Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm really badly infected, where do I start my clearing? pt2


  • This topic is locked This topic is locked
5 replies to this topic

#1 sinine

sinine

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 02 March 2017 - 04:00 PM

First topic: https://www.bleepingcomputer.com/forums/t/641098/im-really-badly-infected-where-do-i-start-my-clearing/#entry4191626

 

Copy&Paste from the topic:

I did something stupid and now my laptop, win 10 if it's important, is really infected. I'm scanning my laptop with Avast right now, and it's done only 7% and have 22 viruses already.

I'll wait til it's done but I'm sure I won't get rid of everything that way. What else would be useful to do?

 

The only thing that's really sticking out right now is that I cannot change my internet homepage, even after doing it once it changes back to this other random one.

And there is this one weird programme or something, dunno what it is, that I cannot get rid of any way. It's some chinese thing and it randomly opens some random chinese webpage in I don't know what browser.

 

? Help!

 

Also did the following:

Ran Security Check, Farbar Service Scanner, MiniToolBox, Malwarebytes, Malwarebytes Anti-Rootkit and Rkill. As a result of those had to do Farbar Recover Scan Tool. Here are the logs:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by Diana (administrator) on DIANA-PC (02-03-2017 22:06:32)
Running from C:\Users\Diana\Desktop

Loaded Profiles: Diana (Available Profiles: Diana & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Eesti (Eesti)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
() C:\ProgramData\EMT Internet\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\EMT Internet\EMT Internet.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) D:\Rakendused ja programmid\PowerISO\PWRISOVM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.0_none_36d3ccc3ddfd1ecb\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1736704 2009-12-24] ()
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-10-13] (AVAST Software)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [PWRISOVM.EXE] => D:\Rakendused ja programmid\PowerISO\PWRISOVM.EXE [377368 2014-03-30] (Power Software Ltd)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2014-08-04] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\Run: [Free Download Manager] => "D:\Rakendused ja programmid\Free Download Manager\fdm.exe" --minimized
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\MountPoints2: {1cc5d2ba-363f-11e6-b91f-9ccf0d882498} - "I:\AutoRun.exe"
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\MountPoints2: {7a3881f7-3c70-11e6-b927-485b3924ba5d} - "H:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-12] (AVAST Software)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2015-10-28]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2015-10-28]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{356792f2-aa8a-4ed1-9917-3339fbf79259}: [NameServer] 217.71.33.150 217.71.33.151
Tcpip\..\Interfaces\{53477d6e-5c84-4d22-bb54-bad31d479230}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{6f400e71-14fd-4665-9c0b-1757aca25fbe}: [NameServer] 192.98.49.8 192.98.49.9
Tcpip\..\Interfaces\{839004aa-38ba-4419-8d1e-3ed75bd0ff91}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a6f07682-f770-41ea-85b5-472dd7c098e4}: [NameServer] 192.98.49.8 192.98.49.9
Tcpip\..\Interfaces\{a8ad85da-b4fd-4ba3-a021-f909f5a26a2c}: [DhcpNameServer] 217.71.33.151 217.71.33.150
Tcpip\..\Interfaces\{d2766830-6211-437e-ae56-b0a2a0e0bb82}: [NameServer] 192.98.49.8 192.98.49.9

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811005
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1234937191-1451315649-2738984006-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B0BDA3E08-638B-4F33-ADCC-CC91E2169EBB%7D&gp=811006
SearchScopes: HKU\S-1-5-21-1234937191-1451315649-2738984006-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B0BDA3E08-638B-4F33-ADCC-CC91E2169EBB%7D&gp=811006
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Open-EID\esteid-plugin-ie.dll [2015-12-16] (RIA)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File

