08D4-48EF-9AD2-B0DBCC5CD159}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F29D8CEF-17A8-4B14-81A2-9A58E576D111}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3535524-EFF5-4BA0-ACDB-9EB7EDD5FC5A}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{F4C4ADA0-9CEB-4A19-8873-81343142B46C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9AAB1B1-C673-4E66-8995-8EA75E3FE958}" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{FC5BD682-8776-4355-A78D-EC7DB7342C11}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"TCP Query User{0865282C-67E0-4EF7-A07F-6DBD228471AE}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{0A3B0EB2-4F93-4A05-B7EA-ACA367566D7F}C:\users\tdw\desktop\jonathan studies do not erase!\kodi\kodi.exe" = protocol=6 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\kodi\kodi.exe |
"TCP Query User{0CA289A3-18F7-4733-B947-F40DE58B54C8}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{16E77583-7344-4635-BBE8-728B8386897B}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=6 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"TCP Query User{1739FD15-A27D-4EF9-BBBF-E1BE1FB4A9B7}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"TCP Query User{1C0DCB7A-10E6-447F-8545-2CBB5BC16137}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{216143FF-DB53-4A8A-867D-EBC4D4F77055}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{2B724F42-5204-4C16-9FE5-3C69A9197B00}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=6 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"TCP Query User{3CA75712-B81E-4387-8AB4-180860DE774D}C:\program files\kodi\kodi.exe" = protocol=6 | dir=in | app=c:\program files\kodi\kodi.exe |
"TCP Query User{459227DD-625D-43EF-B201-79DD05DE36BF}C:\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\skype\phone\skype.exe |
"TCP Query User{5514EF2E-B013-4401-B949-9E841FD91DA6}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55B17637-3749-477B-995A-FF8863FEE236}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{61469E9E-E061-4E55-8CCB-C5E4A537FEB2}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{64AF1F24-486F-4598-9FDF-400747BE6F5C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{75151CB8-C76B-4F42-8965-FADB4EFC7475}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{7681F943-454D-4382-97AC-824978D2F632}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{83859D3F-CFBE-4A81-9963-D2D427669326}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"TCP Query User{8718F9E8-BDA5-4651-8CFC-A217997C7AA6}C:\ellina\maplestory\maplestory.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"TCP Query User{A6B5DB0A-EF91-4C8D-936C-F40088E37BA7}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{AB70FB85-FB39-4B4C-99D9-26A0EB37E1C1}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B142CA72-A039-452E-8342-5A0342A301AA}C:\program files\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"TCP Query User{B2F4C0B6-31E0-48BC-BBA2-43FBA45C3D83}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{B47F432C-02AF-4C45-9AA7-E2B315BAEC59}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{B622D4A7-E930-4516-AF6F-3A37D58D036F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{BC54475A-4EDF-4BFA-A5BF-B7A8D0D6F56B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"TCP Query User{C2AD23E9-AD6B-4C31-BE2F-9EC711F78482}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{CBBE9329-8871-44FD-ADAD-52681994FB9B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{D8D92CF4-0D0B-4C5F-BEA8-2F4D253E1F88}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{D9939481-9819-4C01-9722-B30B6261B54C}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"TCP Query User{DC89665F-D783-44A8-B096-5C29875324FA}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{E90AA60B-C647-4F7B-B7E9-99FD1D6FD717}C:\ellina\maplestory\ellinia.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"TCP Query User{E92FA4E6-5921-4520-8ACA-CAE9EE0E7BC4}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{F209A386-2597-4E52-AD0E-053B90DE5214}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{F69428F3-F5A5-4DAB-92D2-881C7C0892F8}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=6 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"TCP Query User{F7B53B43-5723-4004-99B0-BA614294E032}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{F9249045-F62F-473F-95F3-3730449E38C5}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{086CBE13-6EAD-489E-91A0-E6B40B9ED532}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{09895274-21DC-451E-A716-006B6F1431F1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{119C1548-0ACF-4806-BEAE-4089D91BF1FE}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{12E10154-57E1-4D56-9E61-D1758C97D30D}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{169C6FCD-08D1-4A8C-8338-50EDFFA08379}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{2C03B740-7D0C-4795-862F-6A0EA7604A39}C:\ellina\maplestory\maplestory.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"UDP Query User{30321B7A-938E-40BD-A12B-631E7E7BC8C9}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=17 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"UDP Query User{30C40E46-9353-4190-B75E-FF5FD12FD931}C:\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\skype\phone\skype.exe |
"UDP Query User{4294D326-FB80-4D50-9202-4CE375521E56}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{49B88382-3F0E-4EC5-8D62-BBFD14AC74D7}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"UDP Query User{4ACBEF1D-167A-4EE5-BDBB-8A45E8560074}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"UDP Query User{508CB5F9-7A96-48C6-86D0-E57AB894F692}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{5BF223A5-760E-419E-A11D-87B4389D9801}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{5CE52326-3DB1-4CE9-8B85-2CD6F66A8055}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{5FE78AE6-8A3F-4FB7-8E26-D3A9D98D7869}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{61B6C7DA-C0A5-4C88-A781-39BB95630B2C}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{6655F048-8768-4375-AC30-D6901C26C12C}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"UDP Query User{6F69BE84-9664-4057-ACB3-5B8E42CC6E97}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7239EFCE-F3C6-46AE-A0AC-84395DB198B8}C:\program files\kodi\kodi.exe" = protocol=17 | dir=in | app=c:\program files\kodi\kodi.exe |
"UDP Query User{76BA3753-1AE3-4DA8-A6E6-80A92A06F820}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{8520F0A2-71A8-431B-8311-227D4FC01AEC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{852E557B-46DD-4778-ACC8-8D3BF8EF1584}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"UDP Query User{8E734D45-C1B1-49C4-B5AA-1D6CE64CE0FB}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{9A1C9306-5A83-4503-805E-D98883250939}C:\ellina\maplestory\ellinia.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"UDP Query User{A168DDFE-C23D-4D8B-93FB-083E7157F8B2}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{A1CE00F9-AEA6-43C0-AE10-AF7F9CD9280A}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{A881EE44-AE2C-4231-A33D-509DD6716D7B}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{B5A1E94C-5C78-4CC3-BE31-81E53D890E0A}C:\users\tdw\desktop\jonathan studies do not erase!\kodi\kodi.exe" = protocol=17 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\kodi\kodi.exe |
"UDP Query User{B90E13BD-67CE-404C-83C9-A74ECF7D18F3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C82643D4-BF36-4E96-83D9-648813BFFE51}C:\program files\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"UDP Query User{D04D3664-5A11-4B0A-858D-5C8B70B3EE17}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DB16403F-9F6F-4F97-9FAD-07ADE92962F6}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=17 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"UDP Query User{DF605539-BE6B-4221-A602-C72D7E3BDCB1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{EA342DA3-A240-4A22-AD3C-41C59107A5CC}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=17 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"UDP Query User{F1E6C7BD-F16E-4082-A773-0DD4C8A4C6AF}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F35B8937-6947-4D0E-BF41-49182648257C}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}" = Citrix Online Launcher
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{30500C7C-2206-3DC6-9792-96E95A04669D}" = Microsoft .NET Framework 4.6.1
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}" = Browser faster
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77463C86-BB3A-426E-A6C2-06B4D28C250F}" = Citrix Online Launcher
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7B77622E-DE90-48EA-B2C7-227B1DE58A01}" = Adobe AIR
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0017-040D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Hebrew) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-0100-040D-0000-0000000FF1CE}" = Microsoft Office O MUI (Hebrew) 2010
"{90140000-0101-040D-0000-0000000FF1CE}" = Microsoft Office X MUI (Hebrew) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-0804-1033-1959-001824191728}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.26
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 22 ActiveX
"CCleaner" = CCleaner
"Counter Strike - Condition Zero (Ultimate Edition)" = Counter Strike - Condition Zero (Ultimate Edition)
"Counter-Strike 1.6" = Counter-Strike 1.6
"Google Chrome" = Google Chrome
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057
"MapleStory" = MapleStory
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Office14.OMUI.he-il" = Microsoft Office Language Pack 2010 - Hebrew עברית
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Popcorn Time_is1" = Popcorn Time
"S-161304646" = SK.Enhancer
"SkypEmoticons_is1" = SkypEmoticons
"SP_ecec6af5" = SK.Helper 1.74
"Steam" = Steam
"Steam App 246420" = Kingdom Rush
"Steam App 335240" = Transformice
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 7.22.1.5530
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31-Aug-16 2:09:58 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 31-Aug-16 2:50:46 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 01-Sep-16 3:07:04 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 01-Sep-16 3:27:11 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 01-Sep-16 6:08:28 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 01-Sep-16 7:14:26 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 02-Sep-16 10:43:54 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 02-Sep-16 11:30:28 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 04-Sep-16 2:58:26 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 04-Sep-16 3:52:48 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 02-Sep-16 11:28:44 AM | Computer Name = USER-PC | Source = BugCheck | ID = 1001
Description =

Error - 02-Sep-16 11:28:52 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3

Error - 02-Sep-16 11:33:05 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description = The MBAMService service hung on starting.

Error - 02-Sep-16 2:28:05 PM | Computer Name = user-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 20.

Error - 04-Sep-16 2:58:05 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3

Error - 04-Sep-16 3:02:17 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description = The MBAMService service hung on starting.

Error - 04-Sep-16 3:52:15 AM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:51:04 AM on ?9/?4/?2016 was unexpected.

Error - 04-Sep-16 3:52:16 AM | Computer Name = USER-PC | Source = BugCheck | ID = 1001
Description =

Error - 04-Sep-16 3:52:18 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3

Error - 04-Sep-16 3:56:40 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description = The MBAMService service hung on starting.


< End of report >

OTL:

OTL logfile created on: 04-Sep-16 5:29:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TDW\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18426)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.49 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 49.52% Memory free
6.98 Gb Paging File | 4.62 Gb Available in Paging File | 66.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 358.48 Gb Free Space | 76.98% Space Free | Partition Type: NTFS
Drive E: | 931.48 Gb Total Space | 711.67 Gb Free Space | 76.40% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016-09-04 16:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TDW\Downloads\OTL.exe
PRC - [2016-08-25 08:49:25 | 004,602,872 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\LoLPatcher.exe
PRC - [2016-08-25 08:49:12 | 002,409,464 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.26\deploy\LoLLauncher.exe
PRC - [2016-08-03 13:33:38 | 000,339,968 | ---- | M] (Popcorn Time) -- C:\Program Files\Popcorn Time\Updater.exe
PRC - [2016-06-25 01:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2016-05-25 10:31:20 | 001,687,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2016-05-25 10:30:36 | 001,364,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2016-05-21 17:14:49 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\LolClient.exe
PRC - [2016-05-21 16:31:35 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2016-04-09 08:44:07 | 002,973,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2015-06-18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2012-11-23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011-10-26 05:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011-10-26 05:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011-03-22 11:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010-11-15 14:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010-10-06 08:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-10-06 08:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2016-08-25 08:49:25 | 004,602,872 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\LoLPatcher.exe
MOD - [2016-08-25 08:49:25 | 000,449,528 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.66\deploy\RiotLauncher.dll
MOD - [2016-08-25 08:49:12 | 002,409,464 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.26\deploy\LoLLauncher.exe
MOD - [2016-05-21 17:14:49 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\LolClient.exe
MOD - [2016-05-21 16:36:15 | 004,887,216 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2016-05-21 16:34:39 | 019,397,808 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2016-05-21 16:31:35 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2013-09-05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012-02-17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2016-08-23 22:33:10 | 001,465,120 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016-08-03 13:33:38 | 000,339,968 | ---- | M] (Popcorn Time) [Auto | Running] -- C:\Program Files\Popcorn Time\Updater.exe -- (Update service)
SRV - [2016-08-02 08:41:49 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2016-07-14 19:45:17 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016-06-25 01:45:12 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2016-05-25 10:31:20 | 001,687,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2016-05-25 10:30:36 | 001,364,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2016-05-23 15:17:32 | 000,324,224 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016-02-24 10:15:00 | 004,362,656 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2015-07-22 20:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015-06-18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Start_Pending] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-12-19 01:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013-05-27 07:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-12-04 06:58:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-10-26 05:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011-03-22 11:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 14:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010-10-06 08:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-10-06 08:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-07-14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2005-09-23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | Auto | Stopped] -- C:\PROGRA~1\YTDOWN~1\sbmntr.sys -- (sbmntr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetndis.sys -- (andnetndis)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetmodem.sys -- (ANDNetModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2015-09-21 19:05:06 | 000,094,936 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2015-06-18 08:41:54 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015-06-18 08:41:36 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015-06-11 20:15:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2014-05-26 22:38:43 | 000,126,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESETOlmarikOlmascoCleaner.sys -- (ESETOlmarikOlmascoCleaner)
DRV - [2013-03-22 01:01:10 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012-12-05 03:20:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011-10-26 06:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011-10-26 04:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011-05-25 14:19:00 | 000,061,824 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - [2011-05-25 14:19:00 | 000,041,600 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV - [2010-11-21 00:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-21 00:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-21 00:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010-11-21 00:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010-11-21 00:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-21 00:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-21 00:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-21 00:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-21 00:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-21 00:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010-11-21 00:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-21 00:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-21 20:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009-07-14 02:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009-03-19 03:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-05-07 03:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007-01-29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = DB AB 16 10 77 04 D2 01 [binary data]
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes,DefaultScope = {70839579-320E-4763-A420-8468514E4F69}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{271B4DEB-E9E4-4842-86EF-B5255AAFB2F5}: "URL" = http://search.yahoo.com/search?p={searc ... ype=IEBDSV
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{5AC76C24-D9F8-4e70-A2F7-A4C133AA872C}: "URL" = http://www.google.com/cse?cx=partner-pu ... earchTerms}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\TDW\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2016-08-21 11:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions
[2016-08-21 11:22:01 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions\abs@avira.com

