1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Username.exe issue, CPU usage 100%

Discussion in 'Virus & Other Malware Removal' started by Zdenko, May 22, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Zdenko

    Zdenko Thread Starter

    Joined:
    May 22, 2015
    Messages:
    4
    Hi,

    I have Toshiba Qosmio X870 and for the last couple of days I noticed the fans spinning like crazy. Speedfan showed the temperature of my laptop is around 90-100 degrees C and I can see on the task manager the CPU usage is 100%. Of which 99% refers to Username.exe (ZDENKO.exe).
    I scanned it with ESET NOD32, Spybot, nothing was found.
    I googled the problem and found solutions with Combofix. However I am running Windows 8.1 and Combofix apparently doesn't work on it.
    Please help.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 8
    RAM: 3980 Mb
    Graphics Card: Intel(R) HD Graphics 4000, -2041 Mb
    Hard Drives: C: Total - 703835 MB, Free - 619311 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: ESET NOD32 Antivirus 8.0, Updated and Enabled
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  3. Zdenko

    Zdenko Thread Starter

    Joined:
    May 22, 2015
    Messages:
    4
    Thank you for the reply!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
    Ran by BAKRAN (administrator) on ZDENKO on 22-05-2015 20:27:44
    Running from C:\Users\BAKRAN\Desktop\Serije i Filmovi
    Loaded Profiles: BAKRAN (Available Profiles: UpdatusUser & BAKRAN & Administrator)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
    () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
    () C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (SunplusIT, Inc.) C:\Program Files (x86)\SunplusIT Integrated Camera\Monitor.exe
    (Pokki) C:\Users\BAKRAN\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
    () C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
    () C:\ProgramData\ZDENKO\ZDENKO.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
    HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-11-04] (Intel Corporation)
    HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771032 2013-11-04] (Intel Corporation)
    HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770008 2013-11-04] (Intel Corporation)
    HKLM-x32\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
    HKLM-x32\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM-x32\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
    HKLM-x32\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
    HKLM-x32\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
    HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\SunplusIT Integrated Camera\Monitor.exe [1715232 2015-05-05] (SunplusIT, Inc.)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-717424191-130957203-730115578-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
    HKU\S-1-5-21-717424191-130957203-730115578-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-717424191-130957203-730115578-1002\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
    HKU\S-1-5-21-717424191-130957203-730115578-1002\...\Run: [UserCheck] => C:\ProgramData\UserCheck.exe [7317158 2015-05-19] ()
    AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-23] (NVIDIA Corporation)
    Startup: C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe [2015-05-21] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
    HKU\S-1-5-21-717424191-130957203-730115578-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
    HKU\S-1-5-21-717424191-130957203-730115578-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.toshiba.com?cid=J13
    HKU\S-1-5-21-717424191-130957203-730115578-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-717424191-130957203-730115578-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba13.msn.com/?pc=TNJB
    SearchScopes: HKU\S-1-5-21-717424191-130957203-730115578-1002 -> DefaultScope {51D679D6-B39E-11E4-BEB0-008CFA327F3E} URL = http://search.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-717424191-130957203-730115578-1002 -> {51D679D6-B39E-11E4-BEB0-008CFA327F3E} URL = http://search.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-717424191-130957203-730115578-1002 -> {F43000DA-ADFF-11E4-BEAD-008CFA327F3E} URL = http://search.homepage-web.com/?src=omnibox&partner=toshibabund&q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\BAKRAN\AppData\Roaming\Mozilla\Firefox\Profiles\kkqg3etk.default
    FF DefaultSearchEngine: Web Search
    FF SelectedSearchEngine: Web Search
    FF Homepage: hxxp://www.google.hr/
    FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN26663466832739815&UM=1&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-17] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-01-20] (Sony Media Software and Services Inc)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\BAKRAN\AppData\Roaming\Mozilla\Firefox\Profiles\kkqg3etk.default\searchplugins\Web Search.xml [2015-03-07]
    FF Extension: BS Player ControlBar - C:\Users\BAKRAN\AppData\Roaming\Mozilla\Firefox\Profiles\kkqg3etk.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2014-07-20]
    FF Extension: Weather Forecast - C:\Users\BAKRAN\AppData\Roaming\Mozilla\Firefox\Profiles\kkqg3etk.default\Extensions\[email protected] [2014-12-30]
    FF Extension: Adblock Plus - C:\Users\BAKRAN\AppData\Roaming\Mozilla\Firefox\Profiles\kkqg3etk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-20]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-15]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR StartupUrls: Default -> "hxxp://home.toshiba.com?cid=P15"
    CHR DefaultSearchKeyword: Default -> homepage-web.com
    CHR DefaultSearchURL: Default -> http://search.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
    CHR Extension: (Google Docs) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-05]
    CHR Extension: (Google Drive) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-05]
    CHR Extension: (YouTube) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-05]
    CHR Extension: (Google Search) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-05]
    CHR Extension: (Google Sheets) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
    CHR Extension: (Google Wallet) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-05]
    CHR Extension: (Gmail) - C:\Users\BAKRAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-05]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
    R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-01-30] (ESET)
    R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
    R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [159480 2015-01-30] (ESET)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
    R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [688032 2015-05-05] (Sunplus)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
    S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-22 20:27 - 2015-05-22 20:27 - 00000000 ____D () C:\FRST
    2015-05-22 19:28 - 2015-05-22 19:29 - 05627500 _____ (Swearware) C:\Users\BAKRAN\Desktop\ComboFix.exe
    2015-05-22 19:04 - 2015-05-22 19:15 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
    2015-05-22 19:04 - 2015-05-22 19:04 - 00001026 _____ () C:\Users\BAKRAN\Desktop\SpeedFan.lnk
    2015-05-22 19:04 - 2015-05-22 19:04 - 00000045 _____ () C:\WINDOWS\SysWOW64\initdebug.nfo
    2015-05-22 19:04 - 2015-05-22 19:04 - 00000000 ____D () C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
    2015-05-21 19:39 - 2015-05-21 19:39 - 00000000 __SHD () C:\ProgramData\ZDENKO
    2015-05-21 19:39 - 2015-05-19 02:08 - 07317158 ___SH () C:\ProgramData\UserCheck.exe
    2015-05-17 16:31 - 2015-05-17 16:31 - 00051649 _____ () C:\Users\BAKRAN\Desktop\Facebook.htm
    2015-05-15 12:35 - 2015-05-15 12:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-14 11:24 - 2015-05-14 11:24 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-05-13 13:08 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 13:08 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 11:48 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2015-05-13 11:48 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2015-05-13 11:48 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-05-13 11:48 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2015-05-13 11:47 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-05-13 11:47 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-05-13 11:47 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
    2015-05-13 11:47 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-05-13 11:47 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-05-13 11:47 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-05-13 11:47 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-05-13 11:47 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-05-13 11:47 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-05-13 11:47 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-05-13 11:47 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-05-13 11:47 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
    2015-05-13 11:47 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-05-13 11:47 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-05-13 11:47 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-05-13 11:47 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-05-13 11:47 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-05-13 11:47 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-05-13 11:47 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-05-13 11:47 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-05-13 11:47 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-05-13 11:47 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-05-13 11:47 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-05-13 11:47 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-05-13 11:47 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-05-13 11:47 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-05-13 11:47 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-05-13 11:47 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-05-13 11:47 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-05-13 11:47 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-05-13 11:47 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-05-13 11:47 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-05-13 11:47 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-05-13 11:47 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-05-13 11:47 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-05-13 11:47 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-05-13 11:47 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-05-13 11:47 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-05-13 11:47 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-05-13 11:47 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-05-13 11:47 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-05-13 11:47 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-05-13 11:47 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-05-13 11:47 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-05-13 11:47 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-05-13 11:47 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-05-13 11:47 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-05-13 11:47 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
    2015-05-13 11:47 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
    2015-05-13 11:47 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2015-05-13 11:47 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2015-05-13 11:47 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
    2015-05-13 11:47 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
    2015-05-13 11:47 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-05-13 11:47 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-05-13 11:47 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-05-13 11:47 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-05-13 11:47 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2015-05-13 11:47 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-05-13 11:47 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2015-05-13 11:47 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
    2015-05-13 11:47 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-05-13 11:47 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2015-05-13 11:47 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2015-05-13 11:47 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
    2015-05-13 11:47 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
    2015-05-13 11:47 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
    2015-05-13 11:47 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2015-05-13 11:47 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
    2015-05-13 11:47 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2015-05-13 11:47 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2015-05-13 11:47 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2015-05-13 11:47 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2015-05-13 11:47 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2015-05-05 13:53 - 2015-05-05 13:53 - 00000000 ____D () C:\Program Files (x86)\SunplusIT Integrated Camera
    2015-05-05 04:22 - 2015-05-05 04:22 - 00428064 _____ () C:\WINDOWS\system32\VCamPPage_x64.dll
    2015-05-05 04:17 - 2015-05-05 04:17 - 00688032 _____ (Sunplus) C:\WINDOWS\system32\Drivers\SPUVCBv_x64.sys
    2015-05-05 04:17 - 2015-05-05 04:17 - 00357920 _____ () C:\WINDOWS\SysWOW64\VCamPPage.dll
    2015-05-05 04:17 - 2015-05-05 04:17 - 00081440 _____ (Dext5xx) C:\WINDOWS\system32\DextUVCB_x64.ax
    2015-05-05 04:17 - 2015-05-05 04:17 - 00078368 _____ (Dext5xx) C:\WINDOWS\SysWOW64\DextUVCB.ax
    2015-05-05 04:11 - 2015-05-05 04:11 - 00014519 _____ () C:\WINDOWS\TWAINSP_Integrated_Camera.ini
    2015-05-05 04:11 - 2015-05-05 04:11 - 00007408 _____ () C:\WINDOWS\TWAINSP_Integrated_Camera.src

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-22 20:27 - 2014-09-01 15:45 - 00000000 ____D () C:\Users\BAKRAN\Desktop\Serije i Filmovi
    2015-05-22 20:24 - 2015-02-06 14:56 - 00000000 ____D () C:\Users\BAKRAN\AppData\Local\Pokki
    2015-05-22 20:24 - 2015-01-25 18:51 - 00000000 ____D () C:\Users\BAKRAN\AppData\Roaming\Skype
    2015-05-22 20:24 - 2013-10-20 14:46 - 00000000 ____D () C:\Users\BAKRAN\AppData\Roaming\uTorrent
    2015-05-22 20:23 - 2015-02-03 01:04 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-22 20:23 - 2014-10-03 12:16 - 00000000 __RDO () C:\Users\BAKRAN\OneDrive
    2015-05-22 20:23 - 2013-08-22 16:46 - 00382059 _____ () C:\WINDOWS\setupact.log
    2015-05-22 20:23 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-22 20:22 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-05-22 20:14 - 2015-02-07 02:05 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d04269cee942d7.job
    2015-05-22 20:13 - 2013-10-20 14:29 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-717424191-130957203-730115578-1002
    2015-05-22 20:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-05-22 19:43 - 2013-10-20 15:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-22 19:41 - 2014-10-02 23:09 - 01614382 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-22 18:14 - 2014-10-02 23:59 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0A73FD5B-5AE4-46C9-9C17-7571B8EC21D6}
    2015-05-22 12:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-05-21 23:28 - 2014-03-18 11:54 - 00025320 _____ () C:\WINDOWS\PFRO.log
    2015-05-21 23:28 - 2013-10-20 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-20 12:26 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-05-20 12:24 - 2015-04-04 18:34 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
    2015-05-20 12:24 - 2015-04-04 18:34 - 00000000 ___SD () C:\WINDOWS\system32\GWX
    2015-05-18 21:58 - 2013-06-27 15:04 - 00000000 ___RD () C:\Users\BAKRAN\Desktop\MOJE STVARI
    2015-05-17 11:31 - 2014-08-24 11:05 - 00000000 ____D () C:\Users\BAKRAN\AppData\Local\Adobe
    2015-05-17 11:30 - 2013-10-20 15:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-05-15 18:09 - 2015-02-07 02:05 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d04269cee942d7
    2015-05-15 18:09 - 2015-02-03 01:04 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-15 14:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-05-15 10:51 - 2015-02-03 01:05 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-15 10:43 - 2013-10-28 15:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-15 10:43 - 2013-10-28 15:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-15 10:43 - 2013-08-22 16:44 - 00481176 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-15 02:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2015-05-15 02:30 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
    2015-05-14 11:24 - 2014-10-09 14:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-05-14 11:23 - 2014-10-14 14:42 - 00000000 ____D () C:\Users\BAKRAN\Desktop\POTVRDE PLACENIH RACUNA
    2015-05-13 13:08 - 2013-10-20 18:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-05-13 13:03 - 2013-10-20 18:44 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-05-13 13:03 - 2013-08-22 15:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM
    2015-05-13 13:02 - 2013-10-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-13 13:01 - 2013-10-28 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-13 12:58 - 2014-03-18 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-12 02:30 - 2014-10-02 23:22 - 00000000 ____D () C:\Users\BAKRAN
    2015-05-11 15:54 - 2014-03-18 12:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-05 19:59 - 2014-12-11 16:08 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-05-05 19:59 - 2014-12-11 16:08 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-24 03:27 - 2013-10-20 21:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

    ==================== Files in the root of some directories =======

    2015-05-21 19:39 - 2015-05-19 02:08 - 7317158 ___SH () C:\ProgramData\UserCheck.exe

    Files to move or delete:
    ====================
    C:\ProgramData\UserCheck.exe


    Some files in TEMP:
    ====================
    C:\Users\BAKRAN\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\BAKRAN\AppData\Local\Temp\sfextra.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-22 20:13

    ==================== End of log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
    Ran by BAKRAN at 2015-05-22 20:32:26
    Running from C:\Users\BAKRAN\Desktop\Serije i Filmovi
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-717424191-130957203-730115578-500 - Administrator - Disabled) => C:\Users\Administrator
    BAKRAN (S-1-5-21-717424191-130957203-730115578-1002 - Administrator - Enabled) => C:\Users\BAKRAN
    Guest (S-1-5-21-717424191-130957203-730115578-501 - Limited - Enabled)
    UpdatusUser (S-1-5-21-717424191-130957203-730115578-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-717424191-130957203-730115578-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
    AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
    BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
    CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    ESET NOD32 Antivirus (HKLM\...\{D6885DDE-4632-4640-A3BB-13C9F02CE81C}) (Version: 8.0.312.0 - ESET, spol s r. o.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Host App Service (HKU\S-1-5-21-717424191-130957203-730115578-1002\...\Pokki) (Version: 0.269.7.638 - Pokki)
    Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.7.5 - SunplusIT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Media Go (HKLM-x32\...\{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}) (Version: 1.4.269 - Sony)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-717424191-130957203-730115578-1002\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    NVIDIA Graphics Driver 327.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.65 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Pirate Storm (HKU\S-1-5-21-717424191-130957203-730115578-1002\...\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c) (Version: v1.1.6 - Pokki)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.02.00076 - Sony Computer Entertainment Inc.)
    PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 3.1.8.07881 - Sony Computer Entertainment Inc.)
    QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Sony PC Companion 2.10.226 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.226 - Sony)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
    Start Menu (HKU\S-1-5-21-717424191-130957203-730115578-1002\...\Pokki_Start_Menu) (Version: 0.269.7.638 - Pokki)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
    Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.1 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.9 - TOSHIBA Corporation)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.42.120 - Toshiba Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
    Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-717424191-130957203-730115578-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\BAKRAN\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-717424191-130957203-730115578-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\BAKRAN\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-717424191-130957203-730115578-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\BAKRAN\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-717424191-130957203-730115578-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\BAKRAN\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-717424191-130957203-730115578-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\BAKRAN\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    02-05-2015 15:45:03 Scheduled Checkpoint
    11-05-2015 13:09:08 Scheduled Checkpoint
    18-05-2015 14:28:08 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 15:25 - 2014-10-14 02:35 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {08C91BE5-7D44-40F4-A309-01BDE3B80EF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
    Task: {15D7EE25-7604-4E0F-8B19-52059EC5F42C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)
    Task: {3442F2BC-D381-4F64-A4F5-7C26E21D66EF} - System32\Tasks\GoogleUpdateTaskMachineUA1d04269cee942d7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
    Task: {525C9478-3E5A-483F-93B0-3ED12ABAD33A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
    Task: {88B4AA89-B5C6-405A-ADAC-98B166D9DA36} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
    Task: {95DA4991-1184-4A26-A734-0A18105D9799} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
    Task: {96E14391-6C16-49E9-912C-ACC157CC1670} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {9F735E20-05AC-4A7B-A1A3-314A393944E6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
    Task: {A0D6581B-5E0E-4C43-BD82-2C2DFB03BACF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {B21651C8-356E-45B0-B890-8F20E0178547} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {C3FD9064-8719-4B9E-B881-1ED52F4BC3CD} - System32\Tasks\GoogleUpdateTaskMachineUA1d03f3c9dc5033b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
    Task: {C77075E7-46C1-43C2-8BB7-D4B2F3F36CAD} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
    Task: {D1980BBB-148B-4FF5-B896-15AA18EC8687} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
    Task: {E33F35C3-931F-489D-9CF9-CCB50AEB422F} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
    Task: {EF720D3D-4908-4A76-849A-C4016F022A85} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
    Task: {FB902C99-98E9-41A6-96E5-36F962209666} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d03f3c9dc5033b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d04269cee942d7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-12-23 12:33 - 2013-12-23 12:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-05-09 14:52 - 2015-05-09 14:52 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
    2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-08-05 01:01 - 2012-08-05 01:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
    2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
    2013-08-01 15:24 - 2013-08-01 15:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
    2015-05-21 19:39 - 2015-05-19 02:08 - 07317158 ____S () C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe
    2015-05-21 19:39 - 2015-05-19 02:06 - 00556332 ___SH () C:\ProgramData\ZDENKO\ZDENKO.exe
    2013-10-20 21:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2013-10-20 21:38 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2013-10-20 21:38 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2013-10-20 21:38 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2013-10-20 21:38 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2012-12-31 04:24 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\BAKRAN\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7868 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-717424191-130957203-730115578-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "TecoResident"
    HKU\S-1-5-21-717424191-130957203-730115578-1002\...\StartupApproved\Run: => "Sony Ericsson PC Companion"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{99DB1CC6-75F9-4CFB-816A-37E3E91067AD}] => (Allow) C:\Users\BAKRAN\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{692BA726-F023-4185-8995-3F11B704F286}] => (Allow) C:\Users\BAKRAN\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{4E5B6B9A-8EEA-4546-8A30-86CF80B40E8B}] => (Allow) LPort=1900
    FirewallRules: [{2D452296-4CF6-4088-8FFE-63773F78FAEE}] => (Allow) LPort=2869
    FirewallRules: [{51869957-6DEA-4782-B972-9E0A8D20E0E0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{B253A499-F47D-4CFB-80D8-9D119A01CA8E}] => (Allow) C:\Users\BAKRAN\AppData\Local\Temp\7zS405D\HPDiagnosticCoreUI.exe
    FirewallRules: [{96B7895D-A16B-4AC8-8184-E0D75C4E8313}] => (Allow) C:\Users\BAKRAN\AppData\Local\Temp\7zS405D\HPDiagnosticCoreUI.exe
    FirewallRules: [{CF665002-91CD-4EDE-B01D-9F63931A3554}] => (Allow) C:\Users\BAKRAN\AppData\Local\Temp\7zS524B\HPDiagnosticCoreUI.exe
    FirewallRules: [{EDC7B5DA-F510-4943-9557-72A244CE73AB}] => (Allow) C:\Users\BAKRAN\AppData\Local\Temp\7zS524B\HPDiagnosticCoreUI.exe
    FirewallRules: [{AFEF101D-77A2-4E3B-A537-0576C54EFA6D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [UDP Query User{0E5878F0-F8E3-4A46-9C59-A71DD70C5212}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
    FirewallRules: [TCP Query User{A56DC758-B171-4C61-B496-41881A357724}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
    FirewallRules: [{E958A2A8-1DFC-4EC9-B0CF-E6ECEFF9B688}] => (Allow) C:\Users\BAKRAN\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DC48B81E-156E-4696-AE88-21EE88CAD31B}] => (Allow) C:\Users\BAKRAN\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{31245060-D91D-4FAB-8918-06AD9E80ECBE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{CE4CB2D5-328B-463E-8D2B-F8A12B0E4670}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{893589E5-3AAA-4483-97AA-E14477DF9676}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CB9FDDE9-1AB1-4D1B-9143-5EAA109502F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{9FC08D07-296A-4225-A175-7D6681B40AA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{C29157ED-770D-486A-8358-2D5892F5C471}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{9CD10291-CA7C-4974-84D7-C518D4593A3E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{508B95DA-255D-4F0B-A721-90CC33E62E5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/22/2015 08:24:01 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/22/2015 08:23:32 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
    Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/22/2015 07:16:07 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/22/2015 07:15:28 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
    Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/22/2015 00:11:31 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
    Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/22/2015 11:42:19 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/22/2015 11:41:21 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"1".Error in manifest or policy file "Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"2" on line Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".
    Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/22/2015 00:20:18 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/21/2015 11:50:10 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/21/2015 11:31:35 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)


