Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Been handed down a laptop, running slower than the one I was replacing


  • This topic is locked This topic is locked

#1
moose35

moose35

    Member

  • Member
  • PipPip
  • 27 posts

Hi there,

 

I have recently received a computer, with the aim of replacing an older model that simply couldn't handle the workload.

 

Unfortunately, it:

 

1.) Is running much slower than the older one

2.) Has plenty of adware installed that I can't seem to get rid of

3.) Has a slower start-up and shut-down time

4.) Generally seems to be infected or slowed down, due to malware and or/viruses

 

This poses a big problem, as my work now takes 2x as long to complete.

 

I am attaching both OTL logs below. Many thanks for your help!

 

 

OTL logfile created on: 3. 9. 2014 13:33:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zuzana\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
 
3,75 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 40,15% Memory free
7,49 Gb Paging File | 4,78 Gb Available in Paging File | 63,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 245,62 Gb Free Space | 52,75% Space Free | Partition Type: NTFS
Drive D: | 558,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PETERSULEK | User Name: Zuzana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/03 13:29:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zuzana\Desktop\OTL.exe
PRC - [2014/08/30 08:11:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/08/25 18:44:14 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/08/13 04:02:20 | 001,820,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
PRC - [2014/08/13 04:02:19 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
PRC - [2014/08/08 10:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/07/18 03:39:41 | 000,389,744 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/06/19 08:44:09 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2013/12/12 13:49:08 | 000,114,688 | ---- | M] (fdsa) -- C:\Windows\SysWOW64\nvidiah1.exe
PRC - [2013/12/12 13:44:44 | 000,008,224 | ---- | M] () -- C:\Windows\SysWOW64\xnviewh1.exe
PRC - [2012/10/29 18:22:24 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/09/18 05:10:08 | 000,248,704 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/04 11:17:42 | 000,999,704 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
PRC - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/03 10:13:58 | 000,007,168 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\hashobjs_ext.pyd
MOD - [2014/09/03 10:13:57 | 000,805,888 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._gdi_.pyd
MOD - [2014/09/03 10:13:57 | 000,027,136 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\_multiprocessing.pyd
MOD - [2014/09/03 10:13:56 | 001,160,704 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\_ssl.pyd
MOD - [2014/09/03 10:13:56 | 000,110,080 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\pywintypes27.dll
MOD - [2014/09/03 10:13:55 | 000,811,008 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._windows_.pyd
MOD - [2014/09/03 10:13:55 | 000,713,216 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\_hashlib.pyd
MOD - [2014/09/03 10:13:55 | 000,070,656 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._html2.pyd
MOD - [2014/09/03 10:13:54 | 000,025,600 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32pdh.pyd
MOD - [2014/09/03 10:13:54 | 000,024,064 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32pipe.pyd
MOD - [2014/09/03 10:13:52 | 001,062,400 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._controls_.pyd
MOD - [2014/09/03 10:13:51 | 000,686,080 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\unicodedata.pyd
MOD - [2014/09/03 10:13:51 | 000,010,240 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\select.pyd
MOD - [2014/09/03 10:13:50 | 000,127,488 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\pyexpat.pyd
MOD - [2014/09/03 10:13:50 | 000,038,912 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32inet.pyd
MOD - [2014/09/03 10:13:50 | 000,018,432 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32event.pyd
MOD - [2014/09/03 10:13:48 | 000,017,408 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32profile.pyd
MOD - [2014/09/03 10:13:47 | 000,119,808 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32file.pyd
MOD - [2014/09/03 10:13:47 | 000,108,544 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32security.pyd
MOD - [2014/09/03 10:13:46 | 000,525,640 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\windows._lib_cacheinvalidation.pyd
MOD - [2014/09/03 10:13:43 | 000,167,936 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32gui.pyd
MOD - [2014/09/03 10:13:41 | 000,128,512 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\_elementtree.pyd
MOD - [2014/09/03 10:13:41 | 000,087,552 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\_ctypes.pyd
MOD - [2014/09/03 10:13:40 | 000,098,816 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32api.pyd
MOD - [2014/09/03 10:13:40 | 000,045,568 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\_socket.pyd
MOD - [2014/09/03 10:13:39 | 000,557,056 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\pysqlite2._sqlite.pyd
MOD - [2014/09/03 10:13:39 | 000,320,512 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32com.shell.shell.pyd
MOD - [2014/09/03 10:13:39 | 000,022,528 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32ts.pyd
MOD - [2014/09/03 10:13:38 | 001,175,040 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._core_.pyd
MOD - [2014/09/03 10:13:38 | 000,364,544 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\pythoncom27.dll
MOD - [2014/09/03 10:13:37 | 000,735,232 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._misc_.pyd
MOD - [2014/09/03 10:13:37 | 000,078,336 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._animate.pyd
MOD - [2014/09/03 10:13:36 | 000,122,368 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\wx._wizard.pyd
MOD - [2014/09/03 10:13:36 | 000,011,264 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32crypt.pyd
MOD - [2014/09/03 10:13:34 | 000,035,840 | ---- | M] () -- C:\Users\Zuzana\AppData\Local\Temp\_MEI36962\win32process.pyd
MOD - [2014/08/30 08:11:22 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/08/25 18:44:14 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/08/13 04:02:23 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
MOD - [2014/07/18 03:39:32 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/07/18 03:39:30 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/07/18 03:39:28 | 003,338,352 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013/12/12 13:44:44 | 000,008,224 | ---- | M] () -- C:\Windows\SysWOW64\xnviewh1.exe
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2013/03/25 19:08:44 | 002,673,672 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_core_vc_pro8.dll
MOD - [2013/03/25 19:08:44 | 000,481,288 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_xrc_vc_pro8.dll
MOD - [2013/03/25 19:08:44 | 000,450,056 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_html_vc_pro8.dll
MOD - [2013/03/25 19:08:42 | 001,145,864 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_vc_pro8.dll
MOD - [2013/03/25 19:08:42 | 000,682,504 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_adv_vc_pro8.dll
MOD - [2013/03/25 19:08:42 | 000,123,400 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_xml_vc_pro8.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/11 15:19:26 | 002,760,192 | ---- | M] () -- C:\ProgramData\Boxtools\Toolbox.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 15:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/24 19:08:18 | 002,647,256 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/25 19:08:30 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012/07/04 11:18:44 | 000,190,208 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe -- (ESHASRV)
SRV:64bit: - [2012/07/04 11:18:26 | 000,035,720 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2012/07/04 11:17:42 | 000,999,704 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/04/07 15:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2010/03/02 23:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 14:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/02/01 01:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 14:16:20 | 000,513,536 | ---- | M] (Vivid Document Imaging Technologies) [Auto | Stopped] -- C:\Program Files\PDF Printer for Windows 7\Win7PDFPrinting.exe -- (Win7PDFPrinting)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe -- (AESTFilters)
SRV - [2014/08/30 08:11:23 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/13 04:02:20 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/09 08:46:32 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/18 05:10:08 | 000,248,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/28 04:10:34 | 000,381,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/01 01:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\STacSV64.exe -- (STacSV)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/13 04:02:24 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/01/24 19:06:48 | 000,126,168 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2012/12/24 07:53:24 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/18 19:19:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 11:36:52 | 000,055,776 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/07/10 11:16:32 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/29 12:03:56 | 000,140,752 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012/03/29 12:03:54 | 000,152,136 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/02 23:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/03/02 23:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/02 22:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/01 10:42:32 | 000,340,512 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/02 14:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 14:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/01 01:29:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/04 17:38:54 | 000,237,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2009/11/02 11:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/24 03:25:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=406040595
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=406040595
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...97DHP&dt=071613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 63 E6 18 C6 B0 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={79AC0127-C88D-40FF-ADC7-67753D8282C5}&mid=422f301fcabb47d0ab2455626d66fa55-72cf034103d615c277fb9d97f476a14f28b5d367&lang=sk&ds=AVG&pr=fr&d=2013-01-21 11:30:44&v=17.1.2.1&pid=avg&sg=27&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9B44A380-BBC4-4FA5-9544-4765E5DD7815}: "URL" = http://websearch.ask...AB-FE4C26884835
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=406040595
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.3
FF - prefs.js..extensions.enabledAddons: webmaster%40keep-tube.com:1.2
FF - prefs.js..extensions.enabledAddons: mp4downloader%40jeff.net:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Zuzana\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Zuzana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Zuzana\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET ENDPOINT ANTIVIRUS\MOZILLA THUNDERBIRD [2013/02/28 16:05:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799\ [2014/08/25 18:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013/02/28 16:05:07 | 000,000,000 | ---D | M]
 
[2012/07/23 12:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\Extensions
[2014/09/02 14:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\Firefox\Profiles\h93azb4q.default\extensions
[2012/11/19 20:33:37 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Zuzana\AppData\Roaming\mozilla\Firefox\Profiles\h93azb4q.default\extensions\[email protected]
[2012/11/27 18:38:23 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Zuzana\AppData\Roaming\mozilla\Firefox\Profiles\h93azb4q.default\extensions\[email protected]
[2014/09/02 14:08:28 | 000,201,091 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2013/12/03 21:24:47 | 000,066,667 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2013/11/20 15:30:56 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2013/12/03 21:19:58 | 000,031,748 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\[email protected]
[2014/03/17 17:25:47 | 000,353,984 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
[2014/07/26 14:45:59 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/27 18:38:23 | 000,002,339 | ---- | M] () -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\searchplugins\askcom.xml
[2013/12/08 17:11:10 | 000,003,729 | ---- | M] () -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\searchplugins\avg-secure-search.xml
[2012/11/22 10:17:09 | 000,002,351 | ---- | M] () -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\searchplugins\Funmoods.xml
[2014/08/30 08:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/30 08:11:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.msn.com/?...97DHP&dt=071613
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Zuzana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Disk Google = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: HÄľadaĹĄ v Google = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: List Progress Bar for Trello = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhahganeobopkelbdeljamclomlhhjg\1.91_0\
CHR - Extension: PeĹaĹľenka Google = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/03/10 21:29:30 | 000,000,820 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:     127.0.0.1        
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - Reg Error: Value error. File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Nvidiah] C:\Windows\SysWOW64\nvidiah1.exe (fdsa)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe (Vivid Document Imaging Technologies)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Zuzana\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{467EC41F-84EA-46CD-88AF-4CB24D1C7311}: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B32E33E4-A8D7-4E05-B179-129400BBE82C}: DhcpNameServer = 192.168.202.213 192.168.202.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB40A22C-5CA4-4CA0-98B5-0F54AE63633E}: DhcpNameServer = 195.146.128.62 195.146.132.58
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/20 02:02:17 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{23ebee42-0c79-11e2-a704-842b2b8213a6}\Shell - "" = AutoRun
O33 - MountPoints2\{23ebee42-0c79-11e2-a704-842b2b8213a6}\Shell\AutoRun\command - "" = D:\setup.exe -- [2007/03/20 02:02:17 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ebee42-0c79-11e2-a704-842b2b8213a6}\Shell\configure\command - "" = D:\setup.exe -- [2007/03/20 02:02:17 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ebee42-0c79-11e2-a704-842b2b8213a6}\Shell\install\command - "" = D:\setup.exe -- [2007/03/20 02:02:17 | 000,463,152 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{23ebf1c8-0c79-11e2-a704-842b2b8213a6}\Shell - "" = AutoRun
O33 - MountPoints2\{23ebf1c8-0c79-11e2-a704-842b2b8213a6}\Shell\AutoRun\command - "" = E:\SISetup.exe
O33 - MountPoints2\{bdf9d90c-6136-11e2-bf90-842b2b8213a6}\Shell - "" = AutoRun
O33 - MountPoints2\{bdf9d90c-6136-11e2-bf90-842b2b8213a6}\Shell\AutoRun\command - "" = E:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
O33 - MountPoints2\{c229a44a-0f61-11e3-91fd-842b2b8213a6}\Shell - "" = AutoRun
O33 - MountPoints2\{c229a44a-0f61-11e3-91fd-842b2b8213a6}\Shell\AutoRun\command - "" = E:\TMCCSetup_3.57.95.14.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/03 13:29:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zuzana\Desktop\OTL.exe
[2014/09/01 18:18:00 | 000,000,000 | ---D | C] -- C:\!Peter Sulek
[2014/09/01 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\Zuzana\Desktop\Brooklyns Finest (2009)
[2014/08/30 08:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/30 07:48:49 | 000,000,000 | ---D | C] -- C:\Users\Zuzana\Desktop\european-associ5400a055
[2014/08/29 09:07:52 | 000,000,000 | ---D | C] -- C:\Users\Zuzana\AppData\Local\ElevatedDiagnostics
[2014/08/27 20:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Security Toolbar
[2014/08/27 20:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0814tb
[2014/08/26 12:59:46 | 000,000,000 | ---D | C] -- C:\Users\Zuzana\Desktop\Personal
[2014/08/26 12:49:14 | 000,000,000 | ---D | C] -- C:\SM - Matej
[2014/08/07 20:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/03 13:40:57 | 000,038,070 | ---- | M] () -- C:\Windows\SysWow64\mswhostctre.dll
[2014/09/03 13:29:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zuzana\Desktop\OTL.exe
[2014/09/03 13:20:38 | 000,134,095 | ---- | M] () -- C:\Users\Zuzana\Desktop\File.PDF
[2014/09/03 13:12:18 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/03 13:12:18 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/03 13:09:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/03 13:08:00 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2625221743-1896352500-3224387153-1000.job
[2014/09/03 12:49:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA.job
[2014/09/03 12:45:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/03 10:12:08 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/03 10:12:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/09/03 10:12:06 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014/09/03 10:11:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/03 10:11:46 | 3018,412,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/02 22:04:43 | 629,905,523 | ---- | M] () -- C:\Users\Zuzana\Desktop\Best-Movies.info_Midnight.in.Paris.2011.720p.BrRip.x264.mp4
[2014/09/02 13:13:51 | 000,065,372 | ---- | M] () -- C:\Users\Zuzana\Desktop\download-02.09.2014.pdf
[2014/09/02 10:38:02 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-PC107-Zuzana.job
[2014/09/02 10:12:30 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core.job
[2014/09/02 07:43:53 | 000,156,133 | ---- | M] () -- C:\Users\Zuzana\Desktop\SM ISR Department Procedures_25AUG2014.pdf
[2014/08/31 23:11:41 | 892,319,955 | ---- | M] () -- C:\Users\Zuzana\Desktop\YIFY.info_-_Brooklyns.Finest.2009.rar
[2014/08/31 20:18:57 | 004,461,240 | ---- | M] () -- C:\Users\Zuzana\Desktop\Industry Review no. 5 31AUG_FINAL NOTES.pdf
[2014/08/31 17:58:26 | 004,086,704 | ---- | M] () -- C:\Users\Zuzana\Desktop\Industry Review no. 5 31AUG.pdf
[2014/08/30 20:29:44 | 838,438,839 | ---- | M] () -- C:\Users\Zuzana\Desktop\SLP.B72-SHULiBAN.rar
[2014/08/30 09:36:12 | 000,782,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/30 09:36:12 | 000,655,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/30 09:36:12 | 000,121,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/30 07:40:53 | 005,074,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/29 13:27:10 | 000,174,598 | ---- | M] () -- C:\Users\Zuzana\Desktop\RyanairBoardingPass.pdf
[2014/08/28 13:57:12 | 000,237,104 | ---- | M] () -- C:\Users\Zuzana\Desktop\O8K5HW_Benus.pdf
[2014/08/27 19:02:08 | 000,016,406 | ---- | M] () -- C:\Users\Zuzana\Desktop\Partner Specific Proposal.odt
[2014/08/27 17:14:17 | 000,011,087 | ---- | M] () -- C:\Users\Zuzana\Desktop\byt.png
[2014/08/27 16:03:22 | 000,203,679 | ---- | M] () -- C:\Users\Zuzana\Desktop\Web PRTSC Collage5_no watermark.jpg
[2014/08/26 20:40:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/08/26 12:41:18 | 000,002,124 | ---- | M] () -- C:\Users\Zuzana\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/08/26 12:41:18 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/08/26 11:50:21 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/25 20:18:56 | 827,030,184 | ---- | M] () -- C:\!Peter Sulek.part15.rar
[2014/08/25 20:17:12 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part14.rar
[2014/08/25 20:10:29 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part13.rar
[2014/08/25 20:03:59 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part12.rar
[2014/08/25 19:57:06 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part11.rar
[2014/08/25 19:51:13 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part10.rar
[2014/08/25 19:45:58 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part09.rar
[2014/08/25 19:40:46 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part08.rar
[2014/08/25 19:35:52 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part07.rar
[2014/08/25 19:31:04 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part06.rar
[2014/08/25 19:26:11 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part05.rar
[2014/08/25 19:21:21 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part04.rar
[2014/08/25 19:16:19 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part03.rar
[2014/08/25 19:09:18 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part02.rar
[2014/08/25 19:02:31 | 4293,918,720 | ---- | M] () -- C:\!Peter Sulek.part01.rar
[2014/08/13 04:02:24 | 000,050,976 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
 
========== Files Created - No Company Name ==========
 
[2014/09/03 13:20:37 | 000,134,095 | ---- | C] () -- C:\Users\Zuzana\Desktop\File.PDF
[2014/09/03 10:16:11 | 000,037,671 | ---- | C] () -- C:\Windows\SysWow64\mswhostctre.dll
[2014/09/02 21:53:06 | 629,905,523 | ---- | C] () -- C:\Users\Zuzana\Desktop\Best-Movies.info_Midnight.in.Paris.2011.720p.BrRip.x264.mp4
[2014/09/02 13:13:59 | 000,065,372 | ---- | C] () -- C:\Users\Zuzana\Desktop\download-02.09.2014.pdf
[2014/09/02 07:43:53 | 000,156,133 | ---- | C] () -- C:\Users\Zuzana\Desktop\SM ISR Department Procedures_25AUG2014.pdf
[2014/08/31 22:37:59 | 892,319,955 | ---- | C] () -- C:\Users\Zuzana\Desktop\YIFY.info_-_Brooklyns.Finest.2009.rar
[2014/08/31 20:18:55 | 004,461,240 | ---- | C] () -- C:\Users\Zuzana\Desktop\Industry Review no. 5 31AUG_FINAL NOTES.pdf
[2014/08/31 17:57:43 | 004,086,704 | ---- | C] () -- C:\Users\Zuzana\Desktop\Industry Review no. 5 31AUG.pdf
[2014/08/30 20:30:22 | 838,437,843 | ---- | C] () -- C:\Users\Zuzana\Desktop\silverlningplaybookbd72.mkv
[2014/08/30 20:20:02 | 838,438,839 | ---- | C] () -- C:\Users\Zuzana\Desktop\SLP.B72-SHULiBAN.rar
[2014/08/29 13:27:07 | 000,174,598 | ---- | C] () -- C:\Users\Zuzana\Desktop\RyanairBoardingPass.pdf
[2014/08/28 13:57:11 | 000,237,104 | ---- | C] () -- C:\Users\Zuzana\Desktop\O8K5HW_Benus.pdf
[2014/08/27 19:02:07 | 000,016,406 | ---- | C] () -- C:\Users\Zuzana\Desktop\Partner Specific Proposal.odt
[2014/08/27 17:14:17 | 000,011,087 | ---- | C] () -- C:\Users\Zuzana\Desktop\byt.png
[2014/08/27 16:03:14 | 000,203,679 | ---- | C] () -- C:\Users\Zuzana\Desktop\Web PRTSC Collage5_no watermark.jpg
[2014/08/27 08:57:36 | 005,074,648 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/26 20:40:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2014/08/26 12:41:18 | 000,002,124 | ---- | C] () -- C:\Users\Zuzana\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/08/26 12:41:18 | 000,002,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2014/08/26 12:41:18 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/08/26 11:50:21 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/25 20:17:12 | 827,030,184 | ---- | C] () -- C:\!Peter Sulek.part15.rar
[2014/08/25 20:10:29 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part14.rar
[2014/08/25 20:03:59 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part13.rar
[2014/08/25 19:57:06 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part12.rar
[2014/08/25 19:51:13 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part11.rar
[2014/08/25 19:45:59 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part10.rar
[2014/08/25 19:40:46 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part09.rar
[2014/08/25 19:35:52 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part08.rar
[2014/08/25 19:31:04 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part07.rar
[2014/08/25 19:26:11 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part06.rar
[2014/08/25 19:21:21 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part05.rar
[2014/08/25 19:16:19 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part04.rar
[2014/08/25 19:09:18 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part03.rar
[2014/08/25 19:02:31 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part02.rar
[2014/08/25 18:54:35 | 4293,918,720 | ---- | C] () -- C:\!Peter Sulek.part01.rar
[2014/03/01 10:12:49 | 000,004,096 | -H-- | C] () -- C:\Users\Zuzana\AppData\Local\keyfile3.drm
[2014/01/22 21:25:43 | 000,010,321 | ---- | C] () -- C:\Windows\zz1.dll
[2014/01/22 21:09:57 | 000,174,519 | ---- | C] () -- C:\Windows\hpoins43.dat
[2014/01/22 21:09:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2014/01/22 19:05:29 | 000,173,837 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2014/01/22 19:05:29 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2014/01/17 11:40:37 | 000,008,224 | ---- | C] () -- C:\Windows\SysWow64\xnviewh1.exe
[2013/09/13 14:14:15 | 000,000,130 | ---- | C] () -- C:\Users\Zuzana\AppData\Roaming\WB.CFG
[2013/07/16 09:57:04 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/05/22 22:32:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/05/22 22:32:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/05/21 08:29:17 | 000,003,729 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/02/21 13:32:28 | 000,003,584 | ---- | C] () -- C:\Users\Zuzana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/19 20:32:37 | 000,290,500 | ---- | C] () -- C:\Users\Zuzana\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/19 20:32:32 | 000,031,465 | ---- | C] () -- C:\Users\Zuzana\AppData\Local\funmoods.crx
[2012/11/12 12:16:02 | 000,768,750 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/12 17:25:50 | 000,027,520 | ---- | C] () -- C:\Users\Zuzana\AppData\Local\dt.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/01 13:42:58 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\BitComet
[2014/06/02 20:39:29 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\BSplayer PRO
[2013/02/28 15:49:26 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Canon
[2014/06/14 15:24:53 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\DAEMON Tools Lite
[2013/05/27 11:49:46 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Downloaded Installations
[2014/08/24 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Dropbox
[2013/05/27 11:46:38 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\FileOpen
[2014/02/27 11:20:32 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Foxit Software
[2013/02/26 12:20:17 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Funmoods
[2014/02/06 05:29:12 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\FunmoodsChat
[2013/02/28 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\GHISLER
[2013/01/20 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\IrfanView
[2012/07/23 11:53:00 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\LibreOffice
[2012/09/19 18:07:33 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\LiveSoftware
[2013/05/27 11:46:38 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Nitro
[2014/08/18 15:17:14 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Nitro PDF
[2012/12/05 09:17:12 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Ofneu
[2012/12/05 09:17:55 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Ohax
[2014/04/30 17:22:47 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\PDAppFlex
[2012/11/19 20:45:42 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\PDF Writer
[2012/07/25 10:07:20 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\PeaZip
[2014/04/30 22:24:41 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/05/05 15:33:14 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Steinberg
[2012/10/15 09:45:49 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Thunderbird
[2013/02/28 15:17:45 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\TuneUp Software
[2012/12/05 09:17:33 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Unit
[2014/09/03 11:47:25 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\uTorrent
[2014/05/05 15:33:02 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Waves Audio
[2014/06/11 08:10:39 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\webex
 
========== Purity Check ==========
 
 

< End of report >
 

 

OTL Extras logfile created on: 3. 9. 2014 13:33:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zuzana\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy
 
