Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

super slow laptop, multiple chrome.exe*32


  • This topic is locked This topic is locked
18 replies to this topic

#1 Andreas43

Andreas43

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 29 March 2015 - 02:15 AM

It's been two weeks and my laptop is getting slower and slower

BC AdBot (Login to Remove)

 


#2 Andreas43

Andreas43
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 29 March 2015 - 02:16 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Andreas (administrator) on ANDREAS-TOSH on 28-03-2015 23:47:56
Running from C:\Users\Andreas\Downloads
Loaded Profiles: Andreas (Available profiles: Andreas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
() C:\Users\Andreas\AppData\Local\2D030920-1427548476-11E0-A356-60EB69DD6854\insz393C.tmp
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Users\Andreas\AppData\Roaming\2D030920-1425228174-11E0-A356-60EB69DD6854\nsbB598.tmpfs
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cinema PlusV24.03) C:\Program Files (x86)\Cinema Plus Pro 3.2cV24.03\6a1342ee-b38d-4d50-a2aa-31d99af81a13-10.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Cinema PlusV27.03) C:\Program Files (x86)\Cinema Plus Pro 3.2cV27.03\992af33b-d06c-416b-b514-134c9b7c31d6-10.exe
(Cinema PlusV27.03) C:\Program Files (x86)\Cinema Plus Pro 3.2cV27.03\992af33b-d06c-416b-b514-134c9b7c31d6-6.exe
(Cinema PlusV24.03) C:\Program Files (x86)\Cinema Plus Pro 3.2cV24.03\6a1342ee-b38d-4d50-a2aa-31d99af81a13-6.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Cinema PlusV27.03) C:\Program Files (x86)\Cinema Plus Pro 3.2cV27.03\992af33b-d06c-416b-b514-134c9b7c31d6-1-6.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Corporate Inc) C:\Program Files (x86)\winservice86\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-1-6.exe
(Corporate Inc) C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6.exe
(Corporate Inc) C:\Program Files (x86)\winservice86\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(VC Corporation) C:\Program Files (x86)\IGS\VCL.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
() C:\Users\Andreas\AppData\Local\2D030920-1427548476-11E0-A356-60EB69DD6854\jnso3333.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
() C:\Users\Andreas\AppData\Local\Temp\nszD462.tmp
() C:\Users\Andreas\AppData\Local\Temp\nslE960.tmp
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder ()
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hppp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1425553284&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1425553284&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1425553284&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1425553284&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&q={searchTerms}
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dspp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&q={searchTerms}
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5354&src=5354
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hppp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dspp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&q={searchTerms}
HKU\S-1-5-21-1624606784-127597252-2872754861-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=el-GR&Src=MSE&Tid=0003295F&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425553309%26from%3Dcmi%26uid%3DTOSHIBAXMK6476GSXN%5F12DLC0SFTXX12DLC0SFT&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425553309%26from%3Dcmi%26uid%3DTOSHIBAXMK6476GSXN%5F12DLC0SFTXX12DLC0SFT%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=157&itype=n&ver=15868&tm=642&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=157&itype=n&ver=15868&tm=642&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5354&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&ts=1425553381&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&ts=1425553381&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {208A15EF-BBBD-495C-A437-E30D786BF023} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&ts=1425553381&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dspp&ts=1425553309&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5354&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {5B5882F7-D4CA-49BF-A3C8-B061C32F3B18} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&ts=1425553381&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&ts=1425553381&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = http://www.default-search.net/search?sid=498&aid=157&itype=n&ver=15868&tm=642&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&ts=1425553381&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT&ts=1425553381&type=default&q={searchTerms}
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-03-04] (Thinknice Co. Limited)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-09-07] (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 16 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.254
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1425220741&from=ill&uid=TOSHIBAXMK6476GSXN_12DLC0SFTXX12DLC0SFT

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-25] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-25] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-07-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-03-27] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2015-03-27] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-25]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com.cy/
CHR StartupUrls: Profile 1 -> "hxxp://google.com.cy/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-25]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-25]
CHR Extension: (Adblock Plus) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-26]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-25]
CHR Extension: (Days 'til Christmas - Countdown) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fglameehifneoehppacbkgcnamhommdl [2015-02-25]
CHR Extension: (AdBlock) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-25]
CHR Extension: (Chordify
Tune into Chords) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojbmddiahnkphhipnimckolcndkcgjgn [2015-02-25]
CHR Extension: (Cinema Plus Pro 3.2cV24.03) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-03-24]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-25]
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Cinema Plus Pro 3.2cV24.03) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-03-24]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKU\S-1-5-21-1624606784-127597252-2872754861-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Andreas\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-09-29]
CHR HKU\S-1-5-21-1624606784-127597252-2872754861-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Andreas\AppData\Local\Slick Savings\coupons.crx [2015-03-05]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 gihekefo; C:\Users\Andreas\AppData\Local\2D030920-1427548476-11E0-A356-60EB69DD6854\insz393C.tmp [78848 2015-03-28] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-03-27] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-03-27] (globalUpdate) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [156160 2015-03-04] (XTab system)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-03-11] ()
R2 VCL; C:\Program Files (x86)\IGS\VCL.exe [1757232 2015-03-20] (VC Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 sulukevo; C:\Users\Andreas\AppData\Roaming\2D030920-1425228174-11E0-A356-60EB69DD6854\nsbB598.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 23:47 - 2015-03-28 23:48 - 00032680 _____ () C:\Users\Andreas\Downloads\FRST.txt
2015-03-28 23:42 - 2015-03-28 23:48 - 00000000 ____D () C:\FRST
2015-03-28 23:38 - 2015-03-28 23:40 - 02095616 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2015-03-28 22:01 - 2015-03-28 22:01 - 00000000 ____D () C:\Users\Andreas\Downloads\Subs
2015-03-28 20:56 - 2015-03-28 22:25 - 00000168 _____ () C:\Windows\setupact.log
2015-03-28 20:56 - 2015-03-28 20:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-28 20:49 - 2015-03-28 20:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Andreas\Downloads\tdsskiller.exe
2015-03-28 13:14 - 2015-03-28 13:15 - 00000000 ____D () C:\Users\Andreas\AppData\Local\2D030920-1427548476-11E0-A356-60EB69DD6854
2015-03-27 18:28 - 2015-03-28 21:01 - 00008576 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-27 18:28 - 2015-03-28 21:01 - 00008576 _____ () C:\Windows\system32\VCLOff.ini
2015-03-27 18:27 - 2015-03-28 13:16 - 00000000 ____D () C:\Program Files (x86)\IGS
2015-03-27 18:27 - 2015-03-20 15:54 - 00335064 _____ (VC Corporation) C:\Windows\SysWOW64\VCL.dll
2015-03-27 18:24 - 2015-03-28 23:24 - 00005876 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-6.job
2015-03-27 18:24 - 2015-03-28 23:24 - 00003152 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-1-6.job
2015-03-27 18:24 - 2015-03-28 20:57 - 00001694 _____ () C:\Windows\Tasks\ADMTLKJJ.job
2015-03-27 18:24 - 2015-03-28 20:56 - 00005532 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-7.job
2015-03-27 18:24 - 2015-03-28 20:56 - 00003488 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-1-7.job
2015-03-27 18:24 - 2015-03-28 20:56 - 00002460 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-5_user.job
2015-03-27 18:24 - 2015-03-28 20:56 - 00002460 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-5.job
2015-03-27 18:24 - 2015-03-27 18:24 - 01979904 _____ (Cinema PlusV27.03) C:\Users\Andreas\AppData\Roaming\ADMTLKJJ.exe
2015-03-27 18:24 - 2015-03-27 18:24 - 00008904 _____ () C:\Windows\System32\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-6
2015-03-27 18:24 - 2015-03-27 18:24 - 00008562 _____ () C:\Windows\System32\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-7
2015-03-27 18:24 - 2015-03-27 18:24 - 00006518 _____ () C:\Windows\System32\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-1-7
2015-03-27 18:24 - 2015-03-27 18:24 - 00006180 _____ () C:\Windows\System32\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-1-6
2015-03-27 18:24 - 2015-03-27 18:24 - 00005490 _____ () C:\Windows\System32\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-5
2015-03-27 18:24 - 2015-03-27 18:24 - 00004732 _____ () C:\Windows\System32\Tasks\ADMTLKJJ
2015-03-27 18:24 - 2015-03-27 18:24 - 00000000 ____D () C:\Program Files (x86)\cbc9875d-a5e2-4ce5-870c-cb453ddd040d
2015-03-27 18:23 - 2015-03-28 23:23 - 00002126 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-10_user.job
2015-03-27 18:23 - 2015-03-28 20:56 - 00004508 _____ () C:\Windows\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-3.job
2015-03-27 18:23 - 2015-03-28 12:59 - 00000000 ____D () C:\Program Files (x86)\Cinema Plus Pro 3.2cV27.03
2015-03-27 18:23 - 2015-03-27 18:23 - 00007538 _____ () C:\Windows\System32\Tasks\992af33b-d06c-416b-b514-134c9b7c31d6-3
2015-03-26 22:54 - 2015-03-26 22:54 - 00000848 _____ () C:\Users\Andreas\Downloads\Tv shows - Serials (Σειρές) - Shortcut.lnk
2015-03-26 22:47 - 2015-03-26 23:54 - 788797437 _____ () C:\Users\Andreas\Downloads\Crank.2006.720p.BRRip.750MB.MkvCage.com.mkv
2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\Andreas\AppData\Roaming\ADMTLKJJ
2015-03-26 13:17 - 2015-03-26 21:29 - 00000000 ____D () C:\Users\Andreas\Downloads\Arrow.S03E17.HDTV.x264-LOL[ettv]
2015-03-25 17:59 - 2015-03-25 17:59 - 00262144 _____ () C:\Windows\system32\config\elam
2015-03-25 17:47 - 2015-03-25 17:47 - 00000000 _____ () C:\Users\Andreas\AppData\Local\.a852.db
2015-03-25 17:44 - 2015-03-25 17:44 - 00002310 _____ () C:\Users\Andreas\Desktop\Safe Money.lnk
2015-03-25 17:36 - 2015-03-25 17:36 - 00002060 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-25 17:36 - 2015-03-25 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-25 17:35 - 2015-03-28 23:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-25 17:35 - 2015-03-25 17:35 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-03-25 17:35 - 2015-03-25 17:35 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-25 17:35 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-03-25 17:34 - 2015-03-26 11:10 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-25 17:34 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-03-25 17:34 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-25 10:55 - 2015-03-25 21:42 - 00000000 ____D () C:\Users\Andreas\Downloads\The.Flash.2014.S01E16.HDTV.x264-LOL[ettv]
2015-03-25 03:19 - 2015-03-25 03:19 - 00000000 _____ () C:\Windows\SysWOW64\sho59C7.tmp
2015-03-24 23:50 - 2015-03-24 23:50 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsrB3F.tmp
2015-03-24 23:39 - 2015-03-28 23:38 - 00002460 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-5_user.job
2015-03-24 23:39 - 2015-03-28 23:38 - 00002460 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-5.job
2015-03-24 23:39 - 2015-03-28 23:37 - 00005876 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-6.job
2015-03-24 23:39 - 2015-03-28 23:37 - 00005532 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-7.job
2015-03-24 23:39 - 2015-03-28 23:37 - 00003488 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-1-7.job
2015-03-24 23:39 - 2015-03-28 23:37 - 00003152 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-1-6.job
2015-03-24 23:39 - 2015-03-28 20:56 - 00001346 _____ () C:\Windows\Tasks\WUTHPZ.job
2015-03-24 23:39 - 2015-03-27 18:24 - 00000000 ____D () C:\Program Files (x86)\0f9c2902-2b9f-421d-9ffb-470e51140f5c
2015-03-24 23:39 - 2015-03-25 11:38 - 00005490 _____ () C:\Windows\System32\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-5
2015-03-24 23:39 - 2015-03-25 11:37 - 01856000 _____ (Cinema PlusV24.03) C:\Users\Andreas\AppData\Roaming\WUTHPZ.exe
2015-03-24 23:39 - 2015-03-25 11:37 - 00008904 _____ () C:\Windows\System32\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-6
2015-03-24 23:39 - 2015-03-25 11:37 - 00008562 _____ () C:\Windows\System32\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-7
2015-03-24 23:39 - 2015-03-25 11:37 - 00006518 _____ () C:\Windows\System32\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-1-7
2015-03-24 23:39 - 2015-03-25 11:37 - 00006180 _____ () C:\Windows\System32\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-1-6
2015-03-24 23:39 - 2015-03-25 11:37 - 00004384 _____ () C:\Windows\System32\Tasks\WUTHPZ
2015-03-24 23:38 - 2015-03-28 23:42 - 00004508 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-3.job
2015-03-24 23:38 - 2015-03-28 23:37 - 00002126 _____ () C:\Windows\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-10_user.job
2015-03-24 23:38 - 2015-03-28 20:57 - 00000974 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-24 23:38 - 2015-03-28 20:00 - 00000978 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-03-24 23:38 - 2015-03-27 18:23 - 00003976 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-03-24 23:38 - 2015-03-27 18:23 - 00003722 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-03-24 23:38 - 2015-03-26 04:06 - 00000000 ____D () C:\Program Files (x86)\Cinema Plus Pro 3.2cV24.03
2015-03-24 23:38 - 2015-03-25 11:37 - 00007538 _____ () C:\Windows\System32\Tasks\6a1342ee-b38d-4d50-a2aa-31d99af81a13-3
2015-03-24 23:26 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 23:26 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 23:26 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 23:26 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 23:26 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 23:26 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 23:26 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 23:26 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 23:08 - 2015-03-24 23:08 - 00003284 _____ () C:\Windows\System32\Tasks\fxBqkp28XxY8t00
2015-03-24 23:08 - 2015-03-24 23:08 - 00003244 _____ () C:\Windows\System32\Tasks\jA7yfjDmnQ2pXvR
2015-03-24 23:08 - 2015-03-24 23:08 - 00003242 _____ () C:\Windows\System32\Tasks\pffZLeZRQX6PR08
2015-03-24 23:08 - 2015-03-24 23:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\r4DEDCj
2015-03-24 23:08 - 2015-03-24 23:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\MGYWxbv
2015-03-24 23:08 - 2015-03-24 23:08 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Hbyas9i
2015-03-24 06:11 - 2015-03-25 18:28 - 00000000 ____D () C:\ProgramData\EmailNotifier
2015-03-24 06:10 - 2015-03-25 18:28 - 00000000 ____D () C:\Program Files (x86)\mystarttb
2015-03-22 21:37 - 2015-03-22 21:37 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsa48FA.tmp
2015-03-22 21:35 - 2015-03-25 11:02 - 00000000 ____D () C:\Users\Andreas\Downloads\Cinderella 2015 72OP HDTC H264 AC3 MURD3R
2015-03-22 16:09 - 2015-03-22 17:36 - 00000000 ____D () C:\Users\Andreas\Downloads\The.Vampire.Diaries.S06E17.HDTV.x264-LOL[ettv]
2015-03-22 16:09 - 2015-03-22 16:52 - 00000000 ____D () C:\Users\Andreas\Downloads\The.Vampire.Diaries.S06E16.HDTV.x264-LOL[ettv]
2015-03-22 15:45 - 2015-03-24 23:55 - 00001052 _____ () C:\Users\Andreas\Desktop\AnyProtect.lnk
2015-03-22 15:45 - 2015-03-22 15:45 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-03-22 15:42 - 2015-03-22 15:45 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-03-22 15:42 - 2015-03-22 15:42 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsk82B0.tmp
2015-03-22 13:13 - 2015-03-22 14:04 - 00000000 ____D () C:\Users\Andreas\Downloads\The.Flash.2014.S01E15.HDTV.x264-LOL[ettv]
2015-03-22 00:20 - 2015-03-22 21:35 - 00000000 ____D () C:\Users\Andreas\Downloads\Big Hero 6 (2014)
2015-03-22 00:20 - 2015-03-22 13:13 - 00000000 ____D () C:\Users\Andreas\Downloads\Arrow.S03E16.HDTV.x264-LOL[ettv]
2015-03-15 06:15 - 2015-03-15 06:15 - 00001976 _____ () C:\Users\Andreas\Desktop\Sync Folder.lnk
2015-03-15 06:15 - 2015-03-15 06:15 - 00001076 _____ () C:\Users\Andreas\Desktop\MyPC Backup.lnk
2015-03-15 06:15 - 2015-03-15 06:15 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-03-15 06:14 - 2015-03-15 15:04 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-15 06:13 - 2015-03-15 06:14 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-03-15 06:13 - 2015-03-15 06:13 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\VOPackage
2015-03-15 06:13 - 2015-03-15 06:13 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1426392836-11E0-A356-60EB69DD6854
2015-03-14 15:25 - 2015-03-14 15:25 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-03-11 23:55 - 2015-03-11 23:55 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1426110903-11E0-A356-60EB69DD6854
2015-03-11 23:50 - 2015-03-11 23:50 - 44154880 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2015-03-11 18:21 - 2015-03-11 18:21 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsn3A1B.tmp
2015-03-11 16:36 - 2015-03-11 16:36 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nshD5A5.tmp
2015-03-11 11:09 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 11:09 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 11:09 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 11:09 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 11:09 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 11:09 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 11:09 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 11:09 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 11:09 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 11:09 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 11:09 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 11:09 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 11:09 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 11:09 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 11:09 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 11:09 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 11:09 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 11:09 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 11:09 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 11:09 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 11:09 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 11:09 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 11:09 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 11:09 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 11:09 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 11:09 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 11:09 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 11:09 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 11:09 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 11:09 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 11:09 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 11:09 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 11:09 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 11:09 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 11:09 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 11:09 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 11:09 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 11:09 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 11:08 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 11:08 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 11:08 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 11:07 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 11:07 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 11:07 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 11:07 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 11:07 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 11:07 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 11:07 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 11:07 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 11:07 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 11:07 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 11:07 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 11:07 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 11:07 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 11:07 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 11:07 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 11:07 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 11:07 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 11:07 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 11:07 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 11:07 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 11:07 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 11:07 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 11:07 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 11:07 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 11:06 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 11:06 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 11:06 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 11:06 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 11:06 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 11:06 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 11:06 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 11:06 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 11:06 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 11:06 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 11:06 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 11:06 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 11:06 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 11:06 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 11:06 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 11:06 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 11:06 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 11:06 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 11:06 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 11:06 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 11:06 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 11:06 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 11:06 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 11:06 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 11:06 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 11:06 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 11:06 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 11:06 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 11:06 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 11:06 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 11:06 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 11:06 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 11:06 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 11:06 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 11:06 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 11:06 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 11:06 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 11:06 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 11:06 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 11:06 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 11:06 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 11:06 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 11:06 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 11:06 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 11:06 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 11:06 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 11:06 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 11:06 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 11:06 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 11:06 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 11:06 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 11:06 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 11:06 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 11:06 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 11:06 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 11:06 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 11:06 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 11:01 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 11:01 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 20:32 - 2015-03-10 20:32 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsjA30B.tmp
2015-03-10 20:31 - 2015-03-10 20:31 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsdF32D.tmp
2015-03-10 14:01 - 2015-03-10 14:01 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsy4F70.tmp
2015-03-09 23:30 - 2015-03-09 23:30 - 00005487 _____ () C:\Users\Andreas\AppData\Roaming\WUTHPZ
2015-03-09 12:59 - 2015-03-09 12:58 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nstB10F.tmp
2015-03-08 14:50 - 2015-03-08 14:50 - 00628688 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nso67EF.tmp
2015-03-08 14:10 - 2015-03-08 14:10 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsjC0F7.tmp
2015-03-08 13:41 - 2015-03-25 20:15 - 00000000 ____D () C:\Users\Andreas\AppData\Local\2D030920-1425822084-11E0-A356-60EB69DD6854
2015-03-08 13:37 - 2015-03-25 19:18 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1425814631-11E0-A356-60EB69DD6854
2015-03-08 12:48 - 2015-03-08 12:48 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsdB4F5.tmp
2015-03-08 12:44 - 2015-03-08 12:44 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nss9DBE.tmp
2015-03-06 19:16 - 2015-03-06 19:16 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsu807E.tmp
2015-03-06 18:44 - 2015-03-06 18:44 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nss525C.tmp
2015-03-05 20:44 - 2015-03-05 20:44 - 00613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsz1695.tmp
2015-03-05 20:16 - 2015-03-05 20:16 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1425579365-11E0-A356-60EB69DD6854
2015-03-05 19:51 - 2015-03-05 19:51 - 94478336 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2015-03-05 19:51 - 2015-03-05 19:51 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2015-03-05 19:51 - 2015-03-05 19:51 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2015-03-05 19:51 - 2015-03-05 19:51 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2015-03-05 14:45 - 2015-03-05 14:45 - 00003168 _____ () C:\Windows\System32\Tasks\{7A604BBA-6F77-4A77-8456-2D9BD4F7DBDA}
2015-03-05 14:19 - 2013-06-27 18:05 - 00027456 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2015-03-05 14:08 - 2015-03-05 14:08 - 94478336 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2015-03-05 14:08 - 2015-03-05 14:08 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iobit
2015-03-05 14:08 - 2015-03-05 14:08 - 00061440 _____ () C:\Windows\system32\config\SAM.iobit
2015-03-05 14:08 - 2015-03-05 14:08 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2015-03-05 13:04 - 2015-03-05 13:04 - 00001983 _____ () C:\Windows\patsearch.bin
2015-03-05 13:04 - 2015-03-05 13:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-03-05 12:57 - 2015-03-25 20:15 - 00000000 ____D () C:\Users\Andreas\AppData\Local\2D030920-1425560259-11E0-A356-60EB69DD6854
2015-03-05 11:48 - 2015-03-05 14:42 - 00000000 ____D () C:\Users\Andreas\AppData\Local\2D030920-1425556128-11E0-A356-60EB69DD6854
2015-03-05 10:30 - 2015-03-05 10:30 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\ProductData
2015-03-05 10:23 - 2015-03-05 10:23 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Apple Computer
2015-03-05 10:22 - 2015-03-21 22:35 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-05 10:19 - 2015-03-05 12:57 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\IObit
2015-03-05 10:19 - 2015-03-05 10:29 - 00000000 ____D () C:\ProgramData\IObit
2015-03-05 10:19 - 2015-03-05 10:19 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Slick Savings
2015-03-05 10:19 - 2015-03-05 10:19 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2015-03-05 10:17 - 2015-03-05 10:28 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-05 10:09 - 2015-03-25 20:15 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1425542946-11E0-A356-60EB69DD6854
2015-03-02 14:36 - 2015-03-02 14:37 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1425306999-11E0-A356-60EB69DD6854
2015-03-01 21:25 - 2015-03-28 00:27 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-03-01 21:25 - 2015-03-26 13:17 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-03-01 21:25 - 2015-03-25 00:15 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-03-01 21:25 - 2015-03-24 23:56 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-03-01 21:25 - 2015-03-24 23:56 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-03-01 21:25 - 2015-03-24 23:56 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-03-01 20:48 - 2015-03-28 20:57 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-01 16:58 - 2015-03-01 16:58 - 00003162 _____ () C:\Windows\System32\Tasks\{8C32FCB7-86F6-406B-85A9-02CADA6CD55F}
2015-03-01 16:49 - 2015-03-27 23:35 - 00000000 ____D () C:\Users\Andreas\AppData\Local\2D030920-1425228592-11E0-A356-60EB69DD6854
2015-03-01 16:46 - 2015-03-28 23:46 - 00003124 _____ () C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6.job
2015-03-01 16:46 - 2015-03-28 22:46 - 00003460 _____ () C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7.job
2015-03-01 16:46 - 2015-03-28 22:46 - 00002432 _____ () C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5_user.job
2015-03-01 16:46 - 2015-03-28 22:46 - 00002432 _____ () C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5.job
2015-03-01 16:46 - 2015-03-01 16:46 - 00006490 _____ () C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-7
2015-03-01 16:46 - 2015-03-01 16:46 - 00006152 _____ () C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-1-6
2015-03-01 16:46 - 2015-03-01 16:46 - 00005462 _____ () C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-5
2015-03-01 16:45 - 2015-03-28 23:45 - 00005848 _____ () C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6.job
2015-03-01 16:45 - 2015-03-28 23:45 - 00002098 _____ () C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-10_user.job
2015-03-01 16:45 - 2015-03-28 22:45 - 00005504 _____ () C:\Windows\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7.job
2015-03-01 16:45 - 2015-03-01 16:45 - 00008876 _____ () C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-6
2015-03-01 16:45 - 2015-03-01 16:45 - 00008534 _____ () C:\Windows\System32\Tasks\a4e18f4e-2dc5-4a9a-97ce-2eedf7bde895-7
2015-03-01 16:45 - 2015-03-01 16:45 - 00000000 ____D () C:\Program Files (x86)\732c5602-885d-4b9d-9083-372cdd2690b0
2015-03-01 16:42 - 2015-03-01 16:44 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1425228174-11E0-A356-60EB69DD6854
2015-03-01 16:40 - 2015-03-26 17:06 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-01 16:40 - 2015-03-01 16:40 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-01 16:39 - 2015-03-27 23:27 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-01 16:39 - 2015-03-05 08:51 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\istartsurf
2015-02-28 20:43 - 2015-02-28 20:43 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-02-28 20:43 - 2015-02-28 20:43 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-02-28 20:43 - 2015-02-28 20:43 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-02-28 20:40 - 2015-02-28 20:40 - 00268307 _____ () C:\ProgramData\1425148712.bdinstall.bin
2015-02-28 12:57 - 2015-02-28 12:57 - 00000000 _____ () C:\Windows\SysWOW64\sho4C3.tmp
2015-02-28 10:37 - 2015-03-28 20:56 - 00002432 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-5_user.job
2015-02-28 10:37 - 2015-03-28 20:56 - 00002432 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-5.job
2015-02-28 10:37 - 2015-02-28 20:29 - 00005462 _____ () C:\Windows\System32\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-5
2015-02-28 10:35 - 2015-03-28 23:28 - 00005848 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-6.job
2015-02-28 10:35 - 2015-03-28 23:28 - 00003124 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-1-6.job
2015-02-28 10:35 - 2015-03-28 20:56 - 00005504 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-7.job
2015-02-28 10:35 - 2015-03-28 20:56 - 00003460 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-1-7.job
2015-02-28 10:35 - 2015-03-01 16:45 - 00000000 ____D () C:\Program Files (x86)\1c78abf4-78a5-45c3-8563-d71876943c3c
2015-02-28 10:35 - 2015-02-28 20:28 - 00008876 _____ () C:\Windows\System32\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-6
2015-02-28 10:35 - 2015-02-28 20:28 - 00008534 _____ () C:\Windows\System32\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-7
2015-02-28 10:35 - 2015-02-28 20:28 - 00006490 _____ () C:\Windows\System32\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-1-7
2015-02-28 10:35 - 2015-02-28 20:28 - 00006152 _____ () C:\Windows\System32\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-1-6
2015-02-28 10:34 - 2015-03-28 23:28 - 00002098 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-10_user.job
2015-02-28 10:34 - 2015-03-28 20:57 - 00005170 _____ () C:\Windows\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-11.job
2015-02-28 10:34 - 2015-02-28 20:28 - 00008200 _____ () C:\Windows\System32\Tasks\7ff67aa2-b530-4471-8e5d-c6fd4c11a213-11
2015-02-27 07:48 - 2015-03-28 20:57 - 00002432 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-5_user.job
2015-02-27 07:48 - 2015-03-28 20:57 - 00002432 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-5.job
2015-02-27 07:48 - 2015-02-28 06:14 - 00005462 _____ () C:\Windows\System32\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-5
2015-02-27 07:46 - 2015-03-28 23:12 - 00005848 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-6.job
2015-02-27 07:46 - 2015-03-28 23:12 - 00003124 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-1-6.job
2015-02-27 07:46 - 2015-03-28 23:11 - 00002098 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-10_user.job
2015-02-27 07:46 - 2015-03-28 20:57 - 00005170 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-11.job
2015-02-27 07:46 - 2015-03-28 20:57 - 00003460 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-1-7.job
2015-02-27 07:46 - 2015-03-28 20:56 - 00005504 _____ () C:\Windows\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-7.job
2015-02-27 07:46 - 2015-02-28 06:12 - 00008876 _____ () C:\Windows\System32\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-6
2015-02-27 07:46 - 2015-02-28 06:12 - 00006490 _____ () C:\Windows\System32\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-1-7
2015-02-27 07:46 - 2015-02-28 06:12 - 00006152 _____ () C:\Windows\System32\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-1-6
2015-02-27 07:46 - 2015-02-28 06:11 - 00008534 _____ () C:\Windows\System32\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-7
2015-02-27 07:46 - 2015-02-28 06:11 - 00008200 _____ () C:\Windows\System32\Tasks\95064eff-7c28-4a2b-a352-4e82f482ae9f-11
2015-02-27 07:46 - 2015-02-27 07:46 - 00000000 ____D () C:\Program Files (x86)\93d12266-370b-4506-9e20-c7618ee3e876
2015-02-26 21:00 - 2015-03-28 21:01 - 00002432 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-5_user.job
2015-02-26 21:00 - 2015-03-28 21:01 - 00002432 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-5.job
2015-02-26 21:00 - 2015-02-26 21:00 - 00005462 _____ () C:\Windows\System32\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-5
2015-02-26 20:56 - 2015-03-28 22:56 - 00005504 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-6.job
2015-02-26 20:56 - 2015-03-28 22:56 - 00003124 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-1-6.job
2015-02-26 20:56 - 2015-03-28 20:57 - 00003460 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-1-7.job
2015-02-26 20:56 - 2015-03-28 20:56 - 00005504 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-7.job
2015-02-26 20:56 - 2015-02-26 20:56 - 00008534 _____ () C:\Windows\System32\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-7
2015-02-26 20:56 - 2015-02-26 20:56 - 00008532 _____ () C:\Windows\System32\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-6
2015-02-26 20:56 - 2015-02-26 20:56 - 00006490 _____ () C:\Windows\System32\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-1-7
2015-02-26 20:56 - 2015-02-26 20:56 - 00006152 _____ () C:\Windows\System32\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-1-6
2015-02-26 20:56 - 2015-02-26 20:56 - 00000000 ____D () C:\Program Files (x86)\0879450e-1e34-468f-8d6a-7de7914c138a
2015-02-26 20:55 - 2015-03-28 22:55 - 00002098 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-10_user.job
2015-02-26 20:55 - 2015-03-28 20:57 - 00005170 _____ () C:\Windows\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-11.job
2015-02-26 20:55 - 2015-02-26 20:55 - 00008200 _____ () C:\Windows\System32\Tasks\e88cab1d-5ce2-45cb-a6bc-61d4b48ece55-11

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 23:47 - 2015-02-25 16:28 - 00003124 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-1-6.job
2015-03-28 23:47 - 2015-02-25 16:27 - 00005504 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-6.job
2015-03-28 23:47 - 2015-02-25 16:27 - 00002098 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-10_user.job
2015-03-28 23:46 - 2014-07-18 14:15 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\uTorrent
2015-03-28 23:44 - 2015-02-24 13:18 - 00003124 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-6.job
2015-03-28 23:43 - 2015-02-24 13:18 - 00005504 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-6.job
2015-03-28 23:43 - 2015-02-24 13:17 - 00002098 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-10_user.job
2015-03-28 23:28 - 2011-09-07 09:25 - 00001184 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 23:16 - 2015-02-19 15:16 - 00005504 _____ () C:\Windows\Tasks\2f7c46ad-54a3-480c-a05b-524a5dceabc7-6.job
2015-03-28 23:16 - 2015-02-19 15:16 - 00003124 _____ () C:\Windows\Tasks\2f7c46ad-54a3-480c-a05b-524a5dceabc7-1-6.job
2015-03-28 23:00 - 2014-07-18 23:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 22:28 - 2009-07-14 07:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 21:54 - 2015-01-30 21:54 - 00001692 _____ () C:\Windows\Tasks\DOUKIZP.job
2015-03-28 21:24 - 2014-07-18 15:40 - 00000392 _____ () C:\Windows\Tasks\update-sys.job
2015-03-28 21:19 - 2015-02-19 15:19 - 00002432 _____ () C:\Windows\Tasks\2f7c46ad-54a3-480c-a05b-524a5dceabc7-5_user.job
2015-03-28 21:19 - 2015-02-19 15:19 - 00002432 _____ () C:\Windows\Tasks\2f7c46ad-54a3-480c-a05b-524a5dceabc7-5.job
2015-03-28 21:16 - 2015-02-19 15:16 - 00005504 _____ () C:\Windows\Tasks\2f7c46ad-54a3-480c-a05b-524a5dceabc7-7.job
2015-03-28 21:16 - 2015-02-19 15:16 - 00005170 _____ () C:\Windows\Tasks\2f7c46ad-54a3-480c-a05b-524a5dceabc7-11.job
2015-03-28 21:16 - 2015-02-19 15:16 - 00003460 _____ () C:\Windows\Tasks\2f7c46ad-54a3-480c-a05b-524a5dceabc7-1-7.job
2015-03-28 21:12 - 2015-02-09 16:44 - 00000356 _____ () C:\Users\Andreas\AppData\Local\recently-fix.db
2015-03-28 21:02 - 2014-09-29 18:53 - 00000000 ___RD () C:\Users\Andreas\Google Drive
2015-03-28 20:57 - 2011-09-07 09:25 - 00001180 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 20:56 - 2015-02-25 16:30 - 00002432 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-5_user.job
2015-03-28 20:56 - 2015-02-25 16:30 - 00002432 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-5.job
2015-03-28 20:56 - 2015-02-25 16:28 - 00003460 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-1-7.job
2015-03-28 20:56 - 2015-02-25 16:27 - 00005504 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-7.job
2015-03-28 20:56 - 2015-02-25 16:27 - 00005170 _____ () C:\Windows\Tasks\29672d50-4e4a-4825-b121-e34ecad7b2da-11.job
2015-03-28 20:56 - 2015-02-24 13:20 - 00002432 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5_user.job
2015-03-28 20:56 - 2015-02-24 13:20 - 00002432 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5.job
2015-03-28 20:56 - 2015-02-24 13:18 - 00005168 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-7.job
2015-03-28 20:56 - 2015-02-24 13:18 - 00003460 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-7.job
2015-03-28 20:56 - 2015-02-24 13:17 - 00005170 _____ () C:\Windows\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-11.job
2015-03-28 20:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 20:39 - 2014-07-18 15:40 - 00000392 _____ () C:\Windows\Tasks\update-S-1-5-21-1624606784-127597252-2872754861-1001.job
2015-03-28 16:05 - 2014-07-26 20:38 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2015-03-28 16:04 - 2014-07-26 20:38 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2015-03-28 16:04 - 2014-07-18 13:03 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2015-03-26 22:58 - 2015-02-19 15:16 - 00000000 ____D () C:\Program Files (x86)\winservice86
2015-03-26 13:32 - 2014-07-18 13:06 - 00001420 _____ () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-26 11:26 - 2014-12-02 14:32 - 00000000 ___RD () C:\Users\Andreas\Dropbox
2015-03-26 11:25 - 2014-12-02 14:28 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Dropbox
2015-03-26 11:06 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-03-26 04:27 - 2009-07-14 06:45 - 00036736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 04:27 - 2009-07-14 06:45 - 00036736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 04:06 - 2011-09-07 09:25 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 20:15 - 2015-02-25 06:19 - 00000000 ____D () C:\Users\Andreas\AppData\Local\2D030920-1424845162-11E0-A356-60EB69DD6854
2015-03-25 20:15 - 2015-02-25 06:13 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\2D030920-1424844819-11E0-A356-60EB69DD6854
2015-03-25 18:35 - 2014-09-09 19:00 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\TeamViewer
2015-03-25 17:28 - 2014-07-18 13:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-25 03:18 - 2014-12-11 04:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:18 - 2014-07-19 21:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 03:18 - 2014-07-18 13:11 - 01759159 ____N () C:\Windows\WindowsUpdate.log
2015-03-24 23:38 - 2014-09-07 02:34 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-16 16:16 - 2014-07-30 13:10 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2015-03-15 15:34 - 2014-12-31 12:54 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Windows Live
2015-03-15 13:34 - 2014-09-29 18:52 - 00002049 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-15 13:34 - 2014-09-29 18:52 - 00002047 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-15 13:34 - 2014-09-29 18:52 - 00002037 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-15 13:34 - 2014-09-29 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-15 06:15 - 2015-02-20 06:19 - 00004026 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-03-15 04:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-14 21:48 - 2014-07-19 01:27 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Adobe
2015-03-14 21:44 - 2011-09-07 09:07 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-14 21:43 - 2014-07-18 23:19 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-14 21:43 - 2014-07-18 23:19 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-14 21:43 - 2014-07-18 23:19 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-14 21:13 - 2014-12-02 14:32 - 00001035 _____ () C:\Users\Andreas\Desktop\Dropbox.lnk
2015-03-14 21:13 - 2014-12-02 14:31 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-14 21:03 - 2014-09-02 22:18 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Unity
2015-03-14 21:02 - 2014-12-19 18:08 - 00000000 ____D () C:\Users\Andreas\Downloads\louizita
2015-03-14 11:05 - 2014-07-18 13:01 - 00000000 ____D () C:\Users\Andreas
2015-03-11 23:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-11 23:32 - 2015-02-25 16:42 - 00002190 _____ () C:\Users\Andreas\Desktop\Person 1 - Chrome.lnk
2015-03-11 23:32 - 2015-02-25 16:42 - 00002190 _____ () C:\Users\Andreas\Desktop\First user - Chrome.lnk
2015-03-11 20:12 - 2014-07-20 11:30 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SoftGrid Client
2015-03-11 17:53 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 17:43 - 2009-07-14 06:45 - 00437152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 17:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 17:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 17:05 - 2014-07-23 22:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 16:52 - 2014-07-21 21:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 16:43 - 2014-07-21 21:20 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 19:57 - 2009-07-14 07:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-09 14:10 - 2014-12-23 14:47 - 00000000 ____D () C:\Users\Andreas\Downloads\New folder
2015-03-06 00:02 - 2015-02-01 21:02 - 00000000 ____D () C:\Users\Andreas\Downloads\Man of Steel (2013)
2015-03-05 10:53 - 2011-09-07 07:59 - 00000000 ____D () C:\Windows\Panther
2015-03-02 14:21 - 2014-08-28 22:37 - 00000000 ____D () C:\Program Files\Bitdefender
2015-02-28 20:46 - 2011-09-07 08:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-28 20:43 - 2014-11-02 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-02-28 20:42 - 2015-01-05 16:11 - 00000000 ____D () C:\Program Files\CDisplayEx
2015-02-28 20:40 - 2014-08-28 22:30 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-02-28 20:35 - 2014-08-28 23:45 - 00000000 ____D () C:\Windows\Minidump

==================== Files in the root of some directories =======

2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Users\Andreas\AppData\Roaming\ADMTLKJJ
2015-03-27 18:24 - 2015-03-27 18:24 - 1979904 _____ (Cinema PlusV27.03) C:\Users\Andreas\AppData\Roaming\ADMTLKJJ.exe
2015-02-19 15:19 - 2015-02-19 15:23 - 0001311 _____ () C:\Users\Andreas\AppData\Roaming\Bubble Dock.boostrap.log
2015-02-19 15:20 - 2015-02-19 15:21 - 0005785 _____ () C:\Users\Andreas\AppData\Roaming\Bubble Dock.installation.log
2015-01-25 18:12 - 2015-02-25 03:55 - 0000365 _____ () C:\Users\Andreas\AppData\Roaming\DOUKIZP
2015-02-19 15:22 - 2015-02-19 15:22 - 0000078 _____ () C:\Users\Andreas\AppData\Roaming\Selection Tools.installation.log
2015-02-19 15:20 - 2015-02-19 15:20 - 0000097 _____ () C:\Users\Andreas\AppData\Roaming\WindApp.boostrap.log
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Andreas\AppData\Roaming\WUTHPZ
2015-03-24 23:39 - 2015-03-25 11:37 - 1856000 _____ (Cinema PlusV24.03) C:\Users\Andreas\AppData\Roaming\WUTHPZ.exe
2015-03-25 17:47 - 2015-03-25 17:47 - 0000000 _____ () C:\Users\Andreas\AppData\Local\.a852.db
2015-03-22 21:37 - 2015-03-22 21:37 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsa48FA.tmp
2015-03-08 12:48 - 2015-03-08 12:48 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsdB4F5.tmp
2015-03-10 20:31 - 2015-03-10 20:31 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsdF32D.tmp
2015-03-11 16:36 - 2015-03-11 16:36 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nshD5A5.tmp
2015-03-10 20:32 - 2015-03-10 20:32 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsjA30B.tmp
2015-03-08 14:10 - 2015-03-08 14:10 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsjC0F7.tmp
2015-03-22 15:42 - 2015-03-22 15:42 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsk82B0.tmp
2015-03-11 18:21 - 2015-03-11 18:21 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsn3A1B.tmp
2015-03-08 14:50 - 2015-03-08 14:50 - 0628688 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nso67EF.tmp
2015-03-24 23:50 - 2015-03-24 23:50 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsrB3F.tmp
2015-03-06 18:44 - 2015-03-06 18:44 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nss525C.tmp
2015-03-08 12:44 - 2015-03-08 12:44 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nss9DBE.tmp
2015-03-09 12:59 - 2015-03-09 12:58 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nstB10F.tmp
2015-03-06 19:16 - 2015-03-06 19:16 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsu807E.tmp
2015-03-10 14:01 - 2015-03-10 14:01 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsy4F70.tmp
2015-03-05 20:44 - 2015-03-05 20:44 - 0613255 _____ (CMI Limited) C:\Users\Andreas\AppData\Local\nsz1695.tmp
2015-02-09 16:44 - 2015-03-28 21:12 - 0000356 _____ () C:\Users\Andreas\AppData\Local\recently-fix.db
2014-08-28 23:27 - 2014-08-28 23:27 - 0000003 _____ () C:\Users\Andreas\AppData\Local\updater.log
2014-07-18 15:40 - 2014-12-18 00:27 - 0000425 _____ () C:\Users\Andreas\AppData\Local\UserProducts.xml
2015-02-28 20:40 - 2015-02-28 20:40 - 0268307 _____ () C:\ProgramData\1425148712.bdinstall.bin
2014-08-28 22:43 - 2014-08-28 22:44 - 6345936 ____R (PC Cleaners) C:\ProgramData\pclunst.exe

Files to move or delete:
====================
C:\ProgramData\pclunst.exe


Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\9457.exe
C:\Users\Andreas\AppData\Local\Temp\Uninstall.exe
C:\Users\Andreas\AppData\Local\Temp\{4BC3D146-06B1-42B8-94AE-0024033AB9D6}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 03:55

==================== End Of Log ============================

#3 Andreas43

Andreas43
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 29 March 2015 - 12:00 PM

Anyone?

#4 sauberlime

sauberlime

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 02 April 2015 - 03:16 PM

Hi, you got Kaspersky and Iobit installed and those two are security software and you should only have one installed. 1.gif



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:37 AM

Posted 02 April 2015 - 03:33 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

The Addition.txt is missing, please re-run FRST.


frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:37 AM

Posted 02 April 2015 - 03:42 PM

Moved topic to Malware Removal forum...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:37 AM

Posted 02 April 2015 - 03:44 PM

Thank you boopme! :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Andreas43

Andreas43
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 02 April 2015 - 04:02 PM

i 've read several guides from your site, i think something like "what to do when your pc is slow"

i did several scans with a lot of tools and i think the major problem is gone

however i am running the scans to be sure there are no left over

thanks for helping me

 

 

Attached Files



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:37 AM

Posted 02 April 2015 - 04:06 PM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Andreas43

Andreas43
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 02 April 2015 - 04:52 PM

it took some time, but here it is

Attached Files



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:37 AM

Posted 02 April 2015 - 05:02 PM

Hi there,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Andreas43

Andreas43
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 02 April 2015 - 06:06 PM

i remember running both applications 1-2 days ago when i read the article but anyway,

the adw cleaner found nothing, and anti-malware "1"

 

is there anything else to do, as my laptop is already fine?

Attached Files



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:37 AM

Posted 03 April 2015 - 05:28 AM

Yes, after the ESET Scan we need to fix some things.

Please read the instructions carefully:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
 
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Edited by deeprybka, 03 April 2015 - 05:30 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Andreas43

Andreas43
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 03 April 2015 - 10:04 AM

i did nothing after the scan, i skipped uninstall
 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e1124cbbc8fb61449b32432d96527065
# engine=23217
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-03 01:22:30
# local_time=2015-04-03 04:22:30 (+0200, GTB Daylight Time)
# country="Greece"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Total Security'
# compatibility_mode=1301 16777213 100 100 10622 55646180 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 169199 179697200 0 0
# scanned=224310
# found=24
# cleaned=0
# scan_time=9361
sh=E34BE913B0422C5E31C9568E3C506270571BEAA0 ft=1 fh=27e6db26069b68bc vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\1c78abf4-78a5-45c3-8563-d71876943c3c\732c5602-885d-4b9d-9083-372cdd2690b0.dll.vir"
sh=E34BE913B0422C5E31C9568E3C506270571BEAA0 ft=1 fh=27e6db26069b68bc vn="a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\732c5602-885d-4b9d-9083-372cdd2690b0\5af7995a-11f1-4400-9e5b-a4d81771d645.dll.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsa48FA.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsdB4F5.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsdF32D.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nshD5A5.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsjA30B.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsjC0F7.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsk82B0.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsn3A1B.tmp.vir"
sh=B8E386F29A6819A871E37279BBE77617EA55104E ft=1 fh=952867936d89f9c0 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nso67EF.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsrB3F.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nss525C.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nss9DBE.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nstB10F.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsu807E.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsy4F70.tmp.vir"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Andreas\AppData\Local\nsz1695.tmp.vir"
sh=D761FADB87E112C0C6199D4AB57B9D527298CC95 ft=1 fh=6d22dfbebe67c214 vn="a variant of Win32/Adware.ConvertAd.BQ application" ac=I fn="C:\Users\Andreas\AppData\Local\2D030920-1425228592-11E0-A356-60EB69DD6854\rnse949B.exe"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.23_0\extensionData\plugins\91.js"
sh=FCC4483DEF410D70FE44DE88B2542BAE3A31EC9A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.26_0\extensionData\plugins\91.js"
sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Andreas\AppData\Roaming\ADMTLKJJ"
sh=8BEDFA995B0C5EE4079F8BAF0255A1B3713FB0A9 ft=1 fh=1a35d9cc6e6cdb1c vn="Win32/Packed.VMDetector.I potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nova_updater[2].exe"
sh=8BEDFA995B0C5EE4079F8BAF0255A1B3713FB0A9 ft=1 fh=1a35d9cc6e6cdb1c vn="Win32/Packed.VMDetector.I potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nova_updater[2].exe"
 

Attached Files

  • Attached File  log.txt   6.02KB   1 downloads

Edited by deeprybka, 03 April 2015 - 10:10 AM.
log


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:37 AM

Posted 03 April 2015 - 10:46 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Users\Andreas\AppData\Roaming\Hbyas9i\
    C:\Users\Andreas\AppData\Roaming\MGYWxbv\
    C:\Users\Andreas\AppData\Roaming\r4DEDCj\
    Task: {0599F3A0-C6CC-4AFF-9830-9A1734911AE0} - System32\Tasks\{7A604BBA-6F77-4A77-8456-2D9BD4F7DBDA} 
    Task: {5716AE8C-4D87-4DD2-A75D-DF1D80A95EC9} - System32\Tasks\pffZLeZRQX6PR08 => C:\Users\Andreas\AppData\Roaming\Hbyas9i\CroKIpJ.exe
    Task: {661B33C2-7C4E-4948-89F0-38D0C06D14EA} - System32\Tasks\fxBqkp28XxY8t00 => C:\Users\Andreas\AppData\Roaming\MGYWxbv\6Ffl5TB.exe
    Task: {DBC93ECD-3F97-4830-BA19-1B06C61A3BC7} - System32\Tasks\jA7yfjDmnQ2pXvR => C:\Users\Andreas\AppData\Roaming\r4DEDCj\1zxnOY1.exe
    AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder ()
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1624606784-127597252-2872754861-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
    Toolbar: HKU\S-1-5-21-1624606784-127597252-2872754861-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    C:\ProgramData\pclunst.exe
    C:\Users\Andreas\AppData\Local\2D030920-1425228592-11E0-A356-60EB69DD6854\
    C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\papbadoldddalgcjcicnikcfenodpghp\
    C:\Users\Andreas\AppData\Roaming\ADMTLKJJ
    C:\Users\Andreas\AppData\Roaming\DOUKIZP
    C:\Users\Andreas\AppData\Local\.a852.db
    EmptyTemp:
    
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

Do you know how to make zip files? :)
 

  • Locate the file or folder that you want to compress.
  • Right-click the file or folder, point to Send to, and then click Compressed (zipped) folder.
    A new compressed folder is created in the same location. To rename it, right-click the folder, click Rename, and then type the new name.

I want you to do following:

C:\FRST\Quarantine

Please search for that folder and create a zip-files of it. Please upload the zip-file to  http://www.filedropper.com/ and send me the link via PM.
Thank you!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

How is the computer running? Are there any problems left?


Edited by deeprybka, 03 April 2015 - 10:49 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users