========== Chrome ==========

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\

O1 HOSTS File: ([2009-06-11 00:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (surf and keeP) - {0451830B-94C5-4CF4-CFCA-2F06DF13BF18} - C:\Program Files\surf and keeP\MhFaMvjkgH.dll File not found
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (surf and keep) - {C635E43A-42F4-7B54-C7A8-124A2ECE0D07} - C:\Program Files\surf and keep\FiD5.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [STCAgent] C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" File not found
O4 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..Trusted Domains: tlush.gov.il ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F83BC11-E58F-45EB-9001-D6099356579E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-04-06 05:29:53 | 000,000,020 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:3de0a5a6 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2016-09-04 12:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2016-09-04 12:20:59 | 000,000,000 | ---D | C] -- C:\rsit
[2016-09-03 18:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2016-09-03 18:29:29 | 000,000,000 | ---D | C] -- C:\Nexon
[2016-08-26 22:19:30 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Roaming\uTorrent
[2016-08-25 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Local\PopcornTimeDesktop
[2016-08-25 10:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
[2016-08-25 10:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Popcorn Time
[2016-08-21 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Local\AviraSpeedup
[2016-08-21 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Local\Avira
[2016-08-21 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Roaming\Mozilla
[2016-08-21 11:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2016-08-17 06:50:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2016-08-15 10:44:51 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Local\Diagnostics
[2016-08-10 12:06:30 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2016-08-10 12:06:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2016-08-10 12:06:30 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2016-08-10 12:06:30 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2016-08-10 12:06:30 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2016-08-10 12:06:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2016-08-10 12:06:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2016-08-10 12:06:21 | 002,399,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2016-08-10 12:06:18 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2016-08-10 12:06:18 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2016-08-10 12:06:18 | 000,346,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2016-08-10 12:06:18 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2016-08-10 12:06:18 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2016-08-10 12:06:18 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2016-08-10 12:06:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2016-08-10 12:06:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2016-08-10 12:06:17 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2016-08-10 12:06:17 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2016-08-10 12:06:17 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2016-08-10 12:06:17 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2016-08-10 12:06:17 | 000,416,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2016-08-10 12:06:17 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2016-08-10 12:06:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2016-08-10 12:06:16 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2016-08-10 12:06:15 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2016-08-10 12:06:15 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2016-08-10 12:06:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2016-08-10 12:06:14 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2016-08-10 12:06:13 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2016-08-10 12:06:11 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2016-08-10 12:06:10 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2016-08-10 12:06:10 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2016-08-10 12:06:06 | 004,608,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

========== Files - Modified Within 30 Days ==========

[2016-09-04 17:29:46 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016-09-04 17:24:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8b17df2dec8d.job
[2016-09-04 17:20:02 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job
[2016-09-04 16:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016-09-04 16:43:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job
[2016-09-04 16:42:01 | 000,000,606 | ---- | M] () -- C:\Windows\tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job
[2016-09-04 16:02:34 | 000,854,923 | ---- | M] () -- C:\Users\TDW\Desktop\Capture.png
[2016-09-04 15:47:51 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016-09-04 15:47:51 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016-09-04 15:45:00 | 000,000,608 | ---- | M] () -- C:\Windows\tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job
[2016-09-04 10:52:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016-09-04 10:52:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016-09-04 10:52:13 | 2811,682,816 | -HS- | M] () -- C:\hiberfil.sys
[2016-09-03 18:41:56 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2016-08-25 10:34:20 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Popcorn Time.lnk
[2016-08-21 11:29:58 | 000,441,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2016-08-09 12:26:51 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2016-09-04 17:27:28 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016-09-04 15:46:15 | 000,854,923 | ---- | C] () -- C:\Users\TDW\Desktop\Capture.png
[2016-09-03 18:41:56 | 000,000,204 | ---- | C] () -- C:\Users\Public\Desktop\MapleStory.url
[2016-08-25 10:34:20 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\Popcorn Time.lnk
[2016-08-16 10:53:00 | 000,441,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2016-06-11 15:53:24 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2015-12-21 20:58:15 | 000,007,594 | ---- | C] () -- C:\Users\TDW\AppData\Local\Resmon.ResmonCfg
[2015-11-08 21:07:49 | 000,000,000 | ---- | C] () -- C:\Windows\MERP.INI
[2015-11-08 20:46:24 | 000,000,000 | ---- | C] () -- C:\Windows\APPWIZ32.INI
[2015-08-09 14:38:38 | 000,001,108 | RHS- | C] () -- C:\Users\TDW\ntuser.pol

========== ZeroAccess Check ==========

[2009-07-14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016-04-09 09:54:53 | 012,881,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 00:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-12-07 05:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Splashtop
[2015-08-16 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-10-19 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2015-11-24 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2015-11-25 01:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 20:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 07:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2016-05-21 16:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2015-08-09 14:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2016-09-03 06:04:17 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\uTorrent
[2015-08-06 19:54:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2015-07-11 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
[2013-01-01 02:03:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\fizzy
[2015-08-06 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\java
[2015-03-05 11:17:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LibreOffice
[2013-06-17 11:02:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2015-04-13 16:09:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MiniGet
[2014-05-21 16:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice
[2015-04-13 16:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera Software
[2013-02-02 10:53:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2015-06-10 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PerformerSoft
[2014-08-06 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Riot Games
[2013-10-09 16:41:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\rockbox.org
[2014-12-10 21:54:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SanDisk
[2012-12-04 06:21:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Splashtop
[2015-02-28 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Transformice
[2015-08-08 22:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2015-01-19 17:37:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009-07-14 07:53:46 | 000,032,652 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009-07-14 07:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013-01-14 00:36:09 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013-04-19 19:39:18 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014-06-18 20:08:06 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b17df2dec8d.job
[2015-06-03 20:23:53 | 000,000,512 | ---- | C] () -- C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job
[2015-06-15 16:33:51 | 000,000,608 | ---- | C] () -- C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job
[2016-05-15 21:57:34 | 000,000,510 | ---- | C] () -- C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job
[2016-05-15 21:57:35 | 000,000,606 | ---- | C] () -- C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job

< >

< MD5 for: ATAPI.SYS >
[2009-07-14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009-07-14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009-07-14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009-07-14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010-11-21 00:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010-11-21 00:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010-11-21 00:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010-11-21 00:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010-11-21 00:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2016-01-22 08:12:59 | 002,973,184 | ---- | M] (Microsoft Corporation) MD5=2A156D5EBF221EF2A6AE7CE452324DAC -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.19135_none_53a73c47d80e17a9\explorer.exe
[2016-04-09 08:44:07 | 002,973,184 | ---- | M] (Microsoft Corporation) MD5=3DA48EA028AD771C5B71727F0C3984E9 -- C:\Windows\explorer.exe
[2016-04-09 08:44:07 | 002,973,184 | ---- | M] (Microsoft Corporation) MD5=3DA48EA028AD771C5B71727F0C3984E9 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23418_none_54497d94f118c5e4\explorer.exe
[2010-11-21 00:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2016-01-22 09:07:00 | 002,973,696 | ---- | M] (Microsoft Corporation) MD5=CEA6C2000AEC6CAF3CD6F3F73848E40A -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23338_none_5433dbd6f129009f\explorer.exe

< MD5 for: HAL.DLL >
[2010-11-21 00:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010-11-21 00:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010-11-21 00:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010-11-21 00:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2015-04-13 06:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2015-04-13 06:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009-07-14 04:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2015-04-11 06:53:55 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe

< MD5 for: SVCHOST.EXE >
[2015-09-21 19:04:23 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\svchost.exe
[2009-07-14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2010-11-21 00:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014-04-05 05:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\System32\drivers\tcpip.sys
[2014-04-05 05:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013-09-07 05:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2013-09-08 05:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012-10-03 19:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013-11-26 14:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012-10-03 19:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014-04-05 05:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010-11-21 00:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-21 00:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2015-09-21 19:04:24 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\winlogon.exe
[2014-07-16 05:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014-07-17 04:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014-07-17 04:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010-11-21 00:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014-03-04 12:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014-03-04 13:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< >

< %systemroot%*.* /U /s >
[10 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[51 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp -> ]
[2 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\Temp\is-RDOBJ.tmp\*.tmp files -> C:\Windows\Temp\is-RDOBJ.tmp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015-08-16 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-08-12 14:14:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Adobe
[2015-10-19 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2015-11-24 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2015-08-17 10:17:38 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\dvdcss
[2015-11-25 01:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Identities
[2015-08-09 20:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 07:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2013-01-04 05:26:01 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Macromedia
[2010-11-21 03:46:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Media Center Programs
[2016-08-09 19:44:13 | 000,000,000 | --SD | M] -- C:\Users\TDW\AppData\Roaming\Microsoft
[2016-08-21 11:21:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Mozilla
[2016-05-21 16:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2016-09-03 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Skype
[2015-11-30 23:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SOLIDWORKS
[2015-11-30 23:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SolidWorks 2014
[2015-08-09 14:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 15:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2016-09-03 06:04:17 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\uTorrent
[2016-09-03 05:07:36 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\vlc
[2015-09-29 17:53:34 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2015-06-18 11:40:22 | 000,015,360 | ---- | M] () -- C:\Users\TDW\AppData\Roaming\Axonstall\AxProtector.exe
[2012-09-06 02:04:02 | 000,445,352 | ---- | M] (wyDay) -- C:\Users\TDW\AppData\Roaming\Axonstall\wyUpdate.exe
[2015-02-28 21:51:52 | 000,054,432 | ---- | M] (Adobe Systems Inc.) -- C:\Users\TDW\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2016-08-17 00:10:16 | 002,370,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\TDW\AppData\Roaming\uTorrent\uTorrent.exe
[2016-08-17 00:10:16 | 002,370,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\TDW\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe
[2016-08-26 22:21:54 | 000,387,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\TDW\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2016-09-04 16:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2016-09-04 17:43:00 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job
[2016-09-04 17:20:02 | 000,000,510 | ---- | M] () -- C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job
[2016-09-04 15:45:00 | 000,000,608 | ---- | M] () -- C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1000.job
[2016-09-04 16:42:01 | 000,000,606 | ---- | M] () -- C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1390296456-3514786238-1037386279-1003.job
[2016-09-04 10:52:46 | 000,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2016-09-04 17:24:00 | 000,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8b17df2dec8d.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2016-09-04 15:47:51 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016-09-04 15:47:51 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016-09-04 10:54:36 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Steam" = "C:\Program Files\Steam\steam.exe" -silent -- [2016-08-23 22:33:10 | 002,857,248 | ---- | M] (Valve Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Speedup DelayLoad]

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2016-08-02 17:08:56 | 000,815,312 | ---- | M] (Microsoft Corporation) MD5=C5481C540C36793450318BCA4AD219DC -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2016-08-03 03:20:56 | 000,961,352 | ---- | M] (Google Inc.) MD5=D6393757CDE040A51306221842EA5C0A -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2016-09-04 17:29:46 | 000,000,512 | ---- | M] () MD5=1D7A138FAE50D8FB8D691F67E343D1A2 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2009-05-23 13:38:52 | 000,061,952 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2009-05-23 08:27:34 | 000,004,608 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2014-09-03 01:27:24 | 000,268,432 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014-09-03 01:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013-03-09 04:48:16 | 000,017,544 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1037\VSTOLoaderUI.dll
[2015-03-06 13:25:14 | 004,249,592 | ---- | M] () -- \Program Files\Common Files\SOLIDWORKS Installation Manager\23.0\sldimdownloader.exe
[2014-12-10 03:17:20 | 000,001,701 | ---- | M] () -- \Program Files\Steam\friends\broadcastuploaderrornotification.res
[2013-07-20 05:18:04 | 000,007,825 | ---- | M] () -- \Program Files\Steam\remoteui\static\libs\images\ajax-loader.gif
[2013-06-02 23:49:44 | 000,001,180 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NCdownloader.lnk
[2016-05-21 16:36:15 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\assets\htmlTemplates\events\bwRewards\img\loader-squares.gif
[2016-05-21 16:36:15 | 000,050,167 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\assets\htmlTemplates\events\bwRewards\img\loader.gif
[2016-05-21 17:12:43 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.214\deploy\assets\storeImages\layout\small_loader.gif
[2013-06-02 23:49:44 | 000,001,180 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\NCdownloader.lnk
[2016-09-02 21:28:00 | 000,001,893 | ---- | M] () -- \Users\TDW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6U1SPJ86\AdLoader-v2[1].htm
[2016-09-02 21:28:00 | 000,029,271 | ---- | M] () -- \Users\TDW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I88J3K68\AdLoader-v2-85ff019d29b074e4baace8aeb202ecf1.min[1].js
[2016-09-03 05:11:16 | 000,067,768 | ---- | M] () -- \Users\TDW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ECAACGXZ\loader[1].js
[2015-11-24 22:59:04 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\IMDownloaderVersion.xml
[2015-11-24 23:40:44 | 002,462,436 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 21:04:17 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\IMDownloaderVersion.xml
[2015-11-24 22:25:29 | 008,197,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 21:04:19 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 21:05:51 | 000,002,444 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00002.txt
[2015-11-24 22:59:07 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00003.txt
[2015-11-24 23:10:06 | 000,002,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00004.txt
[2016-03-22 22:58:45 | 000,001,600 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00005.txt
[2015-10-22 20:03:47 | 000,003,297 | ---- | M] () -- \Users\TDW\eclipse\java-mars\eclipse\configuration\org.eclipse.osgi\238\0\.cp\org\eclipse\m2e\core\ui\internal\wizards\MavenProjectWizardArchetypeParametersPage$RequiredPropertiesLoader.class
[2015-06-05 20:08:42 | 000,072,638 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.gif
[2015-06-05 20:08:42 | 000,003,032 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.png
[2015-06-05 20:08:42 | 000,006,012 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015-06-05 20:08:42 | 000,021,956 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015-06-05 20:08:42 | 000,009,772 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2012-11-19 23:13:34 | 000,000,847 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\ajax-loader.gif
[2012-11-19 23:13:34 | 000,001,135 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\loader-icon.png
[2012-11-19 23:13:34 | 000,003,208 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ui\gf\img\loader.gif
[2012-11-19 23:13:34 | 000,001,849 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2013-04-11 18:54:38 | 000,197,614 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi
[2012-12-13 23:29:00 | 000,199,445 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013-03-09 09:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 07:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013-03-09 09:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 07:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2009-10-23 00:15:32 | 000,016,712 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109E600D0400000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_122707_122707_x86_heb.3643236F_FC70_11D3_A536_0090278A1BB8.5326715A_77CF_482B_8CA0_13476898242B
[2005-09-23 05:24:22 | 000,061,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_dll_128691_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2005-09-23 00:23:44 | 000,004,608 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_tlb_128927_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2016-03-18 01:24:26 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-07-14 04:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2015-04-13 16:10:05 | 000,003,566 | ---- | M] () -- \Windows\System32\Tasks\YTDownloader
[2015-04-13 16:10:00 | 000,003,888 | ---- | M] () -- \Windows\System32\Tasks\YTDownloaderUpd
[2009-07-14 07:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2016-05-12 01:03:43 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_792d90885b602d98.manifest
[2016-05-12 01:03:43 | 000,033,000 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_792d90885b602d98_winload.exe.mui_3bc5b827
[2016-05-12 01:03:43 | 000,029,928 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_792d90885b602d98_winresume.exe.mui_ff8b5358
[2016-05-12 01:03:43 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d.manifest
[2016-05-12 01:03:43 | 000,534,816 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d_winload.exe_75835076
[2016-05-12 01:03:43 | 000,470,704 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d_winresume.exe_85cd1215
[2009-07-14 05:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 05:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2015-05-13 22:06:00 | 000,000,612 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2010-11-21 03:37:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2015-02-03 06:16:42 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_787ca05342610b3b.manifest
[2015-01-16 09:23:55 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_791ddf705b6ca2f8.manifest
[2015-02-03 06:36:49 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_790d410a5b78598d.manifest
[2015-04-27 22:04:39 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23040_en-us_790516dc5b7fc217.manifest
[2015-05-25 21:11:24 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_en-us_78e6a7ac5b964898.manifest
[2015-07-15 06:04:54 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_7920ba565b6a1f66.manifest
[2015-07-15 20:54:31 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_7915ea6a5b723b57.manifest
[2015-07-23 03:02:46 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_en-us_790719565b7df1ec.manifest
[2016-01-22 09:11:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_en-us_7917eeca5b706853.manifest
[2016-03-16 21:35:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23391_en-us_78d00d3c5ba75e98.manifest
[2016-03-18 01:34:51 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23392_en-us_78d10d865ba677ef.manifest
[2016-04-09 10:00:21 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_792d90885b602d98.manifest
[2010-11-21 00:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2015-02-03 06:32:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510.manifest
[2015-01-14 09:45:13 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_5dabdf9ce40faccd.manifest
[2015-02-03 06:54:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_5d9b4136e41b6362.manifest
[2015-04-27 22:17:27 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23040_none_5d931708e422cbec.manifest
[2015-05-25 21:35:55 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_5d74a7d8e439526d.manifest
[2015-07-15 06:25:32 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_5daeba82e40d293b.manifest
[2015-07-15 21:16:39 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_5da3ea96e415452c.manifest
[2015-07-23 03:23:37 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_5d951982e420fbc1.manifest
[2016-01-22 09:39:54 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_5da5eef6e4137228.manifest
[2016-03-16 22:02:45 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23391_none_5d5e0d68e44a686d.manifest
[2016-03-18 01:51:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_5d5f0db2e44981c4.manifest
[2016-04-09 10:16:41 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d.manifest
[2009-07-14 04:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 04:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009-07-14 04:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 07:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-08-02 04:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 08:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 07:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014-04-12 05:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 08:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-16 21:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23391_none_0ce9432cf3737b61\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-18 01:24:26 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23392_none_0cea4376f37294b8\api-ms-win-core-libraryloader-l1-1-0.dll

< Chat Conversation End >

========== Files - Unicode (All) ==========
[2016-08-01 13:11:23 | 000,032,064 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? ????? ???? ??? ??????? ?? ?????? ????? ???? ???? ??? ???? 058354242.docx) -- C:\Users\TDW\Desktop\מבחן בית בקורס חברת הים התיכוןן עפ תעודות גניזת קהיר מלכה כהן נהרי 058354242.docx
[2016-07-27 13:34:05 | 000,032,064 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? ????? ???? ??? ??????? ?? ?????? ????? ???? ???? ??? ???? 058354242.docx) -- C:\Users\TDW\Desktop\מבחן בית בקורס חברת הים התיכוןן עפ תעודות גניזת קהיר מלכה כהן נהרי 058354242.docx
[2016-07-12 15:58:23 | 000,033,415 | ---- | M] ()(C:\Users\TDW\Desktop\????? ????? ????, ???? ?????? - ???? ??? ???? ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\עבודה בקורס גרוש, גלות וגאולה - מלכה כהן נהרי מ.ז. 058354242.docx
[2016-07-12 10:39:24 | 000,033,415 | ---- | C] ()(C:\Users\TDW\Desktop\????? ????? ????, ???? ?????? - ???? ??? ???? ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\עבודה בקורס גרוש, גלות וגאולה - מלכה כהן נהרי מ.ז. 058354242.docx
[2016-07-05 19:15:00 | 000,033,825 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? - ???? ????? ???? ???????? ???? ?????? - ???? ???-????, ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\מבחן בית - קורס אנוסי ספרד ופורטוגל לאחר הגירוש - מלכה כהן-נהרי, מ.ז. 058354242.docx
[2016-07-03 17:40:46 | 000,033,825 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? - ???? ????? ???? ???????? ???? ?????? - ???? ???-????, ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\מבחן בית - קורס אנוסי ספרד ופורטוגל לאחר הגירוש - מלכה כהן-נהרי, מ.ז. 058354242.docx
[2016-05-23 18:55:41 | 000,032,908 | ---- | M] ()(C:\Users\TDW\Desktop\????? - ????? ???? ????? ?????? ???????? - ???? ???-????, ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\תיקון - עבודת סיום בקורס תעודות ופרשנותן - מלכה כהן-נהרי, מ.ז. 058354242.docx
[2016-05-19 23:13:59 | 000,015,340 | ---- | M] ()(C:\Users\TDW\Desktop\????? ???? ?????.docx) -- C:\Users\TDW\Desktop\עבודת סיום בקורס.docx
[2016-05-19 23:13:59 | 000,015,340 | ---- | C] ()(C:\Users\TDW\Desktop\????? ???? ?????.docx) -- C:\Users\TDW\Desktop\עבודת סיום בקורס.docx
[2016-05-19 23:13:59 | 000,000,162 | -H-- | M] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2016-05-19 23:13:59 | 000,000,162 | -H-- | C] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2016-05-19 16:19:46 | 000,032,908 | ---- | C] ()(C:\Users\TDW\Desktop\????? - ????? ???? ????? ?????? ???????? - ???? ???-????, ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\תיקון - עבודת סיום בקורס תעודות ופרשנותן - מלכה כהן-נהרי, מ.ז. 058354242.docx
[2016-05-17 19:13:04 | 000,048,944 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???-???? - ???? ??? ????? ???????, ??????, ?????? ?????????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי - מבחן בית בקורס לאומיות, ציונות, תולדות ההתיישבות.docx
[2016-05-08 18:37:45 | 000,036,868 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? ????? ????? ????????? ?????? - ???? ???-????, ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\מבחן בית בקורס זרמים ופלורליזם ביהדות - מלכה כהן-נהרי, מ.ז. 058354242.docx
[2016-04-20 23:33:04 | 000,014,943 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????? ??????? ????? ?????? ?????? ???? ???? ????.docx) -- C:\Users\TDW\Desktop\שחרור החסמים הגדולים ביותר למציאת זוגיות שלום מטלי וחנן.docx
[2016-04-20 23:33:04 | 000,014,943 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????? ??????? ????? ?????? ?????? ???? ???? ????.docx) -- C:\Users\TDW\Desktop\שחרור החסמים הגדולים ביותר למציאת זוגיות שלום מטלי וחנן.docx
[2016-04-12 12:12:19 | 000,036,868 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? ????? ????? ????????? ?????? - ???? ???-????, ?.?. 058354242.docx) -- C:\Users\TDW\Desktop\מבחן בית בקורס זרמים ופלורליזם ביהדות - מלכה כהן-נהרי, מ.ז. 058354242.docx
[2016-02-21 20:43:28 | 000,103,537 | ---- | M] ()(C:\Users\TDW\Desktop\?????? ?????? 16.pdf) -- C:\Users\TDW\Desktop\הגיחון פברואר 16.pdf
[2016-02-21 20:43:28 | 000,103,537 | ---- | C] ()(C:\Users\TDW\Desktop\?????? ?????? 16.pdf) -- C:\Users\TDW\Desktop\הגיחון פברואר 16.pdf
[2016-02-17 17:44:29 | 000,034,338 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???-???? - ???? ??? ????? ????? ??????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי - מבחן בית בקורס מהמרה לגירוש.docx
[2016-02-17 00:47:49 | 000,056,992 | ---- | M] ()(C:\Users\TDW\Desktop\???? ????? ?????? - ????. ???? ???? ????.docx) -- C:\Users\TDW\Desktop\קורס מהמרה לגירוש - פרופ. רינה לוין מלמד.docx
[2016-02-16 15:56:11 | 000,056,992 | ---- | C] ()(C:\Users\TDW\Desktop\???? ????? ?????? - ????. ???? ???? ????.docx) -- C:\Users\TDW\Desktop\קורס מהמרה לגירוש - פרופ. רינה לוין מלמד.docx
[2016-02-16 15:33:21 | 000,034,338 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???-???? - ???? ??? ????? ????? ??????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי - מבחן בית בקורס מהמרה לגירוש.docx
[2016-02-02 23:45:28 | 000,012,983 | ---- | M] ()(C:\Users\TDW\Desktop\160 ???? ??????.docx) -- C:\Users\TDW\Desktop\160 לפני הספירה.docx
[2016-02-02 23:45:28 | 000,012,983 | ---- | C] ()(C:\Users\TDW\Desktop\160 ???? ??????.docx) -- C:\Users\TDW\Desktop\160 לפני הספירה.docx
[2015-11-24 20:46:52 | 002,250,992 | ---- | M] ()(C:\Users\TDW\Desktop\??? ????.rtf) -- C:\Users\TDW\Desktop\אמא קורס.rtf
[2015-11-24 20:46:51 | 002,250,992 | ---- | C] ()(C:\Users\TDW\Desktop\??? ????.rtf) -- C:\Users\TDW\Desktop\אמא קורס.rtf
[2015-11-24 12:59:20 | 000,048,944 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???-???? - ???? ??? ????? ???????, ??????, ?????? ?????????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי - מבחן בית בקורס לאומיות, ציונות, תולדות ההתיישבות.docx
[2015-11-17 21:54:45 | 000,100,707 | ---- | M] ()(C:\Users\TDW\Desktop\??' ?????? ??_?.pdf) -- C:\Users\TDW\Desktop\חב' הגיחון בע_מ.pdf
[2015-11-17 21:54:45 | 000,100,707 | ---- | C] ()(C:\Users\TDW\Desktop\??' ?????? ??_?.pdf) -- C:\Users\TDW\Desktop\חב' הגיחון בע_מ.pdf
[2015-11-12 20:12:45 | 000,174,590 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??????.pdf) -- C:\Users\TDW\Desktop\מחיר למשתכן.pdf
[2015-11-12 20:12:45 | 000,174,590 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??????.pdf) -- C:\Users\TDW\Desktop\מחיר למשתכן.pdf
[2015-11-06 13:49:25 | 000,000,000 | --SD | M](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-11-06 13:49:25 | 000,000,000 | --SD | C](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-10-29 21:51:07 | 001,029,078 | ---- | M] ()(C:\Users\TDW\Desktop\?????? ?????? ?????? 29.01.12.pdf) -- C:\Users\TDW\Desktop\המדריך למציאת זוגיות 29.01.12.pdf
[2015-10-29 21:51:02 | 001,029,078 | ---- | C] ()(C:\Users\TDW\Desktop\?????? ?????? ?????? 29.01.12.pdf) -- C:\Users\TDW\Desktop\המדריך למציאת זוגיות 29.01.12.pdf
[2015-08-31 19:34:33 | 000,000,000 | ---D | M](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-06-08 21:50:52 | 000,000,000 | ---D | C](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-05-26 20:13:49 | 000,039,844 | ---- | M] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2015-05-20 13:01:33 | 000,039,844 | ---- | C] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2013-06-27 17:52:35 | 000,000,193 | ---- | M] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-27 17:52:35 | 000,000,193 | ---- | C] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-19 21:54:12 | 000,016,837 | ---- | M] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-19 21:54:12 | 000,016,837 | ---- | C] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-15 22:21:25 | 000,016,927 | ---- | M] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx
[2013-06-15 22:21:24 | 000,016,927 | ---- | C] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 4 bytes -> C:\temp:rnd.dat
@Alternate Data Stream - 4 bytes -> C:\temp:pid2
@Alternate Data Stream - 4 bytes -> C:\temp:pid1
@Alternate Data Stream - 22 bytes -> C:\temp:srv

< End of report >

Spusťte znovu OTL jako správce.
Do spodniho okna vlozte nasledujici text:

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (surf and keeP) - {0451830B-94C5-4CF4-CFCA-2F06DF13BF18} - C:\Program Files\surf and keeP\MhFaMvjkgH.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (surf and keep) - {C635E43A-42F4-7B54-C7A8-124A2ECE0D07} - C:\Program Files\surf and keep\FiD5.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" File not found
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\System32\tasklist.exe (Microsoft Corporation)
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 4 bytes -> C:\temp:rnd.dat
@Alternate Data Stream - 4 bytes -> C:\temp:pid2
@Alternate Data Stream - 4 bytes -> C:\temp:pid1
@Alternate Data Stream - 22 bytes -> C:\temp:srv



:files
C:\Program Files\Skype\Toolbars
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8b17df2dec8d.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70839579-320E-4763-A420-8468514E4F69}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0451830B-94C5-4CF4-CFCA-2F06DF13BF18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0451830B-94C5-4CF4-CFCA-2F06DF13BF18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C635E43A-42F4-7B54-C7A8-124A2ECE0D07}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C635E43A-42F4-7B54-C7A8-124A2ECE0D07}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
C:\Windows\System32\NeroCheck.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZyngaGamesAgent deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skypec2c\ deleted successfully.
File C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe\ deleted successfully.
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\temp:rnd.dat deleted successfully.
ADS C:\temp:pid2 deleted successfully.
ADS C:\temp:pid1 deleted successfully.
ADS C:\temp:srv deleted successfully.
========== FILES ==========
C:\Program Files\Skype\Toolbars\PNRSvc folder moved successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\Skype\Toolbars\ChromeExtension folder moved successfully.
C:\Program Files\Skype\Toolbars\AutoUpdate folder moved successfully.
C:\Program Files\Skype\Toolbars folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8b17df2dec8d.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 804 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 54432 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TDW
->Temp folder emptied: 18841119 bytes
->Temporary Internet Files folder emptied: 41256556 bytes
->Flash cache emptied: 55351 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 847755 bytes
->Google Chrome cache emptied: 368910500 bytes
->Flash cache emptied: 58248 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7309246 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 417.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TDW
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 09042016_194855

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\tasklist.exe scheduled to be moved on reboot.
C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Smazáno. Nastala nějaká změna?

Ano, pozitivní změna Dnes po spuštění počítač nezamrzl a běžel úplně normálně

edit: Tak krátce po napsání tohoto příspěvku systém během pár vteřin přestal reagovat, naběhla černá obrazovka a poté samovolný restart.

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06-Sep-16
Scan Time: 10:43 AM
Logfile: results.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.06.02
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: TDW

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 500117
Time Elapsed: 1 hr, 45 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 26
PUP.Optional.Incredibar, HKLM\SOFTWARE\CLASSES\APPID\{608D3067-77E8-463D-9084-908966806826}, , [82686e00910978be07c22274ea18dd23],
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{C007DADD-132A-624C-088E-59EE6CF0711F}, , [915994da4456bf77490a3a5dc63c51af],
Adware.1ClickDownload, HKLM\SOFTWARE\CLASSES\APPID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}, , [b03a1757039721158fc57720887a8e72],
PUP.Optional.ASK, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [1bcfc9a5a6f45bdbdb9f4467c044cc34],
PUP.Optional.ASK, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [1bcfc9a5a6f45bdbdb9f4467c044cc34],
PUP.Optional.MyStart, HKLM\SOFTWARE\mystarttb, , [e505bcb2c3d76acca378466792716a96],
PUP.Optional.BrowserWeb, HKLM\SOFTWARE\MICROSOFT\TRACING\BrowserWeb_RASAPI32, , [9c4e6d016f2b69cdc564f4e37e85669a],
PUP.Optional.BrowserWeb, HKLM\SOFTWARE\MICROSOFT\TRACING\BrowserWeb_RASMANCS, , [0dddbfaf128866d042e7eee93ec5f808],
PUP.Optional.MixVideoPlayer, HKLM\SOFTWARE\MICROSOFT\TRACING\MixVideoPlayer_RASAPI32, , [7179224c3466b185729cc23ea85c22de],
PUP.Optional.MixVideoPlayer, HKLM\SOFTWARE\MICROSOFT\TRACING\MixVideoPlayer_RASMANCS, , [5397bab43a6043f3e8268080e61e1ce4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\TRACING\YontooDesktop_RASAPI32, , [608a5f0f128844f259e6ae2323df2ed2],
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\TRACING\YontooDesktop_RASMANCS, , [f5f5a6c8643641f5ed522da426dcbf41],
PUP.Optional.ExpressFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30A970D1-79E8-4BD2-8B99-6A7AF205D15C}, , [e604c6a86f2ba39346bb639c5ca7d729],
PUP.Optional.GoForFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{325A3186-C7DB-4DCF-B1AD-0A28FECBC4DD}, , [2dbd4e202f6b91a5a36105fa3ec57c84],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{351797B1-55CF-4339-BDBE-40DB7D837EA3}, , [48a26e00c9d1d264542311de9b68619f],
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4022EDD9-C154-42EA-AAE9-2E6B532AAE0B}, , [49a1f5799cfef83ece1218d822e16a96],
PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F04CC6BF-63DC-4444-8D8B-B10A044D151A}, , [cc1ea5c9e9b16bcb0cec0fe1d330aa56],
PUP.Optional.ExpressFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Express FilesUpdate, , [e7038ee00793d85ecf3c12c3cd352ad6],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, , [4f9badc1861468ce796f02aa53b0f10f],
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Performer, , [b3370f5fb1e980b63aa738b8ce35e719],
PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PFExe, , [af3b2549cfcbeb4b6fb5992b0003eb15],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\One System Care, , [579397d7dac06ccae539bcff828250b0],
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\APPDATALOW\SOFTWARE\CHECKMEUP, , [b3373539d7c3ab8bbcb53d86ae55b34d],
PUP.Optional.OutBrowse, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\OB, , [8b5fa7c7efab2d093b4d68461de6fd03],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\One System Care, , [2ac09ed098027abc4ad48536fc08629e],
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\One System Care, , [8a60b6b8dbbf0d29db43eccf39cb6d93],

Registry Values: 26
PUP.Optional.ASK, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, | ÔJ f@ˇ­BCŘ t@, , [1bcfc9a5a6f45bdbdb9f4467c044cc34]
PUP.Optional.ASK, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [c9215a146d2dfc3a7cfe6645976dac54],
PUP.Optional.ExpressFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30A970D1-79E8-4BD2-8B99-6A7AF205D15C}|Path, \Express FilesUpdate, , [e604c6a86f2ba39346bb639c5ca7d729]
PUP.Optional.GoForFiles, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{325A3186-C7DB-4DCF-B1AD-0A28FECBC4DD}|Path, \GoforFilesUpdate, , [2dbd4e202f6b91a5a36105fa3ec57c84]
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{351797B1-55CF-4339-BDBE-40DB7D837EA3}|Path, \LaunchPreSignup, , [48a26e00c9d1d264542311de9b68619f]
PUP.Optional.PCPerformer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4022EDD9-C154-42EA-AAE9-2E6B532AAE0B}|Path, \PC Performer, , [49a1f5799cfef83ece1218d822e16a96]
PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F04CC6BF-63DC-4444-8D8B-B10A044D151A}|Path, \PFExe, , [cc1ea5c9e9b16bcb0cec0fe1d330aa56]
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\APPDATALOW\SOFTWARE\CHECKMEUP|id, 7E12D6FE4C60A8DC, , [b3373539d7c3ab8bbcb53d86ae55b34d]
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\APPDATALOW\SOFTWARE\CHECKMEUP|it, 1428930556, , [36b4145accce1224e88920a38d767789]
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\APPDATALOW\SOFTWARE\CHECKMEUP|ut, 0, , [7d6d1e509dfde353125fc4ff7390a45c]
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\APPDATALOW\SOFTWARE\CHECKMEUP|eb, , [20ca6b034159cf677ff223a031d21ae6],
PUP.Optional.Revizer.PrxySvrRST, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\APPDATALOW\SOFTWARE\CHECKMEUP|ia, IE,Chrome, , [fdeda4ca089279bd630eebd89f64ce32]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\OB|monitype15, 4/13/15 16:6:52, , [8b5fa7c7efab2d093b4d68461de6fd03]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\OB|monitype17, 4/13/15 16:9:57, , [19d12549c2d8a88e4642fbb3c73c5da3]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\OB|monitype19, 4/13/15 16:9:57, , [16d4511db9e131052068ad01cf34b749]
PUP.Optional.OutBrowse, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\OB|monitype41, 4/13/15 16:9:57, , [26c475f966345fd75b2db9f511f224dc]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, , [8b5fed81603a65d1eb4e59554cb719e7]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002110/DriverPro.exe, , [14d6cba3a6f44de984b4b5f9fb0822de]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1000\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://od.onesaveservers.net/291002110/OneSaveSetup.exe, , [0bdf303ee7b344f230088b2344bfdf21]
PUP.Optional.BrowserWeb, HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|BrowserWeb.exe, 11001, , [4b9fcea086142412b982b131ea196799]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, , [36b46b03a1f9b77f81b81a94b94a6898]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002110/DriverPro.exe, , [fbefb8b66b2f1f17e94f2f7f4cb7a060]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://od.onesaveservers.net/291002110/OneSaveSetup.exe, , [be2c1a545347191d0e2a743a887bf709]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\ONE SYSTEM CARE|OSID, 6.1, , [0ae0dc926733e551f445228c2cd7ce32]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002110/DriverPro.exe, , [2cbea9c5bcde82b41a1e248af40fcb35]
PUP.Optional.OneSystemCare, HKU\S-1-5-21-1390296456-3514786238-1037386279-500\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://od.onesaveservers.net/291002110/OneSaveSetup.exe, , [5694115d32683ff7cd6bb4fab84b3bc5]

Registry Data: 0
(No malicious items detected)

Folders: 12
PUP.Optional.MyStart, C:\Users\TDW\AppData\LocalLow\mystarttb, , [2cbeee805d3d87af96cda21758aa946c],
PUP.Optional.MultiPlug, C:\ProgramData\QuickSet\SK.Enhancer, , [ea009bd3a3f7e056ad9dad1946bc53ad],
PUP.Optional.MultiPlug, C:\ProgramData\QuickSet\SK.Enhancer\161304646, , [ea009bd3a3f7e056ad9dad1946bc53ad],
PUP.Optional.Conduit, C:\Users\user\AppData\Local\Conduit, , [e9012e406436f1452bc9daec2bd733cd],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\Community Alerts, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\Community Alerts\Log, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\0a3aab23-03f1-0, , [b13973fb92084beb168a5d6a7290f50b],
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\0a3aab23-2bc3-1, , [47a3d9958e0c77bf08985e690ef4ab55],

Files: 45
PUP.Optional.ExpressFiles, C:\Windows\System32\Tasks\Express FilesUpdate, , [a94197d76634082e47c2fdd86a980000],
PUP.Optional.MixVideoPlayer, C:\Users\Administrator\Desktop\MixVideoPlayer.lnk, , [dd0d8ee0ff9b3ff7b673a507a45ff10f],
PUP.Optional.MixVideoPlayer, C:\Users\user\Desktop\MixVideoPlayer.lnk, , [8862d29c6a308fa789a0545839ca6898],
PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, , [2bbf640a950592a4a73f5c5055ae35cb],
PUP.Optional.PriceFountain, C:\Windows\System32\Tasks\PFExe, , [e307c0ae108a6ec8a37ff5cf659e3dc3],
PUP.Optional.Amonetize.Gen, C:\ProgramData\0a3aab23-03f1-0\BIT89EB.tmp, , [35b5c2ac2278b482a81f2ac4a95a8779],
PUP.Optional.Amonetize.Gen, C:\ProgramData\0a3aab23-2bc3-1\BIT8613.tmp, , [da105a149cfee55107c024ca19eae917],
PUP.Optional.MultiPlug, C:\ProgramData\QuickSet\SK.Enhancer\161304646.ini, , [ea009bd3a3f7e056ad9dad1946bc53ad],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.1000034.Settings.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.1000082.currentList.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.1000082.localStations.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.1000082.nowPlaying.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.1000082.publisherStations.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.129771377963288580.search.selectedEngineId.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.129771377963288580.search.settings.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.appOptions.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.NotificationSettings.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.NOTIFICATION_ID.notifications-repository.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.NOTIFICATION_ID.notifications-servicemap.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.NOTIFICATION_ID.notifications-service_1622111.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343.searchProtectorData.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_appsMetadata.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_appTrackingFirstTime.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_gottenAppsContextMenu.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_login.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_serviceMap.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_toolbarContextMenu.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_toolbarSettings.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_translation.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_searchAPI.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_serviceMap.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_toolbarContextMenu.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_toolbarSettings.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_translation.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_appsMetadata.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_appTrackingFirstTime.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_gottenAppsContextMenu.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_login.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_otherAppsContextMenu.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_10.14.40.128.serviceLayer_services_otherAppsContextMenu.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\CT3202343_RAW.serviceLayer_services_searchAPI.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\toolbar_initializing_logger.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\uninstallData.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUP.Optional.Conduit, C:\Users\user\AppData\LocalLow\Conduit\ChromeExtData\okemjkdkkihnhdaanohnleknbaddlddb\Repository\uninstallUrl.txt, , [21c92b43f1a99f97ba3ba62029d947b9],
PUM.Optional.FireFoxSearchOverride, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js, , [b63499d55149b185c1f59a01ed1720e0],

Physical Sectors: 0
(No malicious items detected)


(end)

Nálezy smažte.

Dnes dopoledne se problém opět opakoval - krátké zamrznutí a následně pád systému

Otevřte adresář c:\windows\minidump, soubory v něm nalezené zabalte do raru a přiložte k vašemu příštímu postu.