3,75 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 40,15% Memory free
7,49 Gb Paging File | 4,78 Gb Available in Paging File | 63,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 245,62 Gb Free Space | 52,75% Space Free | Partition Type: NTFS
Drive D: | 558,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PETERSULEK | User Name: Zuzana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE495F1-7D66-4CC6-BCF2-84CAD68B2BA2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{13C74597-F978-4E9F-8370-DAF735D07A30}" = rport=139 | protocol=6 | dir=out | app=system |
"{157A522D-76B0-49D7-9D07-32505C28384C}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{18281BCF-EA1F-4865-B96F-C682B772F3E6}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C57E793-DD9F-4B5C-8C8E-BFA544126E17}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{21248CD2-8F55-481F-8FDA-F1E746C6C5DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{265A3A27-F7C6-4E97-BDCB-8E83BFA97230}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F1204E8-44E4-4E35-9EF1-BD71C8C9BDCE}" = lport=445 | protocol=6 | dir=in | app=system |
"{50346E0E-7ADF-4B0B-A5F6-0A5E17DECCBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5A928FA8-F9D7-488B-818E-66F8D6D35637}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{5E676E77-CB29-4062-95F8-CE59665F73AD}" = lport=137 | protocol=17 | dir=in | app=system |
"{69F35E0B-62E7-498F-98C8-F2A580DB634B}" = lport=24784 | protocol=6 | dir=in | name=bitcomet 24784 tcp |
"{73804CD4-89CA-47A7-B8AA-0CCBEE85E5A9}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{7FCED834-A357-40E0-9061-5ACDD65D0DA8}" = lport=24784 | protocol=17 | dir=in | name=bitcomet 24784 udp |
"{898CC424-5E69-4A3B-A148-603DBBE9585D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{AB7150A5-B662-43C8-914F-A26839069B30}" = rport=445 | protocol=6 | dir=out | app=system |
"{C94D1AB6-C459-463E-B408-D6281A33C7F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD5B1BDA-25C2-4CAD-B71F-8BE96CAF406B}" = lport=5353 | protocol=17 | dir=in | app=c:\users\zuzana\appdata\local\google\chrome\application\chrome.exe |
"{E5DC2E19-56F8-4C60-8207-B3D2901AF35C}" = rport=137 | protocol=17 | dir=out | app=system |
"{E79C2DCD-29A6-4188-B3C7-A80D0E20E51E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F6F73735-4AEF-465C-9663-38196E5BD6F7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00670563-5622-4C95-AB20-E0B08D077BA2}" = protocol=17 | dir=in | app=c:\users\zuzana\appdata\roaming\utorrent\utorrent.exe |
"{0AD9608A-662F-4835-BD38-8DE75A391FE5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{103DE2D0-53A1-4424-8230-D645F30E921B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18BD9CDC-BFD0-49BA-92B8-04248BED2516}" = protocol=6 | dir=in | app=c:\program files\hp\hp laserjet p1100 series\wificonfig.exe |
"{2138A7C5-FB7A-447D-8C2C-736F1C712F13}" = protocol=6 | dir=in | app=c:\users\zuzana\appdata\roaming\utorrent\utorrent.exe |
"{21D3C32E-5500-42DE-9E8E-60033CC26B42}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{27DD83FB-467B-4E67-A1E5-866C43C09F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2CC96C87-EA1A-414D-8E17-B225C898B485}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{31B0288E-5E52-4E95-A319-DDEAE4A8E47F}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{335E23D4-D0BF-463E-968B-056EC577F846}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{363413F0-7090-44E4-A024-A3FDD612C8F8}" = protocol=6 | dir=in | app=c:\users\zuzana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{389F0556-98A6-4DCC-9FC8-D0D911A62EDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{510227C3-AB47-4769-B1D0-8A1A988BD1DF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{66A4CC6E-18CD-47AE-8485-20DB78453A5C}" = protocol=6 | dir=in | app=c:\windows\syswow64\nvidiah1.exe |
"{70922180-8A3D-4477-80B2-B9A7A43035DD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{77372ABF-465A-4529-9890-CD3CAF4EE665}" = protocol=6 | dir=in | app=c:\users\zuzana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{79538464-E60A-4B2E-97A7-629676D68756}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7A516469-4D00-468C-895A-3BF7F9052158}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9202E06E-F376-40AB-B5F3-D28A351F1AA4}" = protocol=17 | dir=in | app=c:\program files\hp\hp laserjet p1100 series\wificonfig.exe |
"{92740A84-CBD2-4ABF-833C-B7DBEB1AB321}" = protocol=1 | dir=out | [email protected],-28544 |
"{946BB42F-6730-43EF-9BBB-620D50915961}" = protocol=17 | dir=in | app=c:\users\zuzana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{95BE7E83-06E5-437E-AAD7-1989DC6FB6E4}" = protocol=58 | dir=out | [email protected],-28546 |
"{98D8B1F7-DB15-4701-9A0F-6CA8BCBDD18B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9D04A74F-6583-4284-A894-F949A2B7399F}" = protocol=58 | dir=in | [email protected],-28545 |
"{A8194C9B-EEFA-408F-84CB-15FBC237191A}" = protocol=6 | dir=in | app=c:\users\zuzana\appdata\roaming\utorrent\utorrent.exe |
"{AECD11EC-3B64-4250-8479-C1C6D86C9FFF}" = protocol=17 | dir=in | app=c:\users\zuzana\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AFF78BC8-D0A1-4A8B-9FF6-B6B95BD9AB27}" = protocol=1 | dir=in | [email protected],-28543 |
"{B2802BBB-D953-4EF5-A38B-0407B4DB6D5E}" = protocol=6 | dir=in | app=c:\program files (x86)\synology data replicator  3\backup.exe |
"{BEF06772-AB61-4A9C-8780-369B14671D1B}" = protocol=17 | dir=in | app=c:\windows\syswow64\nvidiah1.exe |
"{C1BEE268-D85B-4F22-B552-58270CED079F}" = protocol=17 | dir=in | app=c:\users\zuzana\appdata\roaming\utorrent\utorrent.exe |
"{C938380E-D4B1-4CA6-B49E-4BE706A9ACE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA3924A6-9CC4-40B5-8CBA-65294F4613A5}" = protocol=17 | dir=in | app=c:\program files (x86)\synology data replicator  3\backup.exe |
"{DE4D2F46-D7FB-4837-A16E-5434FBAC42D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2ACFA6A-8A83-431D-8952-90A2948044A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{457A806E-E6B1-449C-854F-DC87295B3111}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{80FB26E4-2669-4C16-B8D9-F38FA15D388D}C:\users\zuzana\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\zuzana\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A3F7D7D8-3BC8-4E1C-BB8D-35C33EB5412A}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{BF4AD978-E200-486B-92C6-5763C413C4C2}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{7791B714-910B-4869-B7B7-85F42C0DF42D}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{850C2610-4403-4DB9-9E20-476FBD5F7504}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{9EA1F016-F1CD-402E-855F-F97DE804F615}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{F8BD4D9E-601C-43F8-AE5D-449B8C1EEBFA}C:\users\zuzana\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\zuzana\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{47B42E7A-57E9-407B-8DBB-017B86D7B13F}" = Nitro Pro 8
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DE2F12A-08BB-4DB7-A1CA-9661BE2172DF}" = ESET Endpoint Antivirus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61D557D1-D0F1-A474-ED66-F0002B583A6F}" = ccc-utility64
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7A8A100D-3ECB-311C-E7A1-4A9FEB8BB209}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
"{A7581B61-C9F9-4fea-B845-E7733C17EC19}" = Canon MF8000C Series
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.2.0.1499
"CCleaner" = CCleaner
"DW WLAN Card Utility" = DW WLAN Card Utility
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PDF Printer for Windows 7_is1" = PDF Printer for Windows 7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E03B66-52E5-C874-6503-8B35C40E301D}" = Catalyst Control Center InstallProxy
"{04A9A926-D6CD-E5E3-6E93-4A56E9AD318F}" = Catalyst Control Center Graphics Light
"{050F3B1C-E90D-FCE1-F3A2-897031747D45}" = CCC Help Greek
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2F956781-C08C-066D-BA5A-7A18FDA32546}" = CCC Help Japanese
"{34791103-F01D-74D5-6CB6-4D55D5C26AF9}" = CCC Help Czech
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{558096C5-C5E2-74A0-ADCC-EAF8BB6E8A08}" = Catalyst Control Center Core Implementation
"{56C4D1F3-32F8-4953-1C38-71EE13053C06}" = CCC Help Norwegian
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.6.1
"{5B7E8AD9-D380-5104-D963-02D343E88F7F}" = CCC Help Russian
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63085BA8-EAB4-DD73-4C91-C0FC9C1934CE}" = Catalyst Control Center Graphics Full New
"{6608BE38-EB23-018E-AAEC-0F7F7B20433C}" = CCC Help Portuguese
"{6621AAC1-1DFC-5AA8-613B-F23D0793F2B4}" = Catalyst Control Center Graphics Full Existing
"{66712EEE-ECBC-4CA4-A474-dream-amr-to-mp3-converter}_is1" = Dream AMR to MP3 Converter 3.0.1.0
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{76E5849B-F24B-1BF4-F923-9A0E50409A7D}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A92AB1-6002-A186-D90C-FA9ADEF1344D}" = Catalyst Control Center Graphics Previews Common
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7B00995A-23C4-ED76-149A-6A62A3E699F5}" = CCC Help Finnish
"{7DEDD852-9F7B-860D-CE21-ADE6183EC93D}" = CCC Help Thai
"{7F650E19-E3BC-A6DF-01EE-D3EF637B2531}" = CCC Help Turkish
"{85A90F2E-1E41-35CE-E238-F2A799352CAC}" = CCC Help Chinese Traditional
"{86BDBEB6-D01D-E80E-EB20-D7429887433A}" = CCC Help French
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0015-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_ENTERPRISE_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041B-1000-0000000FF1CE}_ENTERPRISE_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_ENTERPRISE_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2007
"{90120000-00BA-041B-0000-0000000FF1CE}_ENTERPRISE_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC86EE3-425F-43B9-9A4F-4AA765B5A4FB}_is1" = AVI&WMV
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{ADC15292-1402-ED36-1074-3E1E35D69259}" = CCC Help Dutch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B025BA0B-64A6-46DE-9D64-32965C83CCA9}" = Citrix Online Launcher
"{B189A570-2814-1979-04F4-7841ADFF40DA}" = ccc-core-static
"{B1F9C834-0594-4563-B344-4ED9599A5945}" = LibreOffice 3.5
"{B93EE97C-CCC6-6924-0620-9E8CBE39E393}" = Catalyst Control Center Graphics Previews Vista
"{B96C073B-C68C-DEE2-3430-5DEAA2B64CC0}" = CCC Help Danish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{DA0A4EEE-0BE9-19B7-48F6-127DDC6BE659}" = CCC Help German
"{DD7F833D-F476-2A42-89F1-61409DEC915C}" = CCC Help Polish
"{DE280602-BC2C-7019-6D15-7E9158A2805F}" = CCC Help Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E429EE2E-B76C-4553-8B04-B45587F00FD1}" = Questionmark Secure Browser
"{ECFF33DA-FA29-F7DF-A97C-3FD2384BAD7C}" = CCC Help Swedish
"{EFD40425-30CF-BC15-703D-5886D43B8D2D}" = CCC Help Hungarian
"{F0BEA60C-8D9F-99C5-E7A9-3BC4A1F715C6}" = CCC Help Korean
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F39AE606-7A24-3A81-B06A-76DBDB504C04}" = CCC Help English
"{FA9B3B0A-1718-0D6A-41C2-1A6671655282}" = CCC Help Chinese Standard
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD6EB36A-1030-8423-CB14-F9E963DA7886}" = CCC Help Italian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Boxoft free AVI to WMV Converter_is1" = Boxoft free AVI to WMV Converter
"BSPlayerp" = BS.Player PRO
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader_is1" = Foxit Reader
"funmoods" = Funmoods
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"IrfanView" = IrfanView (remove only)
"LameACM" = Lame ACM MP3 Codec
"Mail List Validator_is1" = Mail List Validator 2.0
"Mozilla Firefox 32.0 (x86 sk)" = Mozilla Firefox 32.0 (x86 sk)
"Mozilla Thunderbird 31.0 (x86 sk)" = Mozilla Thunderbird 31.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Synology Assistant" = Synology Assistant (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater
"Funmoods" = MaintenanceService-Funmoods
"Funmoods Chat" = Update for Funmoods Chat
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 6.4.0.1558
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17. 1. 2014 11:33:51 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2439762
 
Error - 17. 1. 2014 11:33:51 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2439762
 
Error - 17. 1. 2014 11:33:52 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17. 1. 2014 11:33:52 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2440932
 
Error - 17. 1. 2014 11:33:52 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2440932
 
Error - 17. 1. 2014 11:49:12 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17. 1. 2014 11:49:12 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1482
 
Error - 17. 1. 2014 11:49:12 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1482
 
Error - 17. 1. 2014 11:49:13 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17. 1. 2014 11:49:13 | Computer Name = PC107 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2512
 
[ Media Center Events ]
Error - 29. 10. 2012 4:06:07 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 9:06:01 - Failed to retrieve Broadband (Error: Unable to connect to
 the remote server)  
 
Error - 29. 10. 2012 5:07:06 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 10:07:05 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)  
 
Error - 29. 10. 2012 5:08:09 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 10:07:48 - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server)  
 
Error - 29. 10. 2012 5:08:55 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 10:08:30 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 29. 10. 2012 5:09:20 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 10:09:16 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)  
 
Error - 29. 10. 2012 6:10:26 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 11:10:26 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)  
 
Error - 29. 10. 2012 6:11:29 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 11:11:08 - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server)  
 
Error - 29. 10. 2012 6:12:11 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 11:11:50 - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 29. 10. 2012 6:12:34 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 11:12:32 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)  
 
Error - 12. 12. 2012 4:11:06 | Computer Name = PC107 | Source = MCUpdate | ID = 0
Description = 9:10:54 - Error connecting to the internet.  9:10:54 -     Unable to
 contact server..  
 
[ OSession Events ]
Error - 17. 7. 2013 6:27:42 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12. 8. 2013 12:54:19 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 282818
 seconds with 9240 seconds of active time.  This session ended with a crash.
 
Error - 23. 8. 2013 8:16:00 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 176097
 seconds with 8160 seconds of active time.  This session ended with a crash.
 
Error - 14. 10. 2013 0:48:19 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1471328
 seconds with 31380 seconds of active time.  This session ended with a crash.
 
Error - 14. 10. 2013 2:27:08 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5917
 seconds with 3540 seconds of active time.  This session ended with a crash.
 
Error - 18. 11. 2013 3:41:30 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 116 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 18. 11. 2013 3:43:50 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 68 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22. 1. 2014 18:04:13 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3628
 seconds with 2220 seconds of active time.  This session ended with a crash.
 
Error - 22. 1. 2014 18:20:25 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 434
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 15. 2. 2014 9:43:58 | Computer Name = PC107 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 440224
 seconds with 10200 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29. 8. 2014 4:25:18 | Computer Name = PeterSulek | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:25:25 on ?29. ?8. ?2014 was unexpected.
 
Error - 29. 8. 2014 7:06:53 | Computer Name = PeterSulek | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 29. 8. 2014 9:37:53 | Computer Name = PeterSulek | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 29. 8. 2014 13:48:33 | Computer Name = PeterSulek | Source = Service Control Manager | ID = 7034
Description = The HP Network Devices Support service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 30. 8. 2014 3:34:42 | Computer Name = PeterSulek | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 30. 8. 2014 5:49:59 | Computer Name = PeterSulek | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 31. 8. 2014 1:48:05 | Computer Name = PeterSulek | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 31. 8. 2014 16:09:22 | Computer Name = PeterSulek | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 2. 9. 2014 13:34:00 | Computer Name = PeterSulek | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 2. 9. 2014 13:39:16 | Computer Name = PeterSulek | Source = Service Control Manager | ID = 7022
Description = The HP Network Devices Support service hung on starting.
 
 
< End of report >
 

 

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there in addition to a lot of adware you also have a worm, this will take several runs to clear

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=406040595
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=406040595
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=406040595
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
[2012/11/19 20:33:37 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Zuzana\AppData\Roaming\mozilla\Firefox\Profiles\h93azb4q.default\extensions\[email protected]
[2012/11/22 10:17:09 | 000,002,351 | ---- | M] () -- C:\Users\Zuzana\AppData\Roaming\mozilla\firefox\profiles\h93azb4q.default\searchplugins\Funmoods.xml
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Nvidiah] C:\Windows\SysWOW64\nvidiah1.exe (fdsa)
O4 - HKCU..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe ()
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
[2013/02/26 12:20:17 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\Funmoods
[2014/02/06 05:29:12 | 000,000,000 | ---D | M] -- C:\Users\Zuzana\AppData\Roaming\FunmoodsChat

:Files
C:\Windows\SysWOW64\nvidiah1.exe
C:\Windows\SysWOW64\xnviewh1.exe
C:\ProgramData\Boxtools

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
  • THEN

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    NEXT

    Download and Install Combofix

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here NSIS_extraction.png
    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.
    • Notes:
      1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

      3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


      Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#3
moose35

moose35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi,

 

Thank you very much for the reply. I've run all 3 scans/fixes, and am attaching the 2 log files requested below.

 

The computer is running much more smoothly now, especially once it has started up. Videos stream smoothly, pages are responsive and the computer is acting much, much better.

 

Combofix:

 

ComboFix 14-09-05.01 - Zuzana . 09. 2014   9:35.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.421.1033.18.3838.2162 [GMT 2:00]
Running from: c:\users\Zuzana\Desktop\ComboFix.exe
AV: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\_ctypes.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\_elementtree.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\_hashlib.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\_multiprocessing.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\_socket.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\_ssl.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\hashobjs_ext.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\pyexpat.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\pysqlite2._sqlite.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\python27.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\pythoncom27.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\PyWinTypes27.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\select.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\unicodedata.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32api.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32com.shell.shell.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32crypt.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32event.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32file.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32gui.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32inet.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32pdh.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32pipe.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32process.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32profile.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32security.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\win32ts.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\windows._lib_cacheinvalidation.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._animate.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._controls_.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._core_.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._gdi_.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._html2.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._misc_.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._windows_.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wx._wizard.pyd
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wxbase294u_net_vc90.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wxbase294u_vc90.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wxmsw294u_adv_vc90.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wxmsw294u_core_vc90.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wxmsw294u_html_vc90.dll
c:\users\Zuzana\AppData\Local\Temp\_MEI27242\wxmsw294u_webview_vc90.dll
c:\users\Zuzana\AppData\Roaming\Ofneu
c:\users\Zuzana\AppData\Roaming\Ofneu\lonya.ygi
c:\users\Zuzana\AppData\Roaming\Unit
c:\users\Zuzana\AppData\Roaming\Unit\qyor.tmp
c:\windows\XSxS
c:\windows\zz1.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-08 to 2014-09-08  )))))))))))))))))))))))))))))))
.
.
2014-09-08 07:46 . 2014-09-08 07:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-08 07:05 . 2014-09-08 07:23 -------- d-----w- C:\AdwCleaner
2014-09-06 14:04 . 2014-09-06 14:18 -------- d-----w- c:\users\Zuzana\AppData\Roaming\Ableton
2014-09-06 14:04 . 2014-09-06 14:04 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2014-09-06 14:00 . 2014-09-06 14:32 -------- d-----w- c:\programdata\Ableton
2014-09-05 20:39 . 2014-09-05 20:39 -------- d-----w- C:\_OTL
2014-09-05 18:07 . 2014-09-05 20:39 2243 ----a-w- c:\windows\SysWow64\mswhostctre.dll
2014-09-04 12:01 . 2014-09-04 12:01 -------- d-----w- c:\program files (x86)\AnyMeeting Plug-in
2014-09-03 09:46 . 2014-09-04 08:22 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-09-01 16:18 . 2014-09-01 16:18 -------- d-----w- C:\!Peter Sulek
2014-08-29 07:07 . 2014-08-29 07:07 -------- d-----w- c:\users\Zuzana\AppData\Local\ElevatedDiagnostics
2014-08-28 09:40 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 09:40 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 09:40 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-27 18:59 . 2014-08-27 18:59 -------- d-----w- c:\programdata\Avg_Update_0814tb
2014-08-26 10:49 . 2014-08-28 07:49 -------- d-----w- C:\SM - Matej
2014-08-25 16:54 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-25 16:54 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-25 16:54 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-25 16:54 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-25 16:53 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-25 16:53 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-25 16:53 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-25 16:53 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-25 16:53 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-25 16:53 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-25 16:53 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-25 16:53 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-25 16:53 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-25 16:53 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-13 17:12 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 17:12 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-13 17:12 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 17:12 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-13 17:12 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 17:12 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-13 17:12 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 17:12 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 06:35 . 2014-07-31 23:16 812224 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-08-13 06:09 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 06:09 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 06:08 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-13 06:08 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-13 06:08 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-13 06:08 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-13 06:08 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-13 06:08 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 06:08 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-13 06:08 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 06:07 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 06:07 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-26 07:08 . 2012-07-17 12:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-13 17:19 . 2013-02-28 16:04 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-13 02:02 . 2013-01-21 00:30 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-07-09 06:46 . 2012-07-23 09:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 06:46 . 2012-07-23 09:34 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 06:49 . 2013-08-05 00:14 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4790F03-4AEC-43A9-9910-1661F5CB406E}\offreg.dll
2014-06-18 02:18 . 2014-07-09 06:45 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 06:45 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"uTorrent"="c:\users\Zuzana\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-03 1322832]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe" [2014-07-10 40304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Win7PDF"="c:\program files\PDF Printer for Windows 7\PDF.exe" [2009-07-22 484352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
R2 Win7PDFPrinting;PDF Printer Service for Windows 7;c:\program files\PDF Printer for Windows 7\Win7PDFPrinting.exe;c:\program files\PDF Printer for Windows 7\Win7PDFPrinting.exe [x]
R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Endpoint Antivirus\EShaSrv.exe;c:\program files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 bckd;bckd;c:\windows\system32\drivers\bckd.sys;c:\windows\SYSNATIVE\drivers\bckd.sys [x]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 06:46]
.
2014-09-08 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2625221743-1896352500-3224387153-1000.job
- c:\program files (x86)\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-27 11:47]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 01:15]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31 01:15]
.
2014-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core.job
- c:\users\Zuzana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 09:33]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA.job
- c:\users\Zuzana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 09:33]
.
2014-09-08 c:\windows\Tasks\Synology Data Replicator 3-PC107-Zuzana.job
- c:\program files (x86)\Synology Data Replicator  3\Backup.exe [2012-06-28 02:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 08:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-31 487424]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
"egui"="c:\program files\ESET\ESET Endpoint Antivirus\egui.exe" [2012-07-04 4133072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Wow6432Node-HKLM-Run-AdobeCS6ServiceManager - c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\videopad.exe
AddRemove-{CFB770D7-8D43-1014-922B-CC2715FADE3F} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-Funmoods Chat - c:\users\Zuzana\AppData\Roaming\FunmoodsChat\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ae,ec,76,02,53,1a,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Citrix\GoToMeeting\1468\g2mcomm.exe
c:\program files (x86)\Citrix\GoToMeeting\1468\g2mlauncher.exe
.
**************************************************************************
.
Completion time: 2014-09-08  09:57:27 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-08 07:57
.
Pre-Run: 263 858 724 864 bytes free
Post-Run: 263 304 478 720 bytes free
.
- - End Of File - - EFEF3A6AB6970E50A1B81546C89A420A
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
AdwCleaner:
 
# AdwCleaner v3.309 - Report created 08/09/2014 at 09:23:01
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Zuzana - PETERSULEK
# Running from : C:\Users\Zuzana\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Zuzana\AppData\Local\apn
Folder Deleted : C:\Users\Zuzana\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Zuzana\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Zuzana\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Zuzana\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\Extensions\[email protected]
File Deleted : C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
File Deleted : C:\Users\Zuzana\AppData\Local\funmoods.crx
File Deleted : C:\Users\Zuzana\AppData\Local\funmoods-speeddial_sf.crx
File Deleted : C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\invalidprefs.js
File Deleted : C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Funmoods
Task Deleted : Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_foxit-reader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_foxit-reader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v33.0 (x86 sk)
 
[ File : C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\prefs.js ]
 
Line Deleted : user_pref("[email protected]", true);
 
-\\ Google Chrome v
 
[ File : C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyD0CtB0AtDtDtB0A0AyDtN0D0Tzu0CtAtByEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=406040595
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FXTV5&o=101699&locale=en_EU&apn_uid=7498bd09-ca42-4d8f-8e07-156e396161bc&apn_ptnrs=%5EF4&apn_sauid=9B437462-B75D-48C4-B3AB-FE4C26884835&apn_dtid=%5EYYYYYY%5EYY%5ESK&q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={79AC0127-C88D-40FF-ADC7-67753D8282C5}&mid=422f301fcabb47d0ab2455626d66fa55-72cf034103d615c277fb9d97f476a14f28b5d367&lang=sk&ds=AVG&pr=fr&d=2013-01-21 11:30:44&v=17.2.0.38&pid=avg&sg=27&sap=dsp&q={searchTerms}
Deleted [Startup_urls] : hxxp://isearch.avg.com?cid={79AC0127-C88D-40FF-ADC7-67753D8282C5}&mid=422f301fcabb47d0ab2455626d66fa55-72cf034103d615c277fb9d97f476a14f28b5d367&lang=sk&ds=AVG&coid=&cmpid=&pr=fr&d=2013-01-21 11:30:44&v=18.1.9.799&pid=avg&sg=27&sap=hp
Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [20861 octets] - [08/09/2014 09:05:11]
AdwCleaner[R1].txt - [21216 octets] - [08/09/2014 09:20:41]
AdwCleaner[S0].txt - [874 octets] - [08/09/2014 09:11:03]
AdwCleaner[S1].txt - [20865 octets] - [08/09/2014 09:23:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [20926 octets] ##########
 

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that was a bit quicker than I thought :)

On completion of this can you let me know of any outstanding problems

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
  • 0

#5
moose35

moose35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, just eanted to update you - ive done the scan but am away from my computer and will attach the log on Sunday.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK thanks for the heads up :)
  • 0

#7
moose35

moose35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Hi Guys,

 

Attached is the log. Unfortunately, it seems I have caught a virus (Skype has been sending all my contacts a file called "Pics.exe"). I have scanned another time with the tool you recommended (am pasting the most recent log, because the previous one, which contained 3 quarantined items, isn't showing any data), but nothing came up. Is there anything in the logs to show this? I'm guessing not, but it is worrying.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16. 9. 2014
Scan Time: 11:22:00
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.16.03
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zuzana
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333152
Time Elapsed: 26 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh FRST scan please and I will check that out
  • 0

#9
moose35

moose35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hope I understood you correctly, but here is the FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Zuzana (administrator) on PETERSULEK on 17-09-2014 12:09:03
Running from C:\Users\Zuzana\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mcomm.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mlauncher.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4133072 2012-07-04] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Win7PDF] => C:\Program Files\PDF Printer for Windows 7\PDF.exe [484352 2009-07-22] (Vivid Document Imaging Technologies)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\S-1-5-21-2625221743-1896352500-3224387153-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-2625221743-1896352500-3224387153-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2625221743-1896352500-3224387153-1000\...\Run: [uTorrent] => C:\Users\Zuzana\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-2625221743-1896352500-3224387153-1000\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe [40304 2014-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...97DHP&dt=071613
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5463E618C6B0CD01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {9B44A380-BBC4-4FA5-9544-4765E5DD7815} URL = http://websearch.ask...AB-FE4C26884835
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.202.213 192.168.202.222
 
FireFox:
========
FF ProfilePath: C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cnw.com/cnwplugin -> C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Zuzana\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Zuzana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Zuzana\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Zuzana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Zuzana\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: YouTube Video and Audio Downloader - C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\Extensions\[email protected] [2013-11-17]
FF Extension: MP4 Downloader - C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\Extensions\[email protected] [2013-12-03]
FF Extension: Test Pilot - C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\Extensions\[email protected] [2012-07-23]
FF Extension: Keep Tube Downloader - C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\Extensions\[email protected] [2013-12-03]
FF Extension: Adblock Plus - C:\Users\Zuzana\AppData\Roaming\Mozilla\Firefox\Profiles\h93azb4q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-05]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013-02-28]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071613
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071613"
CHR DefaultSearchKeyword: Default -> 986624EB7D514D8B8849214C7D216FE6325884330767A4A69DD88DF922EEDA33
CHR DefaultSearchURL: Default -> 03544ADDB80E6FEDCF1E770B69E31A58281AE796C04F577E9FAE114BA9D72301
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Users\Zuzana\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (YouTube) - C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-19]
CHR Extension: (Hľadať v Google) - C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-19]
CHR Extension: (AdBlock) - C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-25]
CHR Extension: (List Progress Bar for Trello) - C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhahganeobopkelbdeljamclomlhhjg [2014-03-12]
CHR Extension: (Peňaženka Google) - C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Zuzana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-19]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Zuzana\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [aaaaoiagmlcohkmjodefppbmpjdiocmh] - C:\Users\Zuzana\AppData\Local\APN\GoogleCRXs\aaaaoiagmlcohkmjodefppbmpjdiocmh_7.15.9.0.crx [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [35720 2012-07-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [999704 2012-07-04] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2012-07-04] (ESET)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_8710db39c7952056\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2012-06-28] () [File not signed]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2012-09-18] () [File not signed]
S2 Win7PDFPrinting; C:\Program Files\PDF Printer for Windows 7\Win7PDFPrinting.exe [513536 2009-07-20] (Vivid Document Imaging Technologies) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-13] (AVG Technologies)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-18] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-07-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [179920 2012-07-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [140752 2012-03-29] (ESET)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-17 12:11 - 2014-09-17 12:11 - 00003164 _____ () C:\Windows\System32\Tasks\{8040BBFA-0A51-4F47-8934-BEB1D9D22181}
2014-09-17 12:09 - 2014-09-17 12:10 - 00020610 _____ () C:\Users\Zuzana\Desktop\FRST.txt
2014-09-17 12:08 - 2014-09-17 12:09 - 00000000 ____D () C:\FRST
2014-09-17 12:08 - 2014-09-17 12:08 - 02105856 _____ (Farbar) C:\Users\Zuzana\Desktop\FRST64.exe
2014-09-17 12:07 - 2014-09-17 12:07 - 01097728 _____ (Farbar) C:\Users\Zuzana\Desktop\FRST.exe
2014-09-16 17:43 - 2014-09-16 17:43 - 00001059 ____N () C:\Users\Zuzana\Desktop\malware.txt
2014-09-16 16:30 - 2014-09-16 16:30 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 16:30 - 2014-09-16 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-12 11:46 - 2014-09-16 16:25 - 00000682 _____ () C:\Windows\PFRO.log
2014-09-12 11:36 - 2014-09-12 11:36 - 00019555 ____N () C:\Users\Zuzana\Desktop\List of CEE participants_Roundtable_Matej.xlsx
2014-09-12 11:36 - 2014-09-12 11:36 - 00017001 ____N () C:\Users\Zuzana\Desktop\Le Canada en français_Les établissements_Europe Centrale et de l’Est_Matej.xlsx
2014-09-12 11:04 - 2014-09-16 17:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 11:04 - 2014-09-12 11:04 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 11:04 - 2014-09-12 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 11:04 - 2014-09-12 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 11:04 - 2014-09-12 11:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 11:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 11:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 11:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-12 10:45 - 2014-09-12 10:46 - 00000000 ____D () C:\Users\Zuzana\Desktop\Album Beats
2014-09-12 09:40 - 2014-09-12 09:41 - 05074648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-11 11:07 - 2014-09-12 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-11 10:45 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 10:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 10:45 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 10:45 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 10:45 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 10:45 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 10:45 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 10:45 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 10:45 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 10:45 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 10:45 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 10:45 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 10:45 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 10:45 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 10:45 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 10:45 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 10:45 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 10:45 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 10:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 10:45 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 10:45 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 10:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 10:45 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 10:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 10:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 10:45 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 10:45 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 10:45 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 10:45 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 10:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 10:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 10:45 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 10:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 10:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 10:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 10:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 10:45 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 10:45 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 10:45 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 10:45 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 10:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 10:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 10:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 10:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 10:45 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 10:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 10:45 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 10:45 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 10:45 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 10:45 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 10:45 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 10:45 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 10:45 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 10:44 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 10:44 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 10:44 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 19:04 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 19:04 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 19:04 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 19:04 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 19:04 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 15:31 - 2014-09-16 16:26 - 00000336 _____ () C:\Windows\setupact.log
2014-09-10 15:31 - 2014-09-10 15:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-09 14:53 - 2012-04-29 23:06 - 00000000 ____D () C:\Adobe Indesign CS6
2014-09-09 14:21 - 2014-09-09 14:51 - 1007691940 _____ () C:\Adobe Indesign CS6.exe
2014-09-09 14:13 - 2014-09-09 14:19 - 00000000 ____D () C:\Users\Zuzana\Desktop\Virtual
2014-09-09 14:13 - 2014-09-09 14:13 - 00000000 ____D () C:\Windows\XSxS
2014-09-09 13:54 - 2014-09-09 14:01 - 255035504 ____N (Blog do Birungueta) C:\Users\Zuzana\Desktop\Portable Adobe InDesign CS5.5.exe
2014-09-09 13:53 - 2014-09-09 13:53 - 02519040 ____N () C:\Users\Zuzana\Desktop\Buyers_only.indd
2014-09-08 10:40 - 2014-09-09 15:20 - 00000000 ____D () C:\Users\Zuzana\AppData\Local\Adobe
2014-09-08 10:40 - 2014-09-08 10:40 - 00118264 _____ () C:\Users\Zuzana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 09:57 - 2014-09-08 09:57 - 00027311 _____ () C:\ComboFix.txt
2014-09-08 09:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-08 09:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-08 09:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-08 09:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-08 09:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-08 09:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-08 09:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-08 09:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-08 09:30 - 2014-09-08 09:57 - 00000000 ____D () C:\Qoobox
2014-09-08 09:29 - 2014-09-08 09:53 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 09:05 - 2014-09-08 09:23 - 00000000 ____D () C:\AdwCleaner
2014-09-06 16:18 - 2014-09-06 16:25 - 00000000 ____D () C:\Users\Zuzana\Documents\Ableton
2014-09-06 16:04 - 2014-09-06 16:18 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\Ableton
2014-09-06 16:04 - 2014-09-06 16:04 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-09-06 16:00 - 2014-09-06 16:32 - 00000000 ____D () C:\ProgramData\Ableton
2014-09-06 15:59 - 2014-09-06 15:59 - 00000881 _____ () C:\Users\Zuzana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2014-09-05 22:39 - 2014-09-05 22:39 - 00000000 ____D () C:\_OTL
2014-09-05 20:07 - 2014-09-05 22:39 - 00002243 _____ () C:\Windows\SysWOW64\mswhostctre.dll
2014-09-05 20:06 - 2014-09-05 20:06 - 00000128 _____ () C:\Windows\SysWOW64\list.txt
2014-09-05 12:48 - 2014-09-17 11:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-04 14:01 - 2014-09-04 14:01 - 00000000 ____D () C:\Program Files (x86)\AnyMeeting Plug-in
2014-09-01 18:18 - 2014-09-01 18:18 - 00000000 ____D () C:\!Peter Sulek
2014-08-28 11:40 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 11:40 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 11:40 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 20:59 - 2014-08-27 20:59 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 20:40 - 2014-08-26 20:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-08-26 12:59 - 2014-09-12 11:03 - 00000000 ____D () C:\Users\Zuzana\Desktop\Personal
2014-08-26 12:50 - 2014-09-16 18:00 - 00000000 ____D () C:\Users\Zuzana\Desktop\StudentMarket
2014-08-26 12:49 - 2014-09-12 10:51 - 00000000 ____D () C:\Users\Zuzana\Desktop\EAQA
2014-08-26 12:49 - 2014-09-12 10:46 - 00000000 ____D () C:\SM - Matej
2014-08-26 12:41 - 2014-08-26 12:41 - 00002112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-26 12:41 - 2014-08-26 12:41 - 00002100 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-08-26 11:50 - 2014-08-26 11:50 - 00000832 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-26 11:48 - 2014-08-26 11:49 - 04813544 _____ (Piriform Ltd) C:\Users\Zuzana\Downloads\ccsetup416.exe
2014-08-26 10:36 - 2014-08-26 10:38 - 27018480 _____ (Mozilla) C:\Users\Zuzana\Downloads\Thunderbird Setup 31.0.exe
2014-08-25 20:17 - 2014-08-25 20:18 - 827030184 _____ () C:\!Peter Sulek.part15.rar
2014-08-25 20:10 - 2014-08-25 20:17 - 4293918720 _____ () C:\!Peter Sulek.part14.rar
2014-08-25 20:03 - 2014-08-25 20:10 - 4293918720 _____ () C:\!Peter Sulek.part13.rar
2014-08-25 19:57 - 2014-08-25 20:03 - 4293918720 _____ () C:\!Peter Sulek.part12.rar
2014-08-25 19:51 - 2014-08-25 19:57 - 4293918720 _____ () C:\!Peter Sulek.part11.rar
2014-08-25 19:45 - 2014-08-25 19:51 - 4293918720 _____ () C:\!Peter Sulek.part10.rar
2014-08-25 19:40 - 2014-08-25 19:45 - 4293918720 _____ () C:\!Peter Sulek.part09.rar
2014-08-25 19:35 - 2014-08-25 19:40 - 4293918720 _____ () C:\!Peter Sulek.part08.rar
2014-08-25 19:31 - 2014-08-25 19:35 - 4293918720 _____ () C:\!Peter Sulek.part07.rar
2014-08-25 19:26 - 2014-08-25 19:31 - 4293918720 _____ () C:\!Peter Sulek.part06.rar
2014-08-25 19:21 - 2014-08-25 19:26 - 4293918720 _____ () C:\!Peter Sulek.part05.rar
2014-08-25 19:16 - 2014-08-25 19:21 - 4293918720 _____ () C:\!Peter Sulek.part04.rar
2014-08-25 19:09 - 2014-08-25 19:16 - 4293918720 _____ () C:\!Peter Sulek.part03.rar
2014-08-25 19:02 - 2014-08-25 19:09 - 4293918720 _____ () C:\!Peter Sulek.part02.rar
2014-08-25 18:54 - 2014-08-25 19:02 - 4293918720 _____ () C:\!Peter Sulek.part01.rar
2014-08-25 18:54 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 18:54 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 18:54 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 18:54 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 18:53 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 18:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 18:53 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 18:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 18:53 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 18:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 18:53 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 18:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 18:53 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 18:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-17 12:11 - 2014-09-17 12:11 - 00003164 _____ () C:\Windows\System32\Tasks\{8040BBFA-0A51-4F47-8934-BEB1D9D22181}
2014-09-17 12:10 - 2014-09-17 12:09 - 00020610 _____ () C:\Users\Zuzana\Desktop\FRST.txt
2014-09-17 12:10 - 2012-07-23 11:43 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\Skype
2014-09-17 12:09 - 2014-09-17 12:08 - 00000000 ____D () C:\FRST
2014-09-17 12:09 - 2013-05-31 03:15 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 12:08 - 2014-09-17 12:08 - 02105856 _____ (Farbar) C:\Users\Zuzana\Desktop\FRST64.exe
2014-09-17 12:08 - 2009-07-14 06:45 - 00022832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 12:08 - 2009-07-14 06:45 - 00022832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 12:07 - 2014-09-17 12:07 - 01097728 _____ (Farbar) C:\Users\Zuzana\Desktop\FRST.exe
2014-09-17 11:49 - 2012-07-19 11:33 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA.job
2014-09-17 11:45 - 2012-07-23 11:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 11:30 - 2014-09-05 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 11:29 - 2014-03-25 15:56 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2625221743-1896352500-3224387153-1000.job
2014-09-17 10:24 - 2012-10-18 19:34 - 00000300 _____ () C:\Windows\Tasks\Synology Data Replicator 3-PC107-Zuzana.job
2014-09-17 10:20 - 2013-05-31 03:15 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 10:20 - 2012-07-19 11:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core.job
2014-09-16 18:00 - 2014-08-26 12:50 - 00000000 ____D () C:\Users\Zuzana\Desktop\StudentMarket
2014-09-16 17:45 - 2014-09-12 11:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 17:43 - 2014-09-16 17:43 - 00001059 ____N () C:\Users\Zuzana\Desktop\malware.txt
2014-09-16 16:33 - 2012-07-19 10:58 - 01392507 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 16:30 - 2014-09-16 16:30 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 16:30 - 2014-09-16 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 16:30 - 2012-07-23 11:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 16:30 - 2012-07-23 11:36 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 16:27 - 2014-02-15 16:09 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\uTorrent
2014-09-16 16:26 - 2014-09-10 15:31 - 00000336 _____ () C:\Windows\setupact.log
2014-09-16 16:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 16:25 - 2014-09-12 11:46 - 00000682 _____ () C:\Windows\PFRO.log
2014-09-16 11:09 - 2014-03-25 15:56 - 00003576 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2625221743-1896352500-3224387153-1000
2014-09-12 11:46 - 2012-10-15 09:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-12 11:36 - 2014-09-12 11:36 - 00019555 ____N () C:\Users\Zuzana\Desktop\List of CEE participants_Roundtable_Matej.xlsx
2014-09-12 11:36 - 2014-09-12 11:36 - 00017001 ____N () C:\Users\Zuzana\Desktop\Le Canada en français_Les établissements_Europe Centrale et de l’Est_Matej.xlsx
2014-09-12 11:04 - 2014-09-12 11:04 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 11:04 - 2014-09-12 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 11:04 - 2014-09-12 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 11:04 - 2014-09-12 11:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-12 11:03 - 2014-08-26 12:59 - 00000000 ____D () C:\Users\Zuzana\Desktop\Personal
2014-09-12 10:51 - 2014-08-26 12:49 - 00000000 ____D () C:\Users\Zuzana\Desktop\EAQA
2014-09-12 10:46 - 2014-09-12 10:45 - 00000000 ____D () C:\Users\Zuzana\Desktop\Album Beats
2014-09-12 10:46 - 2014-08-26 12:49 - 00000000 ____D () C:\SM - Matej
2014-09-12 09:49 - 2014-09-11 11:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-12 09:41 - 2014-09-12 09:40 - 05074648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-11 10:57 - 2012-10-18 19:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 10:50 - 2009-07-14 07:13 - 00788904 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 10:43 - 2012-11-12 12:16 - 00768750 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 10:35 - 2014-04-16 03:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 10:07 - 2013-02-28 18:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 19:46 - 2012-07-23 11:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 19:46 - 2012-07-23 11:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 19:46 - 2012-07-23 11:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 15:31 - 2014-09-10 15:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-09 23:03 - 2013-10-26 23:55 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\vlc
2014-09-09 15:20 - 2014-09-08 10:40 - 00000000 ____D () C:\Users\Zuzana\AppData\Local\Adobe
2014-09-09 14:51 - 2014-09-09 14:21 - 1007691940 _____ () C:\Adobe Indesign CS6.exe
2014-09-09 14:19 - 2014-09-09 14:13 - 00000000 ____D () C:\Users\Zuzana\Desktop\Virtual
2014-09-09 14:13 - 2014-09-09 14:13 - 00000000 ____D () C:\Windows\XSxS
2014-09-09 14:01 - 2014-09-09 13:54 - 255035504 ____N (Blog do Birungueta) C:\Users\Zuzana\Desktop\Portable Adobe InDesign CS5.5.exe
2014-09-09 13:53 - 2014-09-09 13:53 - 02519040 ____N () C:\Users\Zuzana\Desktop\Buyers_only.indd
2014-09-08 10:40 - 2014-09-08 10:40 - 00118264 _____ () C:\Users\Zuzana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 10:07 - 2014-05-07 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-09-08 10:07 - 2014-04-16 17:13 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxoft Toolbox
2014-09-08 09:57 - 2014-09-08 09:57 - 00027311 _____ () C:\ComboFix.txt
2014-09-08 09:57 - 2014-09-08 09:30 - 00000000 ____D () C:\Qoobox
2014-09-08 09:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-08 09:53 - 2014-09-08 09:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 09:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-08 09:23 - 2014-09-08 09:05 - 00000000 ____D () C:\AdwCleaner
2014-09-06 16:32 - 2014-09-06 16:00 - 00000000 ____D () C:\ProgramData\Ableton
2014-09-06 16:25 - 2014-09-06 16:18 - 00000000 ____D () C:\Users\Zuzana\Documents\Ableton
2014-09-06 16:18 - 2014-09-06 16:04 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\Ableton
2014-09-06 16:04 - 2014-09-06 16:04 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-09-06 15:59 - 2014-09-06 15:59 - 00000881 _____ () C:\Users\Zuzana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2014-09-05 22:39 - 2014-09-05 22:39 - 00000000 ____D () C:\_OTL
2014-09-05 22:39 - 2014-09-05 20:07 - 00002243 _____ () C:\Windows\SysWOW64\mswhostctre.dll
2014-09-05 20:06 - 2014-09-05 20:06 - 00000128 _____ () C:\Windows\SysWOW64\list.txt
2014-09-05 10:13 - 2012-10-18 19:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-04 14:01 - 2014-09-04 14:01 - 00000000 ____D () C:\Program Files (x86)\AnyMeeting Plug-in
2014-09-02 19:34 - 2009-07-14 07:08 - 00032528 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-01 18:18 - 2014-09-01 18:18 - 00000000 ____D () C:\!Peter Sulek
2014-08-29 09:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-27 20:59 - 2014-08-27 20:59 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 20:40 - 2014-08-26 20:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-08-26 12:49 - 2012-10-15 09:45 - 00000000 ____D () C:\Users\Zuzana\AppData\Local\Thunderbird
2014-08-26 12:41 - 2014-08-26 12:41 - 00002112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-26 12:41 - 2014-08-26 12:41 - 00002100 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-08-26 11:50 - 2014-08-26 11:50 - 00000832 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-26 11:50 - 2012-07-23 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-26 11:50 - 2012-07-23 11:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-26 11:49 - 2014-08-26 11:48 - 04813544 _____ (Piriform Ltd) C:\Users\Zuzana\Downloads\ccsetup416.exe
2014-08-26 10:38 - 2014-08-26 10:36 - 27018480 _____ (Mozilla) C:\Users\Zuzana\Downloads\Thunderbird Setup 31.0.exe
2014-08-25 20:18 - 2014-08-25 20:17 - 827030184 _____ () C:\!Peter Sulek.part15.rar
2014-08-25 20:17 - 2014-08-25 20:10 - 4293918720 _____ () C:\!Peter Sulek.part14.rar
2014-08-25 20:10 - 2014-08-25 20:03 - 4293918720 _____ () C:\!Peter Sulek.part13.rar
2014-08-25 20:03 - 2014-08-25 19:57 - 4293918720 _____ () C:\!Peter Sulek.part12.rar
2014-08-25 19:57 - 2014-08-25 19:51 - 4293918720 _____ () C:\!Peter Sulek.part11.rar
2014-08-25 19:51 - 2014-08-25 19:45 - 4293918720 _____ () C:\!Peter Sulek.part10.rar
2014-08-25 19:45 - 2014-08-25 19:40 - 4293918720 _____ () C:\!Peter Sulek.part09.rar
2014-08-25 19:40 - 2014-08-25 19:35 - 4293918720 _____ () C:\!Peter Sulek.part08.rar
2014-08-25 19:35 - 2014-08-25 19:31 - 4293918720 _____ () C:\!Peter Sulek.part07.rar
2014-08-25 19:31 - 2014-08-25 19:26 - 4293918720 _____ () C:\!Peter Sulek.part06.rar
2014-08-25 19:26 - 2014-08-25 19:21 - 4293918720 _____ () C:\!Peter Sulek.part05.rar
2014-08-25 19:21 - 2014-08-25 19:16 - 4293918720 _____ () C:\!Peter Sulek.part04.rar
2014-08-25 19:16 - 2014-08-25 19:09 - 4293918720 _____ () C:\!Peter Sulek.part03.rar
2014-08-25 19:09 - 2014-08-25 19:02 - 4293918720 _____ () C:\!Peter Sulek.part02.rar
2014-08-25 19:02 - 2014-08-25 18:54 - 4293918720 _____ () C:\!Peter Sulek.part01.rar
2014-08-24 16:34 - 2014-02-19 07:11 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\Dropbox
2014-08-23 04:07 - 2014-08-28 11:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 11:40 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 11:40 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-11 10:45 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 10:45 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 11:31 - 2014-02-19 07:13 - 00000000 ___RD () C:\Users\Zuzana\Dropbox
2014-08-19 08:45 - 2013-05-31 03:17 - 00000000 ___RD () C:\Users\Zuzana\Disk Google
2014-08-19 01:01 - 2014-09-11 10:45 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 10:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 10:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 10:44 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 10:45 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 10:45 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 10:45 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 10:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 10:45 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 10:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 10:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-11 10:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 10:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-11 10:45 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 10:45 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 10:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 10:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-11 10:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-11 10:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-11 10:45 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-11 10:45 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-11 10:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-11 10:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-11 10:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-11 10:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-11 10:45 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-11 10:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-11 10:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-11 10:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-11 10:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-11 10:45 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-11 10:45 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-11 10:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-11 10:45 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-11 10:45 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-11 10:45 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-11 10:45 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-11 10:45 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-11 10:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-11 10:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-11 10:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-11 10:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-11 10:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-11 10:44 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-11 10:45 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:15 - 2014-09-11 10:44 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:09 - 2014-09-11 10:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-11 10:45 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-11 10:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-11 10:45 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-11 10:45 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-11 10:45 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-11 10:45 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-11 10:45 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 15:17 - 2013-06-11 23:25 - 00000000 ____D () C:\Users\Zuzana\AppData\Roaming\Nitro PDF
2014-08-18 09:29 - 2012-10-15 09:44 - 00000000 ____D () C:\Programy
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-07 19:34
 
==================== End Of Log ============================

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing evident in the log so lets run a deep scan

Download DrWeb Cureit from here to your desktop it will have a random name
Run the programme
Tick the agreement and select next
Click the green hyperlink "select objects for scanning"
cureit1.JPG

Select all objects bar Random access memory
Press Start scanning
cureit2.JPG

On completion click "Open report" and attach that in your next reply
cureit3.JPG
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP