CreateRestorePoint:
() C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
() C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.exe
Task: {65CBDADE-3BC5-4BCF-AC52-3D23722D73A3} - System32\Tasks\WSE_Vosteran => C:\Users\bibblebucket1\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-12-01] () <==== ATTENTION
Task: {9AFDCE98-F2E3-4513-8E36-29D4DEA7AF1E} - System32\Tasks\WSE_Astromenda => C:\Users\bibblebucket1\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-12-31] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => 0x0306010057ADD92D9443F3408746C48A85DACA0C460022010000000044440000200000000014730F000000000013040020208021DF070700040010000B0035000000DB000000410043003A005C00550073006500720073005C0042004900420042004C0045007E0031005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005700530045005F00410053007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B00000000001B0062006900620062006C0065006200750063006B00650074005C0062006900620062006C0065006200750063006B0065007400310000000000000008000000000000000000010030000000D4070800020000000000000001003500A00500003C0000000000000001000000010000000000000000000000
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\BIBBLE~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\BIBBLE~1\AppData\Roaming\WSE_VO~1
C:\Program Files (x86)\WSE_Astromenda
C:\Users\bibblebucket1\AppData\Roaming\Settings Manager
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Polono] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BIBBLE~1\AppData\Local\552A60~1\Senapihu.dat"
HKLM-x32\...\RunOnce: [Rufoco] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BIBBLE~1\AppData\Local\621BF1~1\Netup.dat" 
C:\Users\BIBBLE~1\AppData\Local\552A60~1
C:\Users\BIBBLE~1\AppData\Local\621BF1~1
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-10] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Settings Manager] => C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.EXE [897520 2015-05-22] ()
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] ()
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/...r=1627451199=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://astromenda.co...cr=134114094=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/...r=1627451199=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://rocket-find.c...cr=173684390=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {3510A9C9-89BD-4CA3-AD0B-170752148322} URL = http://astromenda.co...cr=825971628=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.condui...0502360717&UM=1
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://astromenda.co...cr=134114094=
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} ->  No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
Toolbar: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
CHR Extension: (Rocket New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-03]
CHR Extension: (Vosteran New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-03-18]
CHR Extension: (Astromenda New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2015-03-18]
2015-07-16 11:54 - 2014-12-01 17:54 - 00000340 _____ C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-07-16 11:53 - 2014-08-20 17:30 - 00000340 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
EmptyTemp: