start
createrestorepoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3283487418-1309324023-1434333997-1001\...\MountPoints2: {f733304a-ad61-11e2-81dd-e02a82d0069d} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3283487418-1309324023-1434333997-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs-x32: C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll => "C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll" File Not Found
SearchScopes: HKU\S-1-5-21-3283487418-1309324023-1434333997-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-3283487418-1309324023-1434333997-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: No Name -> {11A65C94-D3A6-42F5-B671-1B2618C163Fc} ->  No File
Task: {0B8A2754-E392-451D-AF12-254D6241EB9E} - System32\Tasks\8dfb39a0 => C:\Users\Anneka\AppData\Local\Temp\\setup1376163744.exe <==== ATTENTION
Task: {0CB9ED13-CC39-46AC-B63C-88765AF43391} - \2172338192 No Task File <==== ATTENTION
Task: {105C3A63-49F3-499D-A3F4-02C6FBA4EC5A} - System32\Tasks\34ae1b6c => C:\Users\Anneka\AppData\Local\Temp\\setup2438556236.exe <==== ATTENTION
Task: {18764ABE-3B53-4A88-850B-CDF4B1C9FC7A} - \2557795280 No Task File <==== ATTENTION
Task: {195EDB8E-0B4B-43F5-B023-0E1C9495DE33} - System32\Tasks\1ad2b5b0 => C:\Users\Anneka\AppData\Local\Temp\\setup3739095984.exe <==== ATTENTION
Task: {23134C3C-F13F-4194-9262-DCC49A56AB81} - System32\Tasks\57b62bb0 => C:\Users\Anneka\AppData\Local\Temp\\setup695832896.exe <==== ATTENTION
Task: {2766D893-D078-48BE-8214-C4273CAD671A} - System32\Tasks\58b25d20 => C:\Users\Anneka\AppData\Local\Temp\\setup482196256.exe <==== ATTENTION
Task: {2C49F2F1-E7BF-4918-A341-4640CB172597} - System32\Tasks\c15910b0 => C:\Users\Anneka\AppData\Local\Temp\\setup2237951664.exe <==== ATTENTION
Task: {2EE95628-35C3-4F71-AE50-78348D879EB6} - System32\Tasks\3d1878c0 => C:\Users\Anneka\AppData\Local\Temp\\setup19119504.exe <==== ATTENTION
Task: {3203F8D3-1B28-43A1-88BD-D2EC36D5015C} - System32\Tasks\c619e9f0 => C:\Users\Anneka\AppData\Local\Temp\\setup3323587056.exe <==== ATTENTION
Task: {3B4ABB31-AFCA-4FC6-9975-F6971B4A0456} - System32\Tasks\fbd2a2e0 => C:\Users\Anneka\AppData\Local\Temp\\setup3322113888.exe <==== ATTENTION
Task: {46AE59CD-3A0C-4304-9900-692224D53E32} - System32\Tasks\win4036e0 => \\.\globalroot\Device\HarddiskVolume2\Users\Anneka\AppData\Local\Temp\win4036e0.dat <==== ATTENTION
Task: {4EAB8BC1-5632-42EC-ABB4-6A28973CCA26} - System32\Tasks\fa77f810 => C:\Users\Anneka\AppData\Local\Temp\\setup4202166288.exe <==== ATTENTION
Task: {6D44D88D-2B92-42E8-872E-9AEC36372739} - System32\Tasks\1c34d20 => C:\Users\Anneka\AppData\Local\Temp\\setup1848724192.exe <==== ATTENTION
Task: {7BCBD71B-7C77-42B5-A70A-40B6DD70C299} - System32\Tasks\b040fcb0 => C:\Users\Anneka\AppData\Local\Temp\\setup1951161008.exe <==== ATTENTION
Task: {81245BD3-E753-4675-A519-9F021151E7A1} - System32\Tasks\6048f100 => C:\Users\Anneka\AppData\Local\Temp\\setup609505024.exe <==== ATTENTION
Task: {B564F916-EBCB-416C-9970-FE8A57DD9B5A} - System32\Tasks\87e98268 => C:\Users\Anneka\AppData\Local\Temp\\setup975349144.exe <==== ATTENTION
Task: {B687CAA4-DDCF-432B-BAEC-B25E2B2E4A10} - System32\Tasks\{B54171C6-1D88-4A47-8130-6451B5CFA0AD} => pcalua.exe -a C:\Users\Anneka\Downloads\utorrent_setup_2014.exe -d C:\Users\Anneka\Downloads
C:\Users\Anneka\Downloads\utorrent_setup_2014.exe
Task: {C3C403F3-58F7-4114-AAB1-2546CA70379D} - System32\Tasks\a2c8f5d0 => C:\Users\Anneka\AppData\Local\Temp\\setup3518482352.exe <==== ATTENTION
Task: {CBD88E63-A7ED-4251-A80C-643C034536BA} - System32\Tasks\c3441620 => C:\Users\Anneka\AppData\Local\Temp\\setup2270131232.exe <==== ATTENTION
Task: {CD7ADE5E-2B41-4043-B426-B4EBC592C115} - System32\Tasks\217e7b30 => C:\Users\Anneka\AppData\Local\Temp\\setup3851016496.exe <==== ATTENTION
Task: {E18E4EFD-715E-4071-A621-D7F879685520} - System32\Tasks\94827930 => C:\Users\Anneka\AppData\Local\Temp\\setup1588807088.exe <==== ATTENTION
Task: {F36C9B87-AA5E-4240-B829-9796F54762A1} - System32\Tasks\71158f60 => C:\Users\Anneka\AppData\Local\Temp\\setup879494368.exe <==== ATTENTION
Task: {F43BE288-D772-414A-80C0-478ABE9C8663} - System32\Tasks\ac050060 => C:\Users\Anneka\AppData\Local\Temp\\setup1867870752.exe <==== ATTENTION
Task: {FDD4DB25-B5A3-48DF-B055-54F3D48317FB} - System32\Tasks\90d10d70 => C:\Users\Anneka\AppData\Local\Temp\\setup1423725120.exe <==== ATTENTION
emptytemp:
end