CloseProcesses:
CreateRestorePoint:
C:\Users\User\AppData\Roaming\uTorrent
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
"C:\Program Files (x86)\YTDownloader
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\Run: [AIM for Windows] => "C:\Users\User\AppData\Local\AOL\AIM\aim.exe"
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: F - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {498cce3f-4c17-11e5-82bf-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {6e512137-0268-11e5-82ab-a01d48d64a58} - "H:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {c8d770fe-ce3f-11e4-8265-a01d48d64a58} - "F:\Autorun.exe" 
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\...\MountPoints2: {d81fc01b-ce91-11e4-8267-a01d48d64a58} - "G:\Madden08.exe" 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1819164317-4010897610-528679445-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.avg.com/?cid=%7BF01979C8-19C3-4814-874F-B83DF32AC760%7D&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10%2020:40:45&v=18.5.0.909&pid=safeguard&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {7931E49C-AC22-4603-B8DE-6B95EDF8664F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={F01979C8-19C3-4814-874F-B83DF32AC760}&mid=80e8b0b8298d47cda11871540e32a3ab-dbbe4943d0ac3bb7e5c5bdada946fe7d064f3972&lang=en&ds=px011&pr=sa&d=2015-05-10 20:40:45&v=15.3.0.10&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1819164317-4010897610-528679445-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF DefaultSearchEngine: SafeSearch
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Keyword.URL: 
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lds9bvqt.default\user.js [2015-05-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safesearch.xml [2015-03-20]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-12-05 11:49 - 2015-03-14 14:59 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-12-05 11:09 - 2015-04-06 01:21 - 00001008 _____ C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job
2015-12-05 01:09 - 2015-04-06 00:09 - 00001338 _____ C:\Windows\Tasks\QJNFZ.job
2015-12-04 22:28 - 2015-09-07 16:43 - 00002660 _____ C:\Users\User\Desktop\µTorrent.lnk
C:\Users\User\ent_ikov_preferences.dat
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {31DF5A1A-93EE-4235-A060-DFB40A9F9072} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe <==== ATTENTION
Task: {3A9E3F37-80F4-42D4-A3E6-E30B01C88CBC} - System32\Tasks\QJNFZ => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: {44EDDB37-3DE1-4AB9-B7E1-50A14FAA612D} - \ShopperProJSUpd -> No File <==== ATTENTION
C:\ProgramData\Origin
Task: {53C5C98E-4321-41D9-A1A6-99C9F5F2CAF5} - System32\Tasks\WCKWKBCMYC => C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5\467e8f03c4a04721aa58bd9681d15af5.exe <==== ATTENTION
C:\ProgramData\467e8f03c4a04721aa58bd9681d15af5
Task: {656CDEAE-4290-4DC0-8A62-B9E2C8DA5D11} - System32\Tasks\wS36FQNEHgSN9J2IC => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe
Task: {95B45C8B-C09C-4458-91DD-C9782440B325} - \SMWUpd -> No File <==== ATTENTION
Task: {97362E58-F55C-41F5-A01E-32F18209A5BB} - \SPDriver -> No File <==== ATTENTION
Task: {9F5C2421-026A-4681-876E-9A7764A565DD} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {A091371A-5776-4F97-B151-3B8892CCECF6} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-10_user -> No File <==== ATTENTION
Task: {C537D4DF-E5A0-41EE-BAAE-A87FE0E79935} - \b9d53daf-0069-4b7e-80f9-a1a2d75c3b05-1-7 -> No File <==== ATTENTION
Task: {E31B058C-3557-4795-8FEA-3AEF1869957A} - \ShopperPro -> No File <==== ATTENTION
Task: {EB2BE4AE-F77D-44CE-B4A1-7558A7302182} - \SMW_UpdateTask_Time_323335383530333133382d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\QJNFZ.job => C:\Users\User\AppData\Roaming\QJNFZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\wS36FQNEHgSN9J2IC.job => C:\Users\User\AppData\Roaming\wS36FQNEHgSN9J2IC.exe <==== ATTENTION
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII\FF7 OpenGL Config File.lnk -> C:\Program Files (x86)\Square Enix\FINAL FANTASY VII\OpenGLconfig.bat (No File) <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
FirewallRules: [{035E0A5A-8187-4525-8F1F-C21A59E84149}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{BCFFBBD3-CC7E-4293-91AD-941018EC13CB}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{0597C00C-5B29-4E32-854E-AD0878D240A2}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA7F471B-E7EC-4466-B249-81866ED5B083}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E5F7058-524D-4C40-9167-A3475033D8AD}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3920D332-B1D3-45C0-9261-7905C476B2BC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6E36A9C-A6A8-4983-B4F0-8A0DDAADD58E}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D5719D4A-CB3D-4551-A011-0D063C6128FB}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{038B64AE-041D-4AC7-AB8B-EE98A1B4A76D}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe
FirewallRules: [UDP Query User{E2C7577A-E6C0-464B-90A6-5D1CC36FB7CF}C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.5_41035.exe  
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: