Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015
Ran by Aramejskie PsP (administrator) on ARABSKAPATELNIA (08-12-2015 18:50:35)
Running from C:\Users\Aramejskie PsP\Desktop\farbar
Loaded Profiles: Aramejskie PsP (Available Profiles: Aramejskie PsP)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: Angielski (Stany Zjednoczone)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
() C:\Users\Aramejskie PsP\AppData\Local\Temp\nsc1610.tmp
() C:\Users\Aramejskie PsP\AppData\Roaming\NetService\netservice.exe
() C:\Program Files\E8F0E980-1449267636-81DC-39F9-001D6007944C\hnsmB63D.tmp
() C:\Program Files\E8F0E980-1449267636-81DC-39F9-001D6007944C\jnsv9AA4.tmp
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files\E8F0E980-1449267636-81DC-39F9-001D6007944C\knshF0DC.tmp
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\TBD166.tmp
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TODO: <公司名>) C:\Program Files\SFK\SSFK.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Aramejskie PsP\Downloads\9ylfu6o6.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM\...\Run: [rec_en_77] => [X]
HKLM\...\Run: [gmsd_pl_005010165] => [X]
HKLM\...\Run: [gmsd_pl_005010167] => [X]
HKLM\...\Run: [gmsd_pl_005010168] => [X]
HKLM\...\Run: [NetworkChecker] => C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Templates\venktp.exe [1064807 2015-12-06] ()
HKLM\...\Run: [gmsd_pl_005010169] => [X]
HKLM\...\RunOnce: [upgmsd_pl_005010168.exe] => C:\Users\Aramejskie PsP\AppData\Local\gmsd_pl_005010168\upgmsd_pl_005010168.exe [3278512 2015-12-06] ()
HKLM\...\RunOnce: [Windows Update Engine] => C:\ProgramData\Windows Update Engine\3wgwegkm5a.exe [470528 2007-12-21] ()
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software:  C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\COMODO <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [1245908319] => C:\ProgramData\msnos.exe [313856 2009-07-14] ()
HKLM\...\Policies\Explorer\Run: [638143719] => C:\ProgramData\msrbgbio.exe [102400 2009-07-14] ()
HKLM\...\Policies\Explorer\Run: [1876573201] => C:\ProgramData\msukbv.exe [162304 2007-12-21] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [Acronis] => C:\Users\Aramejskie PsP\AppData\Roaming\hvskb-bc.exe
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [KdjSaS011arbaaa1z] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arbaaaa1z.exe [259072 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [djSaS011arbaaa1za13a1] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186117711\djSaS011arbaaaa1za13a1.exe [260608 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [KdjSaS011arbaaa1za13a] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arbaaaa1za13a.exe [260608 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [KdjSaS011ar] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011ar.exe [259584 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [KdjSaS011arh] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arh.exe [311808 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [KdjSaS011arhaaa] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arhaaaa.exe [259072 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [djSaS01121za13a1a] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611127711\djSaS011a12a13a1a.exe [262144 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [a12121zq] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186171411\854561araaq.exe [264192 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [we121za13a1ab] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18623451\we1a12a13a1ab.exe [264192 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [we121za13a1abab] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1862314511\we1a12a13a1abavb.exe [291840 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [we121za13a1abab1] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18623145111\we1a12a13a1abavb1.exe [290816 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [Windows Update Engine] => C:\ProgramData\Windows Update Engine\3wgwegkm5a.exe [470528 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [AQworks] => C:\Users\Aramejskie PsP\AppData\Local\AQworks\KB00258656.exe [167936 2007-12-21] (DVDVideoSoft     Ltd.)
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [bcdsserv] => C:\Users\Aramejskie PsP\AppData\Roaming\Certnect\authesvc.exe
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [YbPack] => regsvr32.exe "C:\Users\Aramejskie PsP\AppData\Local\YbPack\jdlriwcn.dll" <===== ATTENTION
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [YfkPack] => C:\Windows\System32\regsvr32.exe "C:\Users\Aramejskie PsP\AppData\Local\AQworks\fjxcixtq.dll"
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [we121za13a1abab1ab] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1862314511111\we1a12a13a1abavb1ab.exe [309248 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Run: [we121za13a1abab1a] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186231451111\we1a12a13a1abavb1a.exe [313856 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [KdjSaS011arbaaa1z] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arbaaaa1z.exe [259072 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [KdjSaS011arhaaa] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arhaaaa.exe [259072 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [djSaS011arbaaa1za13a1] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186117711\djSaS011arbaaaa1za13a1.exe [260608 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [KdjSaS011arbaaa1za13a] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arbaaaa1za13a.exe [260608 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [we121za13a1ab] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18623451\we1a12a13a1ab.exe [264192 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [KdjSaS011ar] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011ar.exe [259584 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [djSaS01121za13a1a] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611127711\djSaS011a12a13a1a.exe [262144 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [KdjSaS011arh] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arh.exe [311808 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [a12121zq] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186171411\854561araaq.exe [264192 2015-12-06] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [we121za13a1abab1] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18623145111\we1a12a13a1abavb1.exe [290816 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [we121za13a1abab] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1862314511\we1a12a13a1abavb.exe [291840 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [we121za13a1abab1ab] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1862314511111\we1a12a13a1abavb1ab.exe [309248 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\RunOnce: [we121za13a1abab1a] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186231451111\we1a12a13a1abavb1a.exe [313856 2007-12-21] ()
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\CurrentVersion\Windows: [Load] C:\PROGRA~2\msnos.exe <===== ATTENTION
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...\MountPoints2: {7a652b40-af4f-11dc-8934-806e6f6e6963} - G:\SETUP.EXE
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4007559694-3794498742-1702077847-1002\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Aramejskie PsP\AppData\Local\AQworks\gbkwevrv.dllATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-11-28] (Microsoft Corporation)
IFEO\mbam.exe: [Debugger] epdmfji.exe
IFEO\mbamgui.exe: [Debugger] kxemabm.exe
IFEO\MRT.exe: [Debugger] kgmnddmbzri.exe
IFEO\Mrtstub.exe: [Debugger] cyduxutsugs.exe
IFEO\rstrui.exe: [Debugger] gfscokwngcs.exe
SecurityProviders: credssp.dll, AmzoygUjducc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+cmh.html [2007-12-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+cmh.txt [2007-12-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+glt.html [2015-12-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+glt.txt [2015-12-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+urm.html [2007-12-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+urm.txt [2007-12-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+vpr.html [2015-12-07] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+vpr.txt [2015-12-07] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xko.html [2007-12-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+xko.txt [2007-12-21] ()
Startup: C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.HTML [2007-12-21] ()
Startup: C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.PNG.vvv [2007-12-21] ()
Startup: C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.TXT.vvv [2007-12-21] ()
Startup: C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+cmh.html [2007-12-21] ()
Startup: C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\how_recover+cmh.txt [2007-12-21] ()
Startup: C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ST6UNST Uninstaller.LNK [2007-12-21]
ShortcutTarget: ST6UNST Uninstaller.LNK ->  (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\Giqdulti.dll [289128 2015-12-06] ()
Winsock: Catalog9 02 C:\Windows\system32\Giqdulti.dll [289128 2015-12-06] ()
Winsock: Catalog9 03 C:\Windows\system32\Giqdulti.dll [289128 2015-12-06] ()
Winsock: Catalog9 04 C:\Windows\system32\Giqdulti.dll [289128 2015-12-06] ()
Winsock: Catalog9 28 C:\Windows\system32\Giqdulti.dll [289128 2015-12-06] ()
Tcpip\Parameters: [DhcpNameServer] 176.118.143.2 176.118.143.6 192.168.1.1
Tcpip\..\Interfaces\{0C6884CE-47C7-4FB8-9EB8-E1EC922A563A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{0C6884CE-47C7-4FB8-9EB8-E1EC922A563A}: [DhcpNameServer] 176.118.143.2 176.118.143.6 192.168.1.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mysites123.com/?type=sc&ts=1449266897&z=c393f8356b294b209f17ae0g2zdz0t0o0qfq0b1m2t&from=amt&uid=WDCXWD3200BEVT-60A23T0_WD-WXL1A90H1351H1351

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-28] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2007-12-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2007-12-21] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{B1263099-7D5A-4867-8135-49976A1EBA6C}] - C:\Program Files\groover061220151612\Firefox\{B1263099-7D5A-4867-8135-49976A1EBA6C}.xpi => not found

Chrome: 
=======
CHR Profile: C:\Users\Aramejskie PsP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Aramejskie PsP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-08]
CHR Extension: (Camera Plugin) - C:\Users\Aramejskie PsP\AppData\Local\Camera Plugin\Component [2007-12-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 ginoquci; C:\Users\Aramejskie PsP\AppData\Local\Temp\nsc1610.tmp [222208 2007-12-21] () [File not signed]
R2 NetTcpHandler; C:\Users\Aramejskie PsP\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
R2 nyneryxo; C:\Program Files\E8F0E980-1449267636-81DC-39F9-001D6007944C\hnsmB63D.tmp [134656 2015-12-04] () [File not signed]
R2 roqenufe; C:\Program Files\E8F0E980-1449267636-81DC-39F9-001D6007944C\jnsv9AA4.tmp [307200 2015-12-04] () [File not signed]
R2 SSFK; C:\Program Files\SFK\SSFK.exe [155280 2015-12-04] (TODO: <公司名>)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 sypycuge; C:\Program Files\E8F0E980-1449267636-81DC-39F9-001D6007944C\knshF0DC.tmp [658432 2015-12-06] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [536346624 2007-12-21] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-04] (Sysinternals process Explorer) <==== ATTENTION
U2 avgsvc; "C:\Program Files\AVG\Framework\Common\avgsvcx.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-13] (Atheros Communications, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [49408 2007-12-21] (Cherimoya Ltd) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2015-11-28] (Duplex Secure Ltd.)
U3 agvlfgle; C:\Windows\system32\Drivers\agvlfgle.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz134; \??\C:\Users\ARAMEJ~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
R1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
U3 pwlirpoc; \??\C:\Users\ARAMEJ~1\AppData\Local\Temp\pwlirpoc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 18:20 - 2015-12-08 18:20 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\TeamViewer
2015-12-08 17:21 - 2015-12-08 17:21 - 00380416 _____ C:\Users\Aramejskie PsP\Downloads\9ylfu6o6.exe
2015-12-08 16:15 - 2015-12-08 18:50 - 00000000 ____D C:\Users\Aramejskie PsP\Desktop\farbar
2015-12-08 15:54 - 2015-12-08 18:50 - 00000000 ____D C:\FRST
2015-12-08 15:30 - 2015-12-08 15:36 - 00000000 ____D C:\ProgramData\Avg
2015-12-08 15:30 - 2015-12-08 15:32 - 00000000 ____D C:\Program Files\AVG
2015-12-08 15:29 - 2015-12-08 15:30 - 00018944 ___SH C:\Users\Aramejskie PsP\Thumbs.db
2015-12-08 15:23 - 2015-12-08 15:31 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\AvgSetupLog
2015-12-08 15:23 - 2015-12-08 15:23 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\Avg
2015-12-07 18:04 - 2015-12-07 18:04 - 00009588 _____ C:\Users\Aramejskie PsP\AppData\Local\Apps\how_recover+vpr.html
2015-12-07 18:03 - 2015-12-07 18:03 - 00009588 _____ C:\Users\Aramejskie PsP\AppData\Local\how_recover+vpr.html
2015-12-07 18:00 - 2015-12-07 18:00 - 00003116 _____ C:\ProgramData\j3ymz.7yyn
2015-12-07 17:59 - 2015-12-07 18:03 - 00009588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_recover+vpr.html
2015-12-07 17:59 - 2015-12-07 18:03 - 00002777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_recover+vpr.txt
2015-12-07 17:59 - 2015-12-07 17:59 - 00009588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\how_recover+vpr.html
2015-12-07 17:59 - 2015-12-07 17:59 - 00002777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\how_recover+vpr.txt
2015-12-07 16:52 - 2015-12-07 16:52 - 00003116 _____ C:\Users\Aramejskie PsP\AppData\Local\Apps\barldt9b.05u
2015-12-07 16:52 - 2007-12-21 00:16 - 00046318 _____ C:\Users\Aramejskie PsP\AppData\Local\Apps\HELP_YOUR_FILES.PNG.vvv
2015-12-07 16:51 - 2015-12-07 16:51 - 00003116 _____ C:\ProgramData\jsvef3g8x0.e3s4r
2015-12-07 16:51 - 2007-12-21 00:12 - 00046318 _____ C:\ProgramData\HELP_YOUR_FILES.PNG.vvv
2015-12-07 16:42 - 2015-12-07 16:42 - 00009588 _____ C:\Users\Aramejskie PsP\AppData\Local\Apps\how_recover+xko.html
2015-12-07 16:41 - 2015-12-07 16:41 - 00009588 _____ C:\Users\Aramejskie PsP\AppData\Local\how_recover+xko.html
2015-12-06 22:19 - 2015-12-06 22:20 - 00009588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\how_recover+glt.html
2015-12-06 22:19 - 2015-12-06 22:20 - 00002777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\how_recover+glt.txt
2015-12-06 22:19 - 2007-12-21 00:00 - 00000000 __SHD C:\ProgramData\CreativeAudio
2015-12-06 22:18 - 2007-12-21 00:06 - 00000904 ____H C:\ProgramData\@system.temp
2015-12-06 22:14 - 2015-12-06 22:20 - 00009588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_recover+glt.html
2015-12-06 22:14 - 2015-12-06 22:20 - 00002777 _____ C:\ProgramData\Microsoft\Windows\Start Menu\how_recover+glt.txt
2015-12-06 22:14 - 2015-12-06 22:19 - 00009588 _____ C:\ProgramData\how_recover+glt.html
2015-12-06 22:13 - 2015-12-06 22:19 - 00009588 _____ C:\Users\Public\Documents\how_recover+glt.html
2015-12-06 22:12 - 2015-12-06 22:12 - 00000480 ____H C:\Users\Aramejskie PsP\AppData\Roaming\½Ó
2015-12-06 22:12 - 2007-12-21 00:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\BrowserMe
2015-12-06 22:12 - 2007-12-21 00:06 - 00000640 ____H C:\ProgramData\@system3.att
2015-12-06 15:15 - 2007-12-21 00:11 - 00049408 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-12-06 11:14 - 2015-12-06 11:14 - 00000104 _____ C:\Users\Aramejskie PsP\Desktop\Panel sterowania — skrót.lnk
2015-12-05 11:19 - 2015-11-20 19:27 - 00017840 _____ () C:\Windows\system32\roboot.exe
2015-12-05 10:56 - 2015-12-08 16:45 - 00000017 _____ C:\Windows\system32\history.dat
2015-12-05 10:52 - 2007-12-21 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
2015-12-04 23:21 - 2009-06-10 22:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-04 23:21 - 2007-12-21 00:18 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\E8F0E980-1449271314-81DC-39F9-001D6007944C
2015-12-04 23:20 - 2015-12-08 15:38 - 00000000 ____D C:\Program Files\E8F0E980-1449267636-81DC-39F9-001D6007944C
2015-12-04 23:20 - 2007-12-21 01:10 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-12-04 23:15 - 2007-12-21 01:10 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\Opera Software
2015-12-04 23:15 - 2007-12-21 01:07 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\Opera Software
2015-12-04 23:12 - 2015-12-05 19:47 - 00000000 ____D C:\Program Files\Opera
2015-12-04 23:12 - 2007-12-21 00:00 - 00000000 ____D C:\Program Files\Wooden Seal
2015-12-04 23:09 - 2015-12-08 17:45 - 00000000 ____D C:\Program Files\SFK
2015-12-04 23:08 - 2007-12-21 01:10 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\mysites123
2015-12-04 23:08 - 2007-12-21 00:15 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-11-30 22:09 - 2015-11-30 22:09 - 00000363 _____ C:\Users\Aramejskie PsP\Desktop\Komputer — skrót.lnk
2015-11-28 17:13 - 2015-11-28 17:13 - 00477240 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-11-28 16:59 - 2015-12-08 16:14 - 00000000 ____D C:\Users\Aramejskie PsP\Downloads\Diablo 2 LOD + Dodatki
2015-11-28 16:59 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\LocalLow\uTorrent
2015-11-28 16:57 - 2015-11-28 16:57 - 00002687 _____ C:\Users\Aramejskie PsP\Desktop\µTorrent.lnk
2015-11-28 16:57 - 2015-11-28 16:57 - 00002687 _____ C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-28 16:57 - 2007-12-21 01:10 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\uTorrent
2015-11-28 09:50 - 2015-11-28 09:50 - 00000000 ____D C:\Windows\system32\SPReview
2015-11-28 09:49 - 2015-11-28 09:49 - 00000000 ____D C:\Windows\system32\EventProviders
2015-11-28 01:56 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\Macromedia
2015-11-28 01:56 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\Adobe
2015-11-28 01:48 - 2015-12-08 18:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-28 01:48 - 2015-11-28 01:48 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-28 01:48 - 2015-11-28 01:48 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-28 01:48 - 2015-11-28 01:48 - 00000000 ____D C:\Windows\system32\Macromed
2015-11-28 01:45 - 2015-11-28 01:45 - 00001094 _____ C:\Users\Aramejskie PsP\Desktop\GameRanger.lnk
2015-11-28 01:45 - 2015-11-28 01:45 - 00001080 _____ C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2015-11-28 01:45 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\GameRanger
2015-11-27 20:54 - 2015-11-27 20:54 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-27 20:53 - 2015-11-27 20:53 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-27 20:53 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\LocalLow\Sun
2015-11-27 20:53 - 2007-12-21 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-27 20:52 - 2015-11-27 20:52 - 00000000 ____D C:\Program Files\Java
2015-11-27 20:52 - 2007-12-21 00:15 - 00000000 ____D C:\ProgramData\Oracle
2015-11-27 20:51 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\LocalLow\Oracle
2015-11-27 20:42 - 2015-11-27 20:42 - 00000000 ____D C:\Program Files\WinRAR
2015-11-27 20:42 - 2007-12-21 01:10 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\WinRAR
2015-11-27 20:42 - 2007-12-21 01:10 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-27 20:42 - 2007-12-21 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-27 20:18 - 2015-12-07 17:51 - 00687812 _____ C:\Windows\system32\perfh015.dat
2015-11-27 20:18 - 2015-12-07 17:51 - 00131366 _____ C:\Windows\system32\perfc015.dat
2015-11-27 20:18 - 2015-11-27 19:33 - 00337158 _____ C:\Windows\system32\perfi015.dat
2015-11-27 20:18 - 2015-11-27 19:33 - 00038710 _____ C:\Windows\system32\perfd015.dat
2015-11-27 20:14 - 2015-11-27 20:14 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-11-27 20:13 - 2015-11-27 20:13 - 00000000 ____D C:\Windows\system32\pl
2015-11-27 20:12 - 2015-11-27 20:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-27 20:12 - 2015-11-27 20:12 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-27 19:23 - 2007-12-21 01:07 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\TeamViewer
2015-11-27 19:22 - 2015-09-18 17:32 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-27 19:22 - 2015-09-18 17:30 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-27 19:22 - 2015-09-18 17:30 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-27 19:22 - 2015-09-18 17:30 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-27 19:22 - 2015-09-18 17:30 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-27 19:22 - 2015-09-18 17:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-27 19:22 - 2015-09-18 17:25 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-27 19:22 - 2015-05-21 14:18 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-11-27 19:22 - 2015-01-28 00:28 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-11-27 19:22 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-27 19:22 - 2010-04-07 08:10 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-11-27 19:22 - 2010-01-09 07:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2015-11-27 19:22 - 2009-12-02 09:17 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-27 19:22 - 2009-10-10 03:57 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2015-11-27 19:21 - 2015-03-19 03:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-27 19:21 - 2015-03-19 03:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-27 19:21 - 2013-03-19 05:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 19:21 - 2013-03-19 03:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 19:21 - 2011-04-09 06:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-11-27 19:21 - 2010-12-18 06:29 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 19:21 - 2010-10-16 05:36 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-11-27 19:21 - 2010-08-21 06:36 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 19:21 - 2010-06-22 03:47 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-11-27 19:21 - 2010-06-22 03:47 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-11-27 19:21 - 2010-06-22 03:47 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-11-27 19:21 - 2010-03-08 22:33 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-27 19:21 - 2009-12-29 07:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-11-27 19:21 - 2009-09-26 06:58 - 00194488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-11-27 19:20 - 2015-12-08 15:36 - 00000000 ____D C:\Program Files\TeamViewer
2015-11-27 19:20 - 2015-11-27 19:20 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-27 19:20 - 2015-11-27 19:20 - 00000999 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-11-27 19:17 - 2010-02-27 08:32 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-27 19:17 - 2010-02-27 08:32 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-27 19:17 - 2010-02-27 08:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-27 19:06 - 2012-06-02 23:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-27 19:06 - 2012-06-02 23:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-27 19:06 - 2012-06-02 23:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-27 19:06 - 2012-06-02 23:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-27 19:05 - 2012-06-02 23:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-27 19:05 - 2012-06-02 23:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-27 19:05 - 2012-06-02 23:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-27 19:04 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-27 19:04 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-27 18:54 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\ATI
2015-11-27 18:54 - 2007-12-21 00:17 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\ATI
2015-11-27 18:54 - 2007-12-21 00:12 - 00000000 ____D C:\ProgramData\ATI
2015-11-27 18:49 - 2007-12-21 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-11-27 18:45 - 2015-11-27 18:45 - 00000000 ____D C:\Program Files\ATI
2015-11-27 18:45 - 2007-12-21 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Install Manager
2015-11-27 18:45 - 2007-07-21 23:52 - 00048736 _____ C:\Windows\system32\Drivers\ativvpxx.vp
2015-11-27 18:45 - 2007-07-21 22:05 - 02920448 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-27 18:45 - 2007-07-21 21:55 - 00344064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2015-11-27 18:45 - 2007-07-21 21:55 - 00262144 _____ (ATI Technologies, Inc.) C:\Windows\system32\atipdlxx.dll
2015-11-27 18:45 - 2007-07-21 21:55 - 00237568 _____ (ATI Technologies, Inc.) C:\Windows\system32\Oemdspif.dll
2015-11-27 18:45 - 2007-07-21 21:55 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2015-11-27 18:45 - 2007-07-21 21:54 - 00241664 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.dll
2015-11-27 18:45 - 2007-07-21 21:54 - 00043520 _____ (ATI Technologies, Inc.) C:\Windows\system32\ati2edxx.dll
2015-11-27 18:45 - 2007-07-21 21:53 - 00610304 _____ (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
2015-11-27 18:45 - 2007-07-21 21:43 - 02998272 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdag.dll
2015-11-27 18:45 - 2007-07-21 21:38 - 08118272 _____ (ATI Technologies Inc.) C:\Windows\system32\atioglxx.dll
2015-11-27 18:45 - 2007-07-21 21:30 - 03822592 _____ (ATI Technologies Inc. ) C:\Windows\system32\atiumdva.dll
2015-11-27 18:45 - 2007-07-21 21:29 - 03107788 _____ C:\Windows\system32\atiumdva.dat
2015-11-27 18:45 - 2007-07-21 21:10 - 00049152 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-11-27 18:45 - 2007-05-30 11:37 - 00002096 _____ C:\Windows\system32\Drivers\ativpkxx.vp
2015-11-27 18:45 - 2007-05-30 11:37 - 00002096 _____ C:\Windows\system32\Drivers\ativokxx.vp
2015-11-27 18:45 - 2007-04-18 08:19 - 00002096 _____ C:\Windows\system32\Drivers\ativdkxx.vp
2015-11-27 18:45 - 2007-02-20 16:39 - 00144773 _____ C:\Windows\system32\atiicdxx.dat
2015-11-27 18:45 - 2006-10-30 11:22 - 00008192 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\AtiPcie.sys
2015-11-27 18:45 - 2006-08-23 17:26 - 00328162 _____ C:\Windows\system32\Drivers\ativcaxx.cpa
2015-11-27 18:45 - 2006-08-23 17:26 - 00000929 _____ C:\Windows\system32\Drivers\ativcaxx.vp
2015-11-27 18:44 - 2015-11-27 18:48 - 00000000 ____D C:\Program Files\ATI Technologies
2015-11-27 18:28 - 2007-12-21 00:18 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\GeometryDash
2015-11-27 18:26 - 2007-12-21 01:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-27 18:18 - 2007-12-21 01:07 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\Steam
2015-11-27 18:18 - 2007-12-21 00:18 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\CEF
2015-11-27 18:16 - 2015-11-27 18:55 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-11-27 18:16 - 2007-12-21 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-27 18:12 - 2015-11-27 18:12 - 00000000 ____D C:\Windows\pss
2015-11-27 17:50 - 2015-06-23 12:27 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-27 17:50 - 2007-12-21 00:18 - 00001214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-27 17:50 - 2007-12-21 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-27 17:46 - 2015-12-08 18:06 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-27 17:46 - 2015-11-27 17:48 - 00000000 ____D C:\Program Files\Google
2015-11-27 17:46 - 2007-12-21 00:01 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 17:45 - 2007-12-21 00:51 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\Google
2015-11-27 17:44 - 2015-11-27 20:22 - 00057560 _____ C:\Users\Aramejskie PsP\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-27 17:44 - 2007-12-21 00:18 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\Deployment
2015-11-27 17:44 - 2007-12-21 00:16 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\Apps\2.0
2015-11-27 17:29 - 2015-11-27 17:29 - 00000020 ___SH C:\Users\Aramejskie PsP\ntuser.ini
2015-11-27 17:29 - 2015-11-27 17:29 - 00000000 _SHDL C:\Users\Aramejskie PsP\My Documents
2015-11-27 17:29 - 2015-11-27 17:29 - 00000000 _SHDL C:\Users\Aramejskie PsP\Documents\My Videos
2015-11-27 17:29 - 2015-11-27 17:29 - 00000000 _SHDL C:\Users\Aramejskie PsP\Documents\My Pictures
2015-11-27 17:29 - 2015-11-27 17:29 - 00000000 _SHDL C:\Users\Aramejskie PsP\Documents\My Music
2015-11-27 17:29 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Roaming\Media Center Programs
2015-11-27 17:29 - 2007-12-21 01:08 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\VirtualStore
2015-11-27 17:28 - 2015-12-08 15:29 - 00000000 ____D C:\Users\Aramejskie PsP
2015-11-27 17:26 - 2015-12-07 17:51 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-27 17:26 - 2010-01-26 02:07 - 00000048 __RSH C:\wedaolu
2015-11-27 17:26 - 2010-01-09 11:17 - 00206312 __RSH C:\grldr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 16:21 - 2007-12-21 00:03 - 00000000 ____D C:\Users\Aramejskie PsP\AppData\Local\SmartWeb
2015-12-08 15:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2015-12-07 18:03 - 2007-12-21 00:11 - 00009588 _____ C:\ProgramData\how_recover+vpr.html
2015-12-07 16:41 - 2007-12-21 00:05 - 00009588 _____ C:\ProgramData\how_recover+xko.html
2015-12-06 15:14 - 2007-12-21 00:16 - 00289128 _____ C:\Windows\system32\Giqdulti.dll
2015-11-28 09:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2015-11-27 21:23 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-11-27 20:14 - 2009-07-14 05:56 - 00000000 ____D C:\Windows\system32\winrm
2015-11-27 20:14 - 2009-07-14 05:56 - 00000000 ____D C:\Windows\system32\WCN
2015-11-27 20:14 - 2009-07-14 05:56 - 00000000 ____D C:\Windows\system32\slmgr
2015-11-27 20:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\MUI
2015-11-27 20:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\IME
2015-11-27 20:14 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-27 20:13 - 2009-07-14 05:56 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-11-27 20:13 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\com
2015-11-27 18:24 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

==================== Files in the root of some directories =======

2015-12-06 22:12 - 2015-12-06 22:12 - 0000480 ____H () C:\Users\Aramejskie PsP\AppData\Roaming\½Ó
2007-12-21 00:39 - 2007-12-21 00:39 - 0003116 _____ () C:\Users\Aramejskie PsP\AppData\Local\4zsfk3.0b
2007-12-21 00:39 - 2007-12-21 00:39 - 0003116 _____ () C:\Users\Aramejskie PsP\AppData\Local\541g3q.2o5
2007-12-21 00:42 - 2007-12-21 00:42 - 0045901 _____ () C:\Users\Aramejskie PsP\AppData\Local\HELP_YOUR_FILES.PNG
2007-12-21 00:15 - 2007-12-21 01:10 - 0009588 _____ () C:\Users\Aramejskie PsP\AppData\Local\how_recover+cmh.html
2007-12-21 00:15 - 2007-12-21 01:10 - 0002777 _____ () C:\Users\Aramejskie PsP\AppData\Local\how_recover+cmh.txt
2015-12-07 18:03 - 2015-12-07 18:03 - 0009588 _____ () C:\Users\Aramejskie PsP\AppData\Local\how_recover+vpr.html
2015-12-07 16:41 - 2015-12-07 16:41 - 0009588 _____ () C:\Users\Aramejskie PsP\AppData\Local\how_recover+xko.html
2015-12-06 22:18 - 2007-12-21 00:06 - 0000904 ____H () C:\ProgramData\@system.temp
2015-12-06 22:12 - 2007-12-21 00:06 - 0000640 ____H () C:\ProgramData\@system3.att
2007-12-21 00:12 - 2007-12-21 00:12 - 0003116 _____ () C:\ProgramData\fb19r8t.2koqu
2015-12-07 16:51 - 2007-12-21 00:12 - 0046318 _____ () C:\ProgramData\HELP_YOUR_FILES.PNG.vvv
2007-12-21 00:12 - 2007-12-21 00:15 - 0009588 _____ () C:\ProgramData\how_recover+cmh.html
2007-12-21 00:12 - 2007-12-21 00:15 - 0002777 _____ () C:\ProgramData\how_recover+cmh.txt
2015-12-06 22:14 - 2015-12-06 22:19 - 0009588 _____ () C:\ProgramData\how_recover+glt.html
2007-12-21 00:13 - 2007-12-21 00:13 - 0009588 _____ () C:\ProgramData\how_recover+urm.html
2007-12-21 00:11 - 2015-12-07 18:03 - 0009588 _____ () C:\ProgramData\how_recover+vpr.html
2007-12-21 00:05 - 2015-12-07 16:41 - 0009588 _____ () C:\ProgramData\how_recover+xko.html
2015-12-07 18:00 - 2015-12-07 18:00 - 0003116 _____ () C:\ProgramData\j3ymz.7yyn
2015-12-07 16:51 - 2015-12-07 16:51 - 0003116 _____ () C:\ProgramData\jsvef3g8x0.e3s4r
2009-07-14 00:31 - 2009-07-14 02:14 - 0281600 ___SH () C:\ProgramData\mscxoz.exe
2009-07-14 00:31 - 2009-07-14 02:14 - 0313856 ___SH () C:\ProgramData\msnos.exe
2009-07-14 00:31 - 2009-07-14 02:14 - 0102400 ___SH () C:\ProgramData\msrbgbio.exe
2009-07-14 00:31 - 2007-12-21 00:04 - 0162304 ___SH () C:\ProgramData\msukbv.exe
2007-12-21 00:08 - 2007-12-21 00:08 - 0003116 _____ () C:\ProgramData\oyqij0.4x
2007-12-21 00:08 - 2007-12-21 00:08 - 0003116 _____ () C:\ProgramData\y16w2.s1
2007-12-21 00:12 - 2007-12-21 00:12 - 0003116 _____ () C:\ProgramData\zj63ef.ej2

Files to move or delete:
====================
C:\ProgramData\mscxoz.exe
C:\ProgramData\msnos.exe
C:\ProgramData\msrbgbio.exe
C:\ProgramData\msukbv.exe


Some files in TEMP:
====================
C:\Users\Aramejskie PsP\AppData\Local\Temp\3wgwegkm5a_1.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\avg7B52.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\binkw32.dll
C:\Users\Aramejskie PsP\AppData\Local\Temp\cdo171113935.dll
C:\Users\Aramejskie PsP\AppData\Local\Temp\cdo3292032738.dll
C:\Users\Aramejskie PsP\AppData\Local\Temp\d2l_Install.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\egg7ouo1aoe59qg_1.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\fsd365.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\fsd38B6.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\fsd4A51.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\fsdB014.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\fsdB8FB.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\fsdF565.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\fsdF98C.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\KB00258656.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\KB00262234.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\KB00281750.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\KB00303140.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\KB00318812.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\kb18831984.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\kcae9m7gu.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\libeay32.dll
C:\Users\Aramejskie PsP\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\oprun27853.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\oprun31421.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\setup_758.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\SpOrder.dll
C:\Users\Aramejskie PsP\AppData\Local\Temp\ssleay32.dll
C:\Users\Aramejskie PsP\AppData\Local\Temp\Uninstall.exe
C:\Users\Aramejskie PsP\AppData\Local\Temp\UninstallModule.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2009-07-14 00:12] - [2009-07-14 00:12] - 0269824 ____A (Microsoft Corporation) C27C74CD1BA85C44E5EAFF19187FDAC0

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2007-12-21 09:32

==================== End of FRST.txt ============================