FireFox:
========
FF DefaultProfile: acej28ex.default
FF ProfilePath: C:\Users\Diana\AppData\Roaming\taskmgr\Profiles\acej28ex.default [not found]
FF ProfilePath: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373 [2017-03-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373 -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373 -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373 -> google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373 -> hxxp://go.mail.ru/distib/ep/?product_id=%7B14CC9A7F-946F-428E-8482-1174A1DE4EF0%7D&gp=811006
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\homepage@mail.ru [2017-03-01]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\search@mail.ru [2017-03-01]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-03-01]
FF Extension: (Flash and Video Download) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-02-24]
FF Extension: (Adblock Plus) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-18]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\features\{76608919-cc2c-4493-96d7-428029ad9bd9}\disableSHA1rollout@mozilla.org.xpi [2017-03-01]
FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\features\{76608919-cc2c-4493-96d7-428029ad9bd9}\tls13-compat-ff51@mozilla.org.xpi [2017-03-01]
FF SearchPlugin: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml [2017-03-01]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: (Firefox PKCS11 loader) - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2016-06-30]
FF HKLM-x32\...\Firefox\Extensions: [AllMyTube@Wondershare.com] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com
FF Extension: (Wondershare AllMyTube) - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com [2014-09-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Open-EID\npesteid-firefox-plugin.dll [2016-01-31] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1234937191-1451315649-2738984006-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Diana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqW6m2Zc67so1TzsJqD6HNL7gVfQJhJUBYqhV7u91X0E0ECx0l9moqxpHjIpvof4xHAYwAIVexziXiiVWFYb0BcpcuXFGiuWfxbBEEHZwfcRUTxNt2kcQdIzeSJh0rwkt_wUTD08OWGTUOww2MF92Q4t_dBV_oyxHSEKkA,,
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqW6m2Zc67so1TzsJqD6HNL7gVfQJhJUBYqhV7u91X0E0ECx0l9moqxpHjIpvof4xHAYwAIVexziXiiZdj4Q4CYRwndgZ_pFLZJIWZLpVNArZ_-Q184SGLTVIHhwIAXsyb2qdiojKslArk8MYjD9zDcCrMvig36kOnFfwg,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Google'i esitlused) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-25]
CHR Extension: (Google'i dokumendid) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-26]
CHR Extension: (Google Drive) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-26]
CHR Extension: (YouTube) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-26]
CHR Extension: (Token signing) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2017-01-25]
CHR Extension: (Google'i arvutustabelid) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-25]
CHR Extension: (Splinter Search) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnhfdmnphmbbjbgppnpcddkefmeokfho [2017-03-02]
CHR Extension: (Wondershare AllMyTube) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccilgmhofdpkfakmalggoiolhbmdcjd [2017-01-25]
CHR Extension: (Võrguühenduseta Google’i dokumendid) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-28]
CHR Extension: (Chrome'i veebipoe maksed) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Gmail) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-28]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gccilgmhofdpkfakmalggoiolhbmdcjd] - C:\ProgramData\Wondershare\AllMyTube\AllMyTube@Wondershare.com.crx [2014-09-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
S3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-12] (AVAST Software)
S2 EMT Internet. RunOuc; C:\Program Files (x86)\EMT Internet\UpdateDog\ouc.exe [655744 2012-09-05] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2105352 2016-01-28] (Electronic Arts)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-02-28] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-07-12] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-07-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108304 2016-07-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-12] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1070904 2016-07-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162904 2016-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S3 atrfiltr; C:\WINDOWS\system32\DRIVERS\atrfiltr.sys [24968 2016-03-08] (Windows ® Win 7 DDK provider)
S3 cxbu0x64; C:\WINDOWS\system32\DRIVERS\cxbu0x64.sys [157848 2015-09-08] (HID Global Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 huawei_wwanecm; C:\WINDOWS\System32\drivers\ew_juwwanecm.sys [239104 2012-09-18] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-03-02] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-02] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-03-02] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc.)
R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [31080 2013-09-03] (Wondershare)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 22:06 - 2017-03-02 22:09 - 00026991 _____ C:\Users\Diana\Desktop\FRST.txt
2017-03-02 22:05 - 2017-03-02 22:06 - 00000000 ____D C:\FRST
2017-03-02 22:04 - 2017-03-02 22:05 - 02423808 _____ (Farbar) C:\Users\Diana\Desktop\FRST64.exe
2017-03-02 21:55 - 2017-03-02 21:55 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\469C6063.sys
2017-03-02 16:46 - 2017-03-02 16:53 - 00003702 _____ C:\Users\Diana\Desktop\Rkill.txt
2017-03-02 16:46 - 2017-03-02 16:46 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Diana\Desktop\iExplore.exe
2017-03-02 16:45 - 2017-03-02 16:45 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Diana\Desktop\rkill.exe.part
2017-03-02 00:31 - 2017-03-02 02:29 - 00000000 ____D C:\Users\Diana\Desktop\mbar
2017-03-02 00:30 - 2017-03-02 00:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Diana\Desktop\mbar-1.09.3.1001.exe
2017-03-02 00:28 - 2017-03-02 00:28 - 00113351 _____ C:\Users\Diana\Desktop\mal.txt
2017-03-01 22:18 - 2017-03-02 22:06 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-01 22:18 - 2017-03-01 22:18 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\448F236D.sys
2017-03-01 22:18 - 2017-03-01 22:18 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-01 22:17 - 2017-03-02 21:55 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-01 22:17 - 2017-03-02 21:55 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-01 22:17 - 2017-03-02 21:54 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 22:16 - 2017-03-01 22:16 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-01 22:16 - 2017-03-01 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 22:16 - 2017-03-01 22:16 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-01 22:16 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-01 22:14 - 2017-03-01 22:16 - 55566792 _____ (Malwarebytes ) C:\Users\Diana\Desktop\mb3-setup-1878.1878-3.0.6.1469.exe
2017-03-01 22:12 - 2017-03-01 22:12 - 00036533 _____ C:\Users\Diana\Desktop\MTB.txt
2017-03-01 22:10 - 2017-03-01 22:11 - 00892416 _____ (Farbar) C:\Users\Diana\Desktop\MiniToolBox.exe
2017-03-01 22:08 - 2017-03-01 22:09 - 00002742 _____ C:\Users\Diana\Desktop\FSS.txt
2017-03-01 22:08 - 2017-03-01 22:08 - 00899584 _____ (Farbar) C:\Users\Diana\Desktop\FSS.exe
2017-03-01 22:03 - 2017-03-01 22:04 - 00852504 _____ C:\Users\Diana\Desktop\SecurityCheck.exe
2017-03-01 16:52 - 2017-03-01 16:52 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-03-01 16:23 - 2017-03-01 16:23 - 00000274 __RSH C:\Users\Diana\ntuser.pol
2017-03-01 01:19 - 2017-03-01 01:19 - 00000000 ____D C:\Users\Diana\AppData\LocalLow\Unity
2017-03-01 01:19 - 2017-03-01 01:19 - 00000000 ____D C:\Users\Diana\AppData\Local\Unity
2017-03-01 01:17 - 2017-03-01 01:24 - 00000000 ____D C:\Users\Diana\AppData\Local\Amigo
2017-03-01 01:15 - 2017-03-01 05:13 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
2017-03-01 01:15 - 2017-03-01 01:15 - 00000274 __RSH C:\ProgramData\ntuser.pol
2017-03-01 01:14 - 2017-03-01 01:25 - 00000000 ____D C:\Users\Diana\AppData\Local\Mail.Ru
2017-03-01 01:14 - 2017-03-01 01:25 - 00000000 ____D C:\Program Files (x86)\Mail.Ru
2017-03-01 01:14 - 2017-03-01 01:14 - 00000000 ____D C:\ProgramData\Mail.Ru
2017-03-01 01:13 - 2017-03-01 01:27 - 00000000 ____D C:\Users\Diana\AppData\Roaming\iset
2017-03-01 01:10 - 2017-03-01 06:40 - 00000000 ____D C:\ProgramData\Plusdax
2017-03-01 01:10 - 2017-03-01 01:10 - 00018432 _____ C:\Users\Diana\AppData\Roaming\Main.dat
2017-03-01 01:10 - 2017-03-01 01:10 - 00000000 ____D C:\ProgramData\Plusdaxs
2017-03-01 01:08 - 2017-03-02 16:32 - 00000310 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-03-01 01:08 - 2017-03-02 02:15 - 00002664 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-03-01 01:08 - 2017-03-01 01:08 - 00140288 _____ C:\Users\Diana\AppData\Roaming\Installer.dat
2017-03-01 01:08 - 2017-03-01 01:08 - 00003492 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-03-01 01:08 - 2017-03-01 01:08 - 00001619 _____ C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2017-03-01 01:08 - 2017-03-01 01:08 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2017-03-01 01:07 - 2017-03-02 00:12 - 00000000 ____D C:\ProgramData\Microleaves
2017-03-01 01:07 - 2017-03-01 08:35 - 00000474 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-03-01 01:07 - 2017-03-01 03:57 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-03-01 01:07 - 2017-03-01 01:07 - 00000000 ____D C:\Users\Diana\AppData\Local\UCBrowser
2017-03-01 01:06 - 2017-03-02 01:15 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-03-01 01:04 - 2017-03-02 00:14 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-01 01:04 - 2017-03-01 01:06 - 00000000 ____D C:\Users\Diana\AppData\Roaming\UCChannel
2017-03-01 01:04 - 2017-03-01 01:04 - 00000884 _____ C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\æģŃ¹.lnk
2017-03-01 01:04 - 2017-03-01 01:04 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Softlink
2017-03-01 01:03 - 2017-03-01 01:04 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Microleaves
2017-03-01 01:03 - 2017-03-01 01:03 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-01 01:03 - 2017-03-01 01:03 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-01 00:38 - 2017-03-02 02:29 - 00000000 _RSHD C:\Users\Diana\AppData\Roaming\taskmgr
2017-03-01 00:38 - 2017-03-01 00:38 - 51878585 _____ C:\Users\Diana\AppData\Roaming\chport.exe
2017-03-01 00:38 - 2017-03-01 00:38 - 00000000 ____D C:\Users\Diana\AppData\Roaming\chportu
2017-03-01 00:37 - 2017-03-01 00:53 - 00000009 _____ C:\Users\Diana\AppData\Roaming\update.dat
2017-03-01 00:37 - 2017-03-01 00:37 - 374428160 _____ C:\Users\Diana\AppData\Roaming\Launcher.dat
2017-03-01 00:27 - 2017-03-01 00:29 - 00000000 ____D C:\Users\Diana\Desktop\Simsi seivid veebruar 2017
2017-02-28 03:07 - 2017-02-28 03:07 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Amazing
2017-02-26 18:49 - 2017-02-26 19:10 - 00000000 ____D C:\Users\Diana\Desktop\Naked
2017-02-21 16:43 - 2017-02-21 17:02 - 00002132 _____ C:\Users\Diana\Desktop\Uus tekstidokument.txt
2017-02-20 22:50 - 2017-02-24 00:22 - 00000000 ____D C:\Users\Diana\AppData\LocalLow\uTorrent
2017-02-18 12:00 - 2017-02-18 12:00 - 00000000 ____D C:\Users\Diana\Desktop\Firefoxi vanad andmed
2017-02-16 06:03 - 2017-02-16 06:03 - 20359768 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-02-13 16:25 - 2017-03-02 16:42 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{82359CF5-EB36-4B97-86A2-A3F28FF84A66}
2017-02-06 23:10 - 2017-02-06 23:15 - 12981875 _____ C:\Users\Diana\Desktop\fishies.flv
2017-02-06 22:57 - 2017-02-06 22:57 - 00002337 _____ C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2017-02-06 22:57 - 2017-02-06 22:57 - 00002129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2017-02-06 22:56 - 2017-02-06 22:56 - 00001365 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2017-02-06 22:56 - 2017-02-06 22:56 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2017-02-06 22:56 - 2017-02-06 22:56 - 00001213 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2017-02-04 20:39 - 2017-02-04 20:39 - 00026753 _____ C:\Users\Diana\Desktop\DxDiagL.txt
2017-02-04 13:49 - 2017-02-04 13:49 - 00073786 _____ C:\Users\Diana\Desktop\DxDiag.txt
2017-02-02 06:02 - 2017-02-02 06:02 - 00001423 _____ C:\Users\Public\Desktop\Video Download Capture.lnk
2017-02-02 06:02 - 2017-02-02 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2017-02-02 06:02 - 2017-01-02 15:01 - 00036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2017-02-02 06:01 - 2017-02-02 06:01 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2017-02-02 06:00 - 2017-02-02 06:02 - 00000000 ____D C:\Users\Diana\AppData\Roaming\Apowersoft
2017-02-02 06:00 - 2017-02-02 06:01 - 00000000 ____D C:\Users\Diana\AppData\Local\Apowersoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 21:56 - 2016-12-26 04:09 - 00000000 ____D C:\Users\Diana\AppData\LocalLow\Mozilla
2017-03-02 21:56 - 2015-10-06 00:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-02 21:53 - 2016-10-13 04:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-02 17:22 - 2016-07-16 08:04 - 03670016 _____ C:\WINDOWS\system32\config\BBI
2017-03-02 16:32 - 2015-12-18 20:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-02 02:40 - 2016-10-13 04:43 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-03-02 02:30 - 2016-07-17 00:53 - 00000000 ____D C:\WINDOWS\et-EE
2017-03-02 02:27 - 2016-10-13 04:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-02 01:56 - 2014-06-03 23:39 - 00000000 ____D C:\Users\Diana\AppData\Roaming\vlc
2017-03-02 00:48 - 2016-11-16 07:47 - 00000000 ____D C:\Users\Diana\Desktop\Instatumblr
2017-03-02 00:33 - 2014-06-21 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-02 00:21 - 2014-12-23 11:59 - 00045056 _____ C:\WINDOWS\system32\acovcnt.exe
2017-03-02 00:16 - 2017-01-25 23:46 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 00:16 - 2014-05-29 02:28 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-02 00:16 - 2014-05-29 02:28 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-01 16:52 - 2016-10-13 04:17 - 00000000 ____D C:\Users\DefaultAppPool
2017-03-01 16:50 - 2010-03-16 15:21 - 00001588 _____ C:\WINDOWS\system32\ServiceFilter.ini
2017-03-01 16:23 - 2016-10-13 04:17 - 00000000 ____D C:\Users\Diana
2017-03-01 01:15 - 2009-07-14 05:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-28 21:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-28 07:25 - 2016-10-29 05:36 - 00000243 _____ C:\Users\Diana\Desktop\CRIMINAL MINDS MATTHEW.txt
2017-02-28 07:24 - 2016-11-18 03:33 - 00002487 _____ C:\Users\Diana\Desktop\GIF.txt
2017-02-26 19:23 - 2014-05-29 02:15 - 00000000 ____D C:\Users\Diana\Desktop\stuffs
2017-02-25 04:42 - 2017-01-05 02:32 - 00000123 _____ C:\Users\Diana\Desktop\FANFIC.txt
2017-02-25 00:34 - 2014-05-29 13:58 - 00000000 ____D C:\Users\Diana\AppData\Roaming\uTorrent
2017-02-16 16:26 - 2014-05-31 22:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-16 06:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 06:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-15 04:10 - 2016-08-21 20:48 - 00000000 ____D C:\Users\Diana\Desktop\awbos
2017-02-13 22:57 - 2016-10-13 04:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-02-12 23:48 - 2014-10-18 19:35 - 00000782 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-02-12 23:48 - 2014-10-18 19:35 - 00000782 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-02-06 22:56 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-02-06 22:56 - 2014-12-06 21:01 - 00000000 ____D C:\ProgramData\NCH Software

==================== Files in the root of some directories =======

2007-06-12 18:34 - 2007-06-12 18:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 17:35 - 2008-05-22 17:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 19:31 - 2009-04-08 19:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 06:45 - 2008-08-12 06:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2017-03-01 00:38 - 2017-03-01 00:38 - 51878585 _____ () C:\Users\Diana\AppData\Roaming\chport.exe
2017-03-01 01:08 - 2017-03-01 01:08 - 0140288 _____ () C:\Users\Diana\AppData\Roaming\Installer.dat
2017-03-01 00:37 - 2017-03-01 00:37 - 374428160 _____ () C:\Users\Diana\AppData\Roaming\Launcher.dat
2017-03-01 01:10 - 2017-03-01 01:10 - 0018432 _____ () C:\Users\Diana\AppData\Roaming\Main.dat
2017-03-01 00:37 - 2017-03-01 00:53 - 0000009 _____ () C:\Users\Diana\AppData\Roaming\update.dat
2017-03-01 00:38 - 2017-03-01 21:45 - 0000004 _____ () C:\Users\Diana\AppData\Roaming\Microsoft\notaut.txt
2014-07-03 02:03 - 2014-11-18 01:22 - 0005632 _____ () C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-06 01:23 - 2015-10-06 01:23 - 0000990 _____ () C:\Users\Diana\AppData\Local\recently-used.xbel
2010-03-16 14:55 - 2009-12-24 14:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-03-16 14:37 - 2010-03-16 14:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-03-16 14:37 - 2010-03-16 14:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
2017-03-01 01:14 - 2017-02-21 21:56 - 4096728 _____ (Mail.Ru) C:\Users\Diana\AppData\Local\Temp\MailRuUpdater.exe
2017-01-22 22:20 - 2017-01-22 22:20 - 0682440 _____ (RIA) C:\Users\Diana\AppData\Local\Temp\Open-EID-3.12.5.1672_x86.exe
2017-01-09 05:18 - 2016-08-14 17:51 - 6937200 _____ (Spotify Ltd) C:\Users\Diana\AppData\Local\Temp\SpotifyUninstall.exe
2017-02-02 06:01 - 2017-02-02 06:01 - 7627311 _____ () C:\Users\Diana\AppData\Local\Temp\tmp24CB.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-02-21 05:39

==================== End of FRST.txt ============================

 

And Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Diana (02-03-2017 22:11:01)
Running from C:\Users\Diana\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-13 02:47:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1234937191-1451315649-2738984006-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1234937191-1451315649-2738984006-503 - Limited - Disabled)
Diana (S-1-5-21-1234937191-1451315649-2738984006-1000 - Administrator - Enabled) => C:\Users\Diana
Guest (S-1-5-21-1234937191-1451315649-2738984006-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1234937191-1451315649-2738984006-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apowersoft Online Launcher version 1.4.6 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.6 - APOWERSOFT LIMITED)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 2.0.40.1319 - eCareme Technologies, Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version:  - )
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Awakening 6 - The Redleaf Forest Collector's Edition (HKLM-x32\...\Awakening 6 - The Redleaf Forest Collector's EditionFinal) (Version: Final - Game-Owl.com)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Chrome Token Signing (x32 Version: 1.0.3.413 - RIA) Hidden
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3509a - CyberLink Corp.)
DigiDoc3 Client (x32 Version: 3.12.3.1466 - RIA) Hidden
Dream Day Wedding Married in Manhattan (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}) (Version:  - Oberon Media)
eID software (HKLM-x32\...\{dcd7f5af-d4bf-400f-93fa-30c76c4f6946}) (Version: 3.12.5.1672 - RIA)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
EMT Internet (HKLM-x32\...\EMT Internet) (Version: 23.009.05.03.337 - Huawei Technologies Co.,Ltd)
EstEID Minidriver (Version: 3.11.0.1175 - RIA) Hidden
EstEID Shell Extension (Version: 3.12.3.1466 - RIA) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Firefox PKCS11 Loader (Version: 3.12.0.1068 - RIA) Hidden
Firefox Token Signing Plugin (x32 Version: 3.12.0.1143 - RIA) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free Video To GIF Maker (HKLM-x32\...\{2C1D31DC-AB15-4D7D-9B2A-4C3001B62805}) (Version: 1.0.0 - Media Freeware)
Game Park Console (HKLM-x32\...\{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1) (Version: 6.2.0.2 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Haunted Hotel - Death Sentence CE 1.0 (HKLM-x32\...\Haunted Hotel - Death Sentence CE 1.0) (Version: 1.0 - Čćšū ķą Cat-A-Cat.NET)
Hidden Expedition 8. Smithsonian Castle CE 1.0 (HKLM-x32\...\Hidden Expedition 8. Smithsonian Castle CE 1.0) (Version: 1.0 - Eipix Entertainment)
ID-card utility (x32 Version: 3.12.4.1226 - RIA) Hidden
IE Token Signing Plugin (Version: 3.12.0.980 - RIA) Hidden
Instagiffer version 1.56 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.56 - Justin Todd)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2021 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Machinarium (HKLM-x32\...\Machinarium) (Version: 11.10.09 - Amanita Design, s.r.o.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Midnight Mysteries 6 -  Ghostwriting Collector's Edition (HKLM-x32\...\Midnight Mysteries 6 -  Ghostwriting Collector's EditionFinal) (Version: Final - Game-Owl.com)
MKV Player 2.1.23 (HKLM-x32\...\MKV Player_is1) (Version:  - )
Mozilla Firefox 51.0.1 (x86 et) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 et)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Web Shield (HKLM\...\mweshield) (Version: 3.0 - My Web Shield) <==== ATTENTION
Open-EID Metapackage (x32 Version: 3.12.5.1672 - RIA) Hidden
Open-EID Uninstaller (x32 Version: 3.12.5.1672 - RIA) Hidden
Open-EID Updater (x32 Version: 3.12.0.1007 - RIA) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Pazera Free Audio Extractor 2.2 (HKLM-x32\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 2.2 - Jacek Pazera)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Piggly (Christmas Edition) demo v1.00 (HKLM-x32\...\Piggly (Christmas Edition) demo_is1) (Version:  - InterAction studios)
Piggly Christmas Edition (HKLM-x32\...\Piggly Christmas Edition_is1) (Version:  - )
Piggly FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1173957}) (Version:  - Oberon Media)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
RipTiger 4.5.4 (HKLM-x32\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.4 - cyan soft ltd)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SoundTaxi Media Suite 4.5.4 (HKLM-x32\...\{EF4C657F-632F-4CED-A220-F4C1C724241C}_is1) (Version: 4.5.4 - cyan soft ltd)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.00 - NCH Software)
The Sims 4 version final (HKLM-x32\...\The Sims 4_is1) (Version: final - Anonymous)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Unity Web Player (HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Video Download Capture V6.1.9 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.1.9 - APOWERSOFT LIMITED)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.58 - NCH Software)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{8EE1E742-A4F1-40AD-B065-CB9220C9A8CC}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live'i sisselogimisabimees (HKLM-x32\...\{244BCCFD-5D56-487F-8910-4AE5D6E8EDF9}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live'i üleslaadimistööriist (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Visual Web Ripper (HKLM-x32\...\{9F691A52-90AC-4223-AB9B-615F22214DB3}_is1) (Version: 2 - Sequentum Pty Ltd)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.148 - Company Inc.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1234937191-1451315649-2738984006-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {0B646760-8222-4620-BD43-174D5DA7404E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0DE91A69-2085-45C6-8A1B-F635C3FE9CD2} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {0E34640A-C83F-479C-B39E-66BE5E92B6F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1A39DAC2-69C7-40AC-9CBF-03DB2033AEE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-25] (Google Inc.)
Task: {1AAC1DA7-078F-4D54-8A89-4990A60AD2E1} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-28] (UCWeb Inc) <==== ATTENTION
Task: {1EEC85CE-468A-45B4-8A24-52384EB745C8} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
Task: {210CBCAC-E6B7-4B3B-AB3A-E931733246BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {22C071C3-2AED-4165-AD16-52DC654D00F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {26668269-60FF-4B7F-B869-DD8BCC21CCDC} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2016-01-31] (RIA)
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {33E8A1CB-B0C5-4539-94E2-75DD0D1A0874} - System32\Tasks\SafeZone scheduled Autoupdate 1468345816 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {346A6C21-FE55-46E2-999C-C39CC175C569} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {36E5FE6E-B1AD-4B88-9223-CCA3493CBDFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B8BC2E0-E5E0-443E-983E-70803AC12B2E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3FCB5053-E6DB-4E8B-B779-4CF84605EFB4} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {43101623-313F-485B-AA89-40DA7A709FAB} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {47830A6C-927A-4B28-B36E-5C809683AD07} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] ()
Task: {591187C5-BB63-4694-B7B0-3C12EEE9F926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-25] (Google Inc.)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {740E7A0C-91A7-4F72-9953-219FFB1DC528} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {77B92A20-F971-4FA4-A33B-BB49FD5E5179} - System32\Tasks\NCH Software\VideoPadDowngrade => C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe [2016-12-13] (NCH Software)
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7F19F222-E50A-4A44-8096-206CE6132DDE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {81935887-9FDB-4A56-90BF-360034ABDAD7} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-28] (UCWeb Inc) <==== ATTENTION
Task: {927DCB6E-7436-418A-91E1-8A87BB755797} - System32\Tasks\{F0EF8B8E-7C97-4DE4-93A8-29A6C3BE32F4} => pcalua.exe -a C:\Users\Diana\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt
Task: {9C636636-3AE4-47E8-935E-3BABF8F57AA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9CDE8884-1DCF-4599-A7B8-5F5BE1C4FB9D} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-06] (ATK)
Task: {A86DBA4D-D855-4FDF-86F0-8D0830D3F83B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9BE0092-9E5F-4DED-81A3-12FC5C40C6E6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AA8A7F9E-8975-4436-A8CE-AF9D39E6472E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B293A005-FA35-400B-8980-983BB92EA6CD} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeNowTask => %SystemRoot%\System32\GWX\GWXUXWorker.exe
Task: {BC4BF4C9-B4FD-4FD5-9008-838A448593BD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD75B59E-9B99-4C94-9CCC-1448A49AB783} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BF022F96-5649-4682-95D3-BEFBE937C341} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {C15913FD-58CF-4797-8BA8-A2E1B0D340C3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {DCD069A5-74EA-4267-A586-4110BC35399E} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-03-01] (UC Web Inc.) <==== ATTENTION
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {E44187A7-17E6-4D90-8272-640EA7A4A784} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-12] (AVAST Software)
Task: {E6B6B54A-FE07-4D0D-A009-FD6018417D8B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {E8EEA1C2-E9D2-46AA-897D-4B8E084DE3B8} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Diana\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F0E48735-6C64-4799-8178-AEDF21232201} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {F763180E-A9FC-43E9-B2DC-C4ABBCD17EE1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F8BAF5A2-9BD4-43F9-A1E6-1C63AFEB4E5D} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Diana\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

ShortcutWithArgument: C:\Users\Diana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\Users\Diana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> 

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2010-03-16 15:14 - 2007-08-08 09:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2017-03-01 01:07 - 2017-02-28 09:37 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2014-05-29 02:20 - 2012-09-05 03:55 - 00655744 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\ouc.exe
2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-03-16 15:21 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-01-05 02:43 - 2010-01-05 02:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2009-12-23 22:12 - 2009-12-23 22:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-19 04:11 - 2009-12-19 04:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-03-16 15:14 - 2007-03-10 03:58 - 00124416 _____ () C:\Program Files\ATKGFNEX\AGFNEX64.dll
2009-11-24 22:45 - 2009-11-24 22:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2008-08-14 05:59 - 2008-08-14 05:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2009-12-30 05:02 - 2009-12-30 05:02 - 00148752 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll
2016-10-13 04:20 - 2016-10-13 04:20 - 00029968 _____ () C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3650.22026__0d0f4b69e50e559b\SqliteShared.dll
2016-10-13 04:20 - 2016-10-13 04:20 - 00931840 _____ () C:\WINDOWS\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-05-29 02:19 - 2014-05-29 02:19 - 00515072 _____ () C:\Program Files (x86)\EMT Internet\EMT Internet.exe
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 13:43 - 2016-07-16 13:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 13:43 - 2016-07-17 00:56 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 13:43 - 2016-07-17 00:56 - 01400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 13:43 - 2016-07-17 00:56 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 13:43 - 2016-07-17 00:56 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 13:43 - 2016-07-17 00:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-12-24 12:25 - 2009-12-24 12:25 - 01736704 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2017-03-01 22:16 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 22:16 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-01 22:16 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2015-09-11 18:01 - 2015-09-11 18:01 - 31958688 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-07-17 00:59 - 2016-07-17 00:59 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-07-17 00:59 - 2016-07-17 00:59 - 00157184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-07-17 00:59 - 2016-07-17 00:59 - 29443072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-03 01:04 - 2017-02-01 11:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-03 01:04 - 2017-02-01 11:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-02 01:15 - 2017-02-28 09:59 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
2016-07-12 14:22 - 2016-07-12 14:22 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-02 16:37 - 2017-03-02 16:37 - 05989584 _____ () C:\Program Files\AVAST Software\Avast\defs\17030201\algo.dll
2016-07-12 14:22 - 2016-07-12 14:22 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-05-29 02:20 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\mingwm10.dll
2014-05-29 02:20 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2014-05-29 02:20 - 2010-07-23 06:58 - 02415104 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QtCore4.dll
2014-05-29 02:20 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QtNetwork4.dll
2014-05-29 02:20 - 2012-09-05 03:55 - 00843264 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QueryStrategy.dll
2014-05-29 02:20 - 2010-02-10 16:06 - 00398336 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QtXml4.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00518144 _____ () C:\Program Files (x86)\EMT Internet\core.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00286720 _____ () C:\Program Files (x86)\EMT Internet\sdk.dll
2014-05-29 02:19 - 2010-02-10 16:43 - 09515520 _____ () C:\Program Files (x86)\EMT Internet\QtGui4.dll
2014-05-29 02:19 - 2010-07-23 06:58 - 02415104 _____ () C:\Program Files (x86)\EMT Internet\QtCore4.dll
2014-05-29 02:19 - 2009-01-10 12:32 - 00011362 _____ () C:\Program Files (x86)\EMT Internet\mingwm10.dll
2014-05-29 02:19 - 2009-06-22 20:42 - 00043008 _____ () C:\Program Files (x86)\EMT Internet\libgcc_s_dw2-1.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00405504 _____ () C:\Program Files (x86)\EMT Internet\Proxy.DLL
2014-05-29 02:19 - 2012-08-06 09:04 - 00628224 _____ () C:\Program Files (x86)\EMT Internet\Common.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00157184 _____ () C:\Program Files (x86)\EMT Internet\Trace.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00583168 _____ () C:\Program Files (x86)\EMT Internet\PluginContainer.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00646144 _____ () C:\Program Files (x86)\EMT Internet\AtCodec.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00729088 _____ () C:\Program Files (x86)\EMT Internet\DeviceSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00195584 _____ () C:\Program Files (x86)\EMT Internet\XCodec.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00241152 _____ () C:\Program Files (x86)\EMT Internet\NetSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00164864 _____ () C:\Program Files (x86)\EMT Internet\OSDialup.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00155136 _____ () C:\Program Files (x86)\EMT Internet\DataServicePlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00177152 _____ () C:\Program Files (x86)\EMT Internet\CallSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00672768 _____ () C:\Program Files (x86)\EMT Internet\AddrBookSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00219648 _____ () C:\Program Files (x86)\EMT Internet\SmsSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00142336 _____ () C:\Program Files (x86)\EMT Internet\USSDSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00157184 _____ () C:\Program Files (x86)\EMT Internet\STKSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00730624 _____ () C:\Program Files (x86)\EMT Internet\DeviceAppPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00065536 _____ () C:\Program Files (x86)\EMT Internet\OSPowerMgr.dll
2014-05-29 02:19 - 2012-06-06 03:22 - 00155648 _____ () C:\Program Files (x86)\EMT Internet\Win7Support.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 01124352 _____ () C:\Program Files (x86)\EMT Internet\AddrBookPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00704000 _____ () C:\Program Files (x86)\EMT Internet\SmsAppPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00187392 _____ () C:\Program Files (x86)\EMT Internet\CallAppPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00569344 _____ () C:\Program Files (x86)\EMT Internet\CallLogSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00158720 _____ () C:\Program Files (x86)\EMT Internet\NetConnectSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00236032 _____ () C:\Program Files (x86)\EMT Internet\DialUpPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00102400 _____ () C:\Program Files (x86)\EMT Internet\OSAdapt.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00201216 _____ () C:\Program Files (x86)\EMT Internet\NDISPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00131584 _____ () C:\Program Files (x86)\EMT Internet\OSNDIS.dll
2014-05-29 02:19 - 2012-07-27 08:53 - 01114112 _____ () C:\Program Files (x86)\EMT Internet\NDISAPI.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00702464 _____ () C:\Program Files (x86)\EMT Internet\NetInfoSrvPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00062976 _____ () C:\Program Files (x86)\EMT Internet\OSCall.dll
2014-05-29 02:19 - 2012-06-06 03:22 - 00224256 _____ () C:\Program Files (x86)\EMT Internet\tdpcvoice.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00581120 _____ () C:\Program Files (x86)\EMT Internet\DeviceMgrUIPlugin.dll
2014-05-29 02:19 - 2010-02-10 16:06 - 00398336 _____ () C:\Program Files (x86)\EMT Internet\QtXml4.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00270848 _____ () C:\Program Files (x86)\EMT Internet\XFramePlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00168960 _____ () C:\Program Files (x86)\EMT Internet\ATR2SMgr.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00323584 _____ () C:\Program Files (x86)\EMT Internet\StatusBarMgrPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00359936 _____ () C:\Program Files (x86)\EMT Internet\NetConnectPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:05 - 00592896 _____ () C:\Program Files (x86)\EMT Internet\DialupUIPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00097792 _____ () C:\Program Files (x86)\EMT Internet\NotifyServicePlugin.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00117248 _____ () C:\Program Files (x86)\EMT Internet\LayoutPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:08 - 00119296 _____ () C:\Program Files (x86)\EMT Internet\ConnectMgrUIPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00330752 _____ () C:\Program Files (x86)\EMT Internet\MenuMgrPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:07 - 00302592 _____ () C:\Program Files (x86)\EMT Internet\DiagnosisPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:07 - 00493568 _____ () C:\Program Files (x86)\EMT Internet\NetInfoUIExPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00854528 _____ () C:\Program Files (x86)\EMT Internet\SMSUIPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00818688 _____ () C:\Program Files (x86)\EMT Internet\AddrBookUIPlugin.dll
2014-05-29 02:19 - 2012-08-06 09:06 - 00219648 _____ () C:\Program Files (x86)\EMT Internet\ToolBarMgrPlugin.dll
2014-05-29 02:19 - 2012-09-05 03:55 - 00694272 _____ () C:\Program Files (x86)\EMT Internet\LiveUpdateInterface.DLL
2014-05-29 02:19 - 2010-02-10 16:10 - 01148416 _____ () C:\Program Files (x86)\EMT Internet\QtNetwork4.dll
2014-05-29 02:19 - 2012-06-06 03:21 - 00082944 _____ () C:\Program Files (x86)\EMT Internet\plugins\imageformats\qgif4.dll
2014-05-29 02:19 - 2012-06-06 03:21 - 00081920 _____ () C:\Program Files (x86)\EMT Internet\plugins\imageformats\qico4.dll
2014-05-29 02:19 - 2012-06-06 03:21 - 00192000 _____ () C:\Program Files (x86)\EMT Internet\plugins\imageformats\qjpeg4.dll
2014-05-29 02:19 - 2012-06-06 03:21 - 00350720 _____ () C:\Program Files (x86)\EMT Internet\plugins\imageformats\qmng4.dll
2014-05-29 02:19 - 2012-06-06 03:21 - 00370176 _____ () C:\Program Files (x86)\EMT Internet\plugins\imageformats\qtiff4.dll
2016-07-12 14:23 - 2016-07-12 14:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-15 07:08 - 2015-09-15 07:08 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-09-15 07:08 - 2015-09-15 07:08 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-09-15 07:08 - 2015-09-15 07:08 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2007-06-15 19:28 - 2007-06-15 19:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-02 02:08 - 2007-06-02 02:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2014-05-29 02:19 - 2012-09-05 03:55 - 01545088 _____ () C:\Program Files (x86)\EMT Internet\UpdateDog\LiveUpd.exe
2014-05-29 02:19 - 2009-01-10 12:32 - 00011362 _____ () C:\Program Files (x86)\EMT Internet\UpdateDog\mingwm10.dll
2014-05-29 02:19 - 2009-06-22 20:42 - 00043008 _____ () C:\Program Files (x86)\EMT Internet\UpdateDog\libgcc_s_dw2-1.dll
2014-05-29 02:19 - 2010-07-23 06:58 - 02415104 _____ () C:\Program Files (x86)\EMT Internet\UpdateDog\QtCore4.dll
2014-05-29 02:19 - 2010-02-10 16:43 - 09515520 _____ () C:\Program Files (x86)\EMT Internet\UpdateDog\QtGui4.dll
2014-05-29 02:19 - 2010-02-10 16:10 - 01148416 _____ () C:\Program Files (x86)\EMT Internet\UpdateDog\QtNetwork4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1496610]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1221154]
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6 [266]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-06-06 11:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Viewer\Windowsi fotovaaturi taustpilt.jpg
DNS Servers: 192.98.49.8 - 192.98.49.9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Diana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKLM\...\StartupApproved\StartupFolder: => "FancyStart daemon.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SRS Premium Sound.lnk"
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{DAA9CA56-F206-482F-87F3-84F68E7407F5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A2A2B9A5-15A1-4211-BFBA-A81239452CBF}] => (Allow) svchost.exe
FirewallRules: [{1D0435A7-2216-43D9-8A5B-F6803FD79DD9}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{83C7E5B5-86D0-4A7E-BFFE-E915402D53F3}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{E0EA93F8-05E0-4D5E-8429-31F73AE4D21A}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{62BD564E-65A0-4CA6-97AC-7788F7B99BCA}C:\users\diana\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\diana\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{83DAC873-AF83-40EA-9943-B687D6B0E110}C:\users\diana\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\diana\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{26D6A040-58A5-473B-8687-54D3DB15CDB6}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{4AC700F1-E900-4245-82F7-54E68DD675FD}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{F1462DA7-FF73-41D3-A168-38477ABA3376}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{6FBA1E84-8561-4837-A1E3-036F52740AAB}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [{BD433340-C572-45DA-B83F-4497BDF2911C}] => (Allow) D:\Rakendused ja programmid\4\VsoDownloader.exe
FirewallRules: [{EFA6767B-754E-4A7E-947D-3C7614F551A5}] => (Allow) D:\Rakendused ja programmid\4\VsoDownloader.exe
FirewallRules: [{E0F3A1B9-C989-496D-83FD-F8598B62742F}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{C45D53C3-BED2-427D-85F2-9C6A262D51A2}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{2A50671F-6215-4A6B-B040-A1E3DBA6EC23}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{79F45DE1-C63B-4B6B-BF26-C957DCE448A3}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [TCP Query User{C1936ECA-B4E0-4821-9DD5-65D63B3B2BA4}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe
FirewallRules: [UDP Query User{D40600BC-F0B1-46BC-9F1A-39F5687633E0}C:\program files (x86)\wondershare\allmytube\allmytube.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\allmytube.exe
FirewallRules: [TCP Query User{0D66586E-B84F-4FE1-A488-17DDB1863E68}C:\program files (x86)\wondershare\allmytube\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\urlreqservice.exe
FirewallRules: [UDP Query User{165903D8-6041-4262-9205-2CA1BD293ED3}C:\program files (x86)\wondershare\allmytube\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\urlreqservice.exe
FirewallRules: [{FE6B2AB6-C2AD-47EB-B0ED-F541CB5F884B}] => (Allow) D:\Rakendused ja programmid\RipTiger\RipTiger.exe
FirewallRules: [{0F0B45EC-8DE4-4EB0-A35C-B483AFD99930}] => (Allow) D:\Rakendused ja programmid\RipTiger\RipTiger.exe
FirewallRules: [{2D6F1BA9-CE70-4DF1-93BD-250B9626E72E}] => (Allow) D:\Rakendused ja programmid\RipTiger\HTTPDownloaderApp.exe
FirewallRules: [{0CD45A17-9C71-4B0B-9A4C-6EA333C97135}] => (Allow) D:\Rakendused ja programmid\RipTiger\HTTPDownloaderApp.exe
FirewallRules: [{F7AFE7C8-ADC4-4EBE-9E4D-8D2357A959BD}] => (Allow) D:\Rakendused ja programmid\RipTiger\RTMPDownloaderApp.exe
FirewallRules: [{879338FF-ED54-47ED-A49B-841FB6DCFE25}] => (Allow) D:\Rakendused ja programmid\RipTiger\RTMPDownloaderApp.exe
FirewallRules: [{F23263CA-F259-491E-AC3B-DC334BCA4829}] => (Allow) D:\Rakendused ja programmid\RipTiger\VideoDownloadApp_RTMP.exe
FirewallRules: [{33D00554-25B7-478D-BB5F-EE731221CEA7}] => (Allow) D:\Rakendused ja programmid\RipTiger\VideoDownloadApp_RTMP.exe
FirewallRules: [{D8A04864-D3E6-4B14-B1DB-E3BE6BF2B8EE}] => (Allow) D:\Rakendused ja programmid\RipTiger\MMSDownloaderApp.exe
FirewallRules: [{C43F41A5-559B-484A-B705-27B2CAC6A547}] => (Allow) D:\Rakendused ja programmid\RipTiger\MMSDownloaderApp.exe
FirewallRules: [{2BC8BBCF-7488-49B9-BE0E-A6E0B37441E4}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{5D882366-3F56-4110-8DF4-AAABDFFD4981}] => (Allow) C:\Program Files (x86)\RipTiger\RipTiger.exe
FirewallRules: [{14F59783-122C-4195-B276-32BEC63ABF29}] => (Allow) C:\Program Files (x86)\RipTiger\HTTPDownloaderApp.exe
FirewallRules: [{7835FD03-21CC-44E6-8C5D-D153C3DEF866}] => (Allow) C:\Program Files (x86)\RipTiger\HTTPDownloaderApp.exe
FirewallRules: [{B6996CF8-5EDF-4412-9E00-B20B0892B272}] => (Allow) C:\Program Files (x86)\RipTiger\RTMPDownloaderApp.exe
FirewallRules: [{5D980ABE-95B5-486A-8FA9-7248E3D7B92D}] => (Allow) C:\Program Files (x86)\RipTiger\RTMPDownloaderApp.exe
FirewallRules: [{478762BB-A751-4D19-A9E0-4521991047DF}] => (Allow) C:\Program Files (x86)\RipTiger\VideoDownloadApp_RTMP.exe
FirewallRules: [{97528251-BA8F-446A-99B7-2D6BD36BDC60}] => (Allow) C:\Program Files (x86)\RipTiger\VideoDownloadApp_RTMP.exe
FirewallRules: [{01A74C03-6509-46AD-A9B5-E339454E5967}] => (Allow) C:\Program Files (x86)\RipTiger\MMSDownloaderApp.exe
FirewallRules: [{FAC4DCD9-9A9F-40E2-B306-82AF6636FBDB}] => (Allow) C:\Program Files (x86)\RipTiger\MMSDownloaderApp.exe
FirewallRules: [TCP Query User{3EF4040C-C968-4DD6-A6A6-B32AC65DB8FC}C:\program files (x86)\wondershare\allmytube\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\urlreqservice.exe
FirewallRules: [UDP Query User{361DD911-0214-4733-BE90-E1C8B4DB145B}C:\program files (x86)\wondershare\allmytube\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\allmytube\urlreqservice.exe
FirewallRules: [{6BF68047-7F74-4DCE-BECA-D5573B6AFC62}] => (Allow) C:\Users\Diana\AppData\Local\Temp\nsw4252.tmp\CnetInstaller-75989970.exe
FirewallRules: [{68661CA8-613A-4658-928B-F2F8ED7AF988}] => (Allow) C:\Users\Diana\AppData\Local\Temp\nsw4252.tmp\CnetInstaller-75989970.exe
FirewallRules: [{DCC9ADDA-75F1-4997-8B76-BA05FDCAF1FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0493024A-A746-4828-9337-0D1D38756871}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DCBA736B-5895-4D5D-9855-C8E58402FC40}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{809196AF-F23D-4167-8224-468274BCF8E2}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5A9FA133-434D-44B4-A45C-8B7254703CF3}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [UDP Query User{32524556-BFFC-46D1-A875-317988EFC8A6}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [TCP Query User{A21CACDE-2D51-4916-8392-1619A43F9C0C}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [UDP Query User{7A6B667D-85AF-4F2B-9B33-FF57B9D48B10}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Block) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe
FirewallRules: [{DFD584C3-CB39-4DF5-88B1-573F3F4B3CF9}] => (Allow) D:\Mängud\Simsid\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\The.Sims.4.Launcher.exe
FirewallRules: [{B2042618-1416-4BB8-B91F-ECA47F9EB4DA}] => (Allow) D:\Mängud\Simsid\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\The.Sims.4.Launcher.exe
FirewallRules: [TCP Query User{30D719B4-42B7-4C3B-A57E-DCD87B5D660D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F4D633A0-192E-4AFA-B1BA-087C5AAC624B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8C42B516-D4A9-4B32-BC93-3C3E4771EA58}] => (Allow) D:\Mängud\PigglyXmasdemoInstaller100-64913650.exe
FirewallRules: [{0A7085D4-C5EC-4BFF-97E7-2667F538DE32}] => (Allow) D:\Mängud\PigglyXmasdemoInstaller100-64913650.exe
FirewallRules: [{6EE423A2-267C-4B98-AED2-6FB6BB7D3673}] => (Allow) C:\Users\Diana\Desktop\TempFileCleaner_4.4.0_Setup-70716487.exe
FirewallRules: [{A33BF1E1-DE6D-40F9-A192-E0C25FE589D0}] => (Allow) C:\Users\Diana\Desktop\TempFileCleaner_4.4.0_Setup-70716487.exe
FirewallRules: [{67D37F0D-FC77-42E3-9AF2-E3A55D8A531D}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EDFCED01-6EE9-4EFE-A100-26CA6C1AA23E}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{B68EC7B3-6F2A-4573-80D5-F62D4CF886A5}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{4119BE46-28F0-4083-B18B-EA82722BEF2F}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{49F33304-C3DA-482A-AB9F-64B07B8BD5B5}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C29FEECF-11AB-4793-8CBF-E4D933A5DC3C}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5ADB6FB-5117-4050-9CAD-A53FA14B25FB}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{36A86849-ABC4-4E6B-A252-494790358C09}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1BB6BFFD-7904-4589-BF5E-6FDA44EA577E}] => (Allow) C:\Users\Diana\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A1B53B4-B3DD-497A-9BA9-6036D03BCB44}] => (Allow) C:\Users\Diana\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
FirewallRules: [{51D641A1-C8EC-4260-B09F-199668ED8A4F}] => (Allow) C:\Users\Diana\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
FirewallRules: [{09DF9BC6-6A5B-443B-BBCA-EDA8EC315FF2}] => (Allow) C:\Users\Diana\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe
FirewallRules: [{06A2D57C-6E4B-4681-84C8-1CF9A9D6F8A2}] => (Allow) C:\Users\Diana\AppData\Local\Apowersoft\Online Video Downloader\Online Video Downloader.exe
FirewallRules: [{A9A0EBAC-1FA0-4F57-817C-7D8BE39D0026}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{A902A37A-9522-4E7F-AD25-AB351CF8D7AB}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{3DD59969-08E4-42E4-90CD-1A0F66BB18E1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
FirewallRules: [{19010DA8-99EA-4AD3-8A18-907DFC058A62}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
FirewallRules: [{27AD5319-E4F9-4382-BE77-D2727A88E794}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DC43D0FF-2F78-41FE-ACFB-6157F6938284}] => (Allow) C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{69EB20FE-1A8A-4C83-8320-E10D1CA10F01}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{070C9E79-DF67-40F7-815C-D13BEE8F5457}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{8D4B70DE-6BA1-4EB7-82CC-F82DD71D2D08}] => (Allow) 㩃啜敳獲䑜慩慮䅜灰慄慴剜慯業杮楜敳屴獩瑥攮數
FirewallRules: [{B43FCB6F-F888-45C1-99CC-59FBC1AE5C5D}] => (Allow) 㩃啜敳獲䑜慩慮䅜灰慄慴剜慯業杮楜敳屴畒䍮⹃硥e
FirewallRules: [{56305173-F116-46FE-9699-CB8E8950784F}] => (Allow) C:\Users\Diana\AppData\Local\Amigo\Application\amigo.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2017 09:56:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub aktiveerimine nurjus tõrkega: -2147009284. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/02/2017 09:55:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Tõrkuv rakendus: mbamservice.exe, versioon: 3.1.0.415, ajatempel: 0x5881b7a1
Tõrkuva mooduli nimi: ntdll.dll, versioon: 10.0.14393.0, ajatempel 0x578997b2
Erandi kood 0xc0000005
Tõrke nihe 0x000000000002f21b
Tõrkuva protsessi ID 0xa80
Tõrkuva rakenduse käivitumisaeg: 0x01d2938eb139706d
Tõrkuva rakenduse tee: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Tõrkuva mooduli tee: C:\WINDOWS\SYSTEM32\ntdll.dll
Aruande ID: c687591d-3169-40a1-8939-ced15276e50b
Tõrkuva paketi täisnimi:
Tõrkuva paketiga seotud rakenduse ID:

Error: (03/02/2017 04:40:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App aktiveerimine nurjus tõrkega: -2147023673. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/02/2017 04:35:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub aktiveerimine nurjus tõrkega: -2147009284. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/02/2017 12:23:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktiveerimine nurjus tõrkega: -2147023170. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/02/2017 12:23:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktiveerimine nurjus tõrkega: -2147023170. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/02/2017 12:23:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktiveerimine nurjus tõrkega: -2147023170. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/02/2017 12:23:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI aktiveerimine nurjus tõrkega: -2144927142. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/02/2017 12:22:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub aktiveerimine nurjus tõrkega: -2147009284. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.

Error: (03/01/2017 11:59:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Diana-PC)
Description: Rakenduse Microsoft.WindowsStore_8wekyb3d8bbwe!App aktiveerimine nurjus tõrkega: -2144927141. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (03/02/2017 09:55:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Malwarebytes Service teenus lõpetati ootamatult.  See on teinud seda 1 kord(a).

Error: (03/02/2017 09:54:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/02/2017 09:54:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/02/2017 09:54:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/02/2017 09:54:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/02/2017 09:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Teenuse EMT Internet. RunOuc käivitamine nurjus järgmise tõrke tõttu:
The service did not respond to the start or control request in a timely fashion.

Error: (03/02/2017 09:53:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) EMT Internet. RunOuc.

Error: (03/02/2017 09:53:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Teenus NetTcpActivator sõltub teenusest NetTcpPortSharing, mille käivitamine nurjus järgmise tõrke tõttu.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/02/2017 04:38:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Teenus Delivery Optimization hangus käivitamisel.

Error: (03/02/2017 04:33:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-03-01 04:28:50.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-01 04:28:50.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 67%
Total physical RAM: 4061.08 MB
Available physical RAM: 1302.2 MB
Total Virtual: 8157.08 MB
Available Virtual: 5141.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:116 GB) (Free:62.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:121.51 GB) NTFS
Drive i: (EMT Internet) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

Waiting for further instructions now... thanks.


Edited by hamluis, 02 March 2017 - 04:42 PM.


BC AdBot (Login to Remove)

 


#2 sinine

sinine
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 03 March 2017 - 08:46 AM

anyone?? My laptop's still acting up.

edit: I'm sorry I just read it can take 5 days to reply.


Edited by sinine, 03 March 2017 - 08:54 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 03 March 2017 - 10:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I was working on your logs when you posted. There it is.

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
My Web Shield (HKLM\...\mweshield) (Version: 3.0 - My Web Shield) <==== ATTENTION
Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.148 - Company Inc.) <==== ATTENTION
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811005
SearchScopes: HKU\S-1-5-21-1234937191-1451315649-2738984006-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B0BDA3E08-638B-4F33-ADCC-CC91E2169EBB%7D&gp=811006
SearchScopes: HKU\S-1-5-21-1234937191-1451315649-2738984006-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B0BDA3E08-638B-4F33-ADCC-CC91E2169EBB%7D&gp=811006
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
FF ProfilePath: C:\Users\Diana\AppData\Roaming\taskmgr\Profiles\acej28ex.default [not found]
FF Keyword.URL: Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373 -> hxxp://go.mail.ru/distib/ep/?product_id=%7B14CC9A7F-946F-428E-8482-1174A1DE4EF0%7D&gp=811006
FF Extension: (???????? ???????? Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\homepage@mail.ru [2017-03-01]
FF Extension: (?????@Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\search@mail.ru [2017-03-01]
FF Extension: (?????????? ???????? @Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-03-01]
FF SearchPlugin: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml [2017-03-01]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqW6m2Zc67so1TzsJqD6HNL7gVfQJhJUBYqhV7u91X0E0ECx0l9moqxpHjIpvof4xHAYwAIVexziXiiVWFYb0BcpcuXFGiuWfxbBEEHZwfcRUTxNt2kcQdIzeSJh0rwkt_wUTD08OWGTUOww2MF92Q4t_dBV_oyxHSEKkA,,
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqW6m2Zc67so1TzsJqD6HNL7gVfQJhJUBYqhV7u91X0E0ECx0l9moqxpHjIpvof4xHAYwAIVexziXiiZdj4Q4CYRwndgZ_pFLZJIWZLpVNArZ_-Q184SGLTVIHhwIAXsyb2qdiojKslArk8MYjD9zDcCrMvig36kOnFfwg,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Extension: (Chrome'i veebipoe maksed) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-28]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
U3 idsvc; no ImagePath
Task: {0B646760-8222-4620-BD43-174D5DA7404E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0E34640A-C83F-479C-B39E-66BE5E92B6F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1AAC1DA7-078F-4D54-8A89-4990A60AD2E1} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-28] (UCWeb Inc) <==== ATTENTION
Task: {1EEC85CE-468A-45B4-8A24-52384EB745C8} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
Task: {210CBCAC-E6B7-4B3B-AB3A-E931733246BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {22C071C3-2AED-4165-AD16-52DC654D00F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {346A6C21-FE55-46E2-999C-C39CC175C569} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {36E5FE6E-B1AD-4B88-9223-CCA3493CBDFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B8BC2E0-E5E0-443E-983E-70803AC12B2E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7F19F222-E50A-4A44-8096-206CE6132DDE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {81935887-9FDB-4A56-90BF-360034ABDAD7} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-28] (UCWeb Inc) <==== ATTENTION
Task: {927DCB6E-7436-418A-91E1-8A87BB755797} - System32\Tasks\{F0EF8B8E-7C97-4DE4-93A8-29A6C3BE32F4} => pcalua.exe -a C:\Users\Diana\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt
Task: {9C636636-3AE4-47E8-935E-3BABF8F57AA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A86DBA4D-D855-4FDF-86F0-8D0830D3F83B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9BE0092-9E5F-4DED-81A3-12FC5C40C6E6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {BC4BF4C9-B4FD-4FD5-9008-838A448593BD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD75B59E-9B99-4C94-9CCC-1448A49AB783} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C15913FD-58CF-4797-8BA8-A2E1B0D340C3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DCD069A5-74EA-4267-A586-4110BC35399E} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-03-01] (UC Web Inc.) <==== ATTENTION
Task: {F763180E-A9FC-43E9-B2DC-C4ABBCD17EE1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
2017-03-02 01:15 - 2017-02-28 09:59 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1496610]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1221154]
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6 [266]
FirewallRules: [TCP Query User{F1462DA7-FF73-41D3-A168-38477ABA3376}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{6FBA1E84-8561-4837-A1E3-036F52740AAB}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [{B68EC7B3-6F2A-4573-80D5-F62D4CF886A5}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{56305173-F116-46FE-9699-CB8E8950784F}] => (Allow) C:\Users\Diana\AppData\Local\Amigo\Application\amigo.exe
C:\Program Files (x86)\UCBrowser
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\search@mail.ru
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml
C:\WINDOWS\System32\drivers:ucdrv-x64.sys
C:\Program Files (x86)\FreeFileViewer
C:\Users\Diana\AppData\Roaming\oursurfing
C:\program files (x86)\torntv.com
C:\Users\Diana\AppData\Local\Amigo

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

Please let me know what problem persists with this computer.

#4 sinine

sinine
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 03 March 2017 - 05:32 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Diana (03-03-2017 23:50:56) Run:1
Running from C:\Users\Diana\Desktop
Loaded Profiles: Diana (Available Profiles: Diana & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811005
SearchScopes: HKU\S-1-5-21-1234937191-1451315649-2738984006-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B0BDA3E08-638B-4F33-ADCC-CC91E2169EBB%7D&gp=811006
SearchScopes: HKU\S-1-5-21-1234937191-1451315649-2738984006-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B0BDA3E08-638B-4F33-ADCC-CC91E2169EBB%7D&gp=811006
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
FF ProfilePath: C:\Users\Diana\AppData\Roaming\taskmgr\Profiles\acej28ex.default [not found]
FF Keyword.URL: Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373 -> hxxp://go.mail.ru/distib/ep/?product_id=%7B14CC9A7F-946F-428E-8482-1174A1DE4EF0%7D&gp=811006
FF Extension: (???????? ???????? Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\homepage@mail.ru [2017-03-01]
FF Extension: (?????@Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\search@mail.ru [2017-03-01]
FF Extension: (?????????? ???????? @Mail.Ru) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-03-01]
FF SearchPlugin: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml [2017-03-01]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxps://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqW6m2Zc67so1TzsJqD6HNL7gVfQJhJUBYqhV7u91X0E0ECx0l9moqxpHjIpvof4xHAYwAIVexziXiiVWFYb0BcpcuXFGiuWfxbBEEHZwfcRUTxNt2kcQdIzeSJh0rwkt_wUTD08OWGTUOww2MF92Q4t_dBV_oyxHSEKkA,,
CHR DefaultSearchURL: Default -> hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrqW6m2Zc67so1TzsJqD6HNL7gVfQJhJUBYqhV7u91X0E0ECx0l9moqxpHjIpvof4xHAYwAIVexziXiiZdj4Q4CYRwndgZ_pFLZJIWZLpVNArZ_-Q184SGLTVIHhwIAXsyb2qdiojKslArk8MYjD9zDcCrMvig36kOnFfwg,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Extension: (Chrome'i veebipoe maksed) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-28]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATTENTION
U3 idsvc; no ImagePath
Task: {0B646760-8222-4620-BD43-174D5DA7404E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0E34640A-C83F-479C-B39E-66BE5E92B6F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1AAC1DA7-078F-4D54-8A89-4990A60AD2E1} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-28] (UCWeb Inc) <==== ATTENTION
Task: {1EEC85CE-468A-45B4-8A24-52384EB745C8} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2015-12-30] (Bitberry Software) <==== ATTENTION
Task: {210CBCAC-E6B7-4B3B-AB3A-E931733246BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {22C071C3-2AED-4165-AD16-52DC654D00F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {346A6C21-FE55-46E2-999C-C39CC175C569} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {36E5FE6E-B1AD-4B88-9223-CCA3493CBDFE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B8BC2E0-E5E0-443E-983E-70803AC12B2E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7F19F222-E50A-4A44-8096-206CE6132DDE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {81935887-9FDB-4A56-90BF-360034ABDAD7} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-28] (UCWeb Inc) <==== ATTENTION
Task: {927DCB6E-7436-418A-91E1-8A87BB755797} - System32\Tasks\{F0EF8B8E-7C97-4DE4-93A8-29A6C3BE32F4} => pcalua.exe -a C:\Users\Diana\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=amt
Task: {9C636636-3AE4-47E8-935E-3BABF8F57AA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A86DBA4D-D855-4FDF-86F0-8D0830D3F83B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9BE0092-9E5F-4DED-81A3-12FC5C40C6E6} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {BC4BF4C9-B4FD-4FD5-9008-838A448593BD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BD75B59E-9B99-4C94-9CCC-1448A49AB783} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C15913FD-58CF-4797-8BA8-A2E1B0D340C3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DCD069A5-74EA-4267-A586-4110BC35399E} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-03-01] (UC Web Inc.) <==== ATTENTION
Task: {F763180E-A9FC-43E9-B2DC-C4ABBCD17EE1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
2017-03-02 01:15 - 2017-02-28 09:59 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1496610]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1221154]
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6 [266]
FirewallRules: [TCP Query User{F1462DA7-FF73-41D3-A168-38477ABA3376}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{6FBA1E84-8561-4837-A1E3-036F52740AAB}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [{B68EC7B3-6F2A-4573-80D5-F62D4CF886A5}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{56305173-F116-46FE-9699-CB8E8950784F}] => (Allow) C:\Users\Diana\AppData\Local\Amigo\Application\amigo.exe
C:\Program Files (x86)\UCBrowser
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\search@mail.ru
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml
C:\WINDOWS\System32\drivers:ucdrv-x64.sys
C:\Program Files (x86)\FreeFileViewer
C:\Users\Diana\AppData\Roaming\oursurfing
C:\program files (x86)\torntv.com
C:\Users\Diana\AppData\Local\Amigo

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe => No running process found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp => key removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1234937191-1451315649-2738984006-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key removed successfully
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found.
HKCR\PROTOCOLS\Handler\WSAllMyTubechrome => key not found.
C:\Users\Diana\AppData\Roaming\taskmgr\Profiles\acej28ex.default => path removed successfully
Firefox "Keyword.URL" removed successfully
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\homepage@mail.ru => moved successfully
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\search@mail.ru => moved successfully
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} => moved successfully
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} => path removed successfully
C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml => moved successfully
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Diana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg => key removed successfully
ucdrv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ucdrv => key removed successfully
ucdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B646760-8222-4620-BD43-174D5DA7404E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B646760-8222-4620-BD43-174D5DA7404E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E34640A-C83F-479C-B39E-66BE5E92B6F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E34640A-C83F-479C-B39E-66BE5E92B6F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1AAC1DA7-078F-4D54-8A89-4990A60AD2E1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AAC1DA7-078F-4D54-8A89-4990A60AD2E1} => key removed successfully
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EEC85CE-468A-45B4-8A24-52384EB745C8} => key not found.
C:\WINDOWS\System32\Tasks\FreeFileViewerUpdateChecker => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{210CBCAC-E6B7-4B3B-AB3A-E931733246BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{210CBCAC-E6B7-4B3B-AB3A-E931733246BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22C071C3-2AED-4165-AD16-52DC654D00F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22C071C3-2AED-4165-AD16-52DC654D00F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{346A6C21-FE55-46E2-999C-C39CC175C569} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{346A6C21-FE55-46E2-999C-C39CC175C569} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36E5FE6E-B1AD-4B88-9223-CCA3493CBDFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36E5FE6E-B1AD-4B88-9223-CCA3493CBDFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B8BC2E0-E5E0-443E-983E-70803AC12B2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B8BC2E0-E5E0-443E-983E-70803AC12B2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F19F222-E50A-4A44-8096-206CE6132DDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F19F222-E50A-4A44-8096-206CE6132DDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81935887-9FDB-4A56-90BF-360034ABDAD7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81935887-9FDB-4A56-90BF-360034ABDAD7} => key removed successfully
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{927DCB6E-7436-418A-91E1-8A87BB755797} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{927DCB6E-7436-418A-91E1-8A87BB755797} => key removed successfully
C:\WINDOWS\System32\Tasks\{F0EF8B8E-7C97-4DE4-93A8-29A6C3BE32F4} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0EF8B8E-7C97-4DE4-93A8-29A6C3BE32F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C636636-3AE4-47E8-935E-3BABF8F57AA8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C636636-3AE4-47E8-935E-3BABF8F57AA8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A86DBA4D-D855-4FDF-86F0-8D0830D3F83B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A86DBA4D-D855-4FDF-86F0-8D0830D3F83B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9BE0092-9E5F-4DED-81A3-12FC5C40C6E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9BE0092-9E5F-4DED-81A3-12FC5C40C6E6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC4BF4C9-B4FD-4FD5-9008-838A448593BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4BF4C9-B4FD-4FD5-9008-838A448593BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD75B59E-9B99-4C94-9CCC-1448A49AB783} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD75B59E-9B99-4C94-9CCC-1448A49AB783} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C15913FD-58CF-4797-8BA8-A2E1B0D340C3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C15913FD-58CF-4797-8BA8-A2E1B0D340C3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DCD069A5-74EA-4267-A586-4110BC35399E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCD069A5-74EA-4267-A586-4110BC35399E} => key removed successfully
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F763180E-A9FC-43E9-B2DC-C4ABBCD17EE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F763180E-A9FC-43E9-B2DC-C4ABBCD17EE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => not found.
C:\WINDOWS\Tasks\UCBrowserUpdater.job => moved successfully
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => moved successfully
"C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe" => not found.
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS could not remove.
C:\WINDOWS\system32\drivers => ":x64" ADS could not remove.
C:\WINDOWS\system32\drivers => ":x86" ADS could not remove.
C:\ProgramData\Temp => ":2F370DA6" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F1462DA7-FF73-41D3-A168-38477ABA3376}C:\program files (x86)\torntv.com\torntv downloader.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6FBA1E84-8561-4837-A1E3-036F52740AAB}C:\program files (x86)\torntv.com\torntv downloader.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B68EC7B3-6F2A-4573-80D5-F62D4CF886A5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56305173-F116-46FE-9699-CB8E8950784F} => value removed successfully
C:\Program Files (x86)\UCBrowser => moved successfully
"C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml" => not found.
"C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\search@mail.ru" => not found.
"C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}" => not found.
"C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\qs1c6122.default-1487412031373\searchplugins\mailru.xml" => not found.
Could not move "C:\WINDOWS\System32\drivers:ucdrv-x64.sys" => Scheduled to move on reboot.
"C:\Program Files (x86)\FreeFileViewer" => not found.
"C:\Users\Diana\AppData\Roaming\oursurfing" => not found.
"C:\program files (x86)\torntv.com" => not found.
C:\Users\Diana\AppData\Local\Amigo => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31673581 B
Java, Flash, Steam htmlcache => 11081 B
Windows/system/drivers => 56322315 B
Edge => 22016 B
Chrome => 351617577 B
Firefox => 377117487 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 1903906 B
NetworkService => 5873 B
Diana => 11429112457 B
DefaultAppPool => 0 B

RecycleBin => 682851328 B
EmptyTemp: => 12 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-03-2017 00:24:47)

"C:\WINDOWS\System32\drivers:ucdrv-x64.sys" => Could not move

==== End of Fixlog 00:24:47 ====

 

 

My internet seems to be working normally now. I hope the log looks normal aswell.

edit: okay, after using the internet for a while I have a problem. When I use Google, it transfers to some russian search page.

edit 2: okay, think I got it fixed myself. Had to delete it off the default search engine list.


Edited by sinine, 03 March 2017 - 06:42 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 AM

Posted 04 March 2017 - 10:17 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#6 sinine

sinine
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 04 March 2017 - 02:19 PM

Okay, yeah seems to be working like it's supposed to. Thanks a lot!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users