    System errors:
    =============
    Error: (05/22/2015 08:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (05/22/2015 08:25:27 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1326

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (05/22/2015 07:17:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (05/22/2015 07:17:20 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1326

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (05/22/2015 07:15:22 PM) (Source: DCOM) (EventID: 10016) (User: ZDENKO)
    Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ZDENKOBAKRANS-1-5-21-717424191-130957203-730115578-1002LocalHost (Using LRPC)UnavailableUnavailable

    Error: (05/22/2015 07:13:38 PM) (Source: DCOM) (EventID: 10010) (User: ZDENKO)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/22/2015 07:13:38 PM) (Source: DCOM) (EventID: 10010) (User: ZDENKO)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/22/2015 02:54:38 AM) (Source: DCOM) (EventID: 10010) (User: ZDENKO)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/22/2015 02:54:38 AM) (Source: DCOM) (EventID: 10010) (User: ZDENKO)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (05/22/2015 02:54:32 AM) (Source: DCOM) (EventID: 10010) (User: ZDENKO)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


    Microsoft Office:
    =========================
    Error: (05/22/2015 08:24:01 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/22/2015 08:23:32 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3

    Error: (05/22/2015 07:16:07 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/22/2015 07:15:28 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3

    Error: (05/22/2015 00:11:31 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3

    Error: (05/22/2015 11:42:19 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/22/2015 11:41:21 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0"Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0"C:\Program Files (x86)\Sony\Media Go\MediaGo.exeC:\Program Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST3

    Error: (05/22/2015 00:20:18 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/21/2015 11:50:10 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (05/21/2015 11:31:35 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
    Percentage of memory in use: 35%
    Total physical RAM: 3980.22 MB
    Available physical RAM: 2560.66 MB
    Total Pagefile: 4684.22 MB
    Available Pagefile: 3141.95 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (TI10651900I) (Fixed) (Total:687.34 GB) (Free:604.7 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    first uninstall spybot and reboot, otherwise it will interfere with the fixes and prevent them being successful

    Then
    Download attached fixlist.txt file and save it to your downloads folder.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  5. Zdenko

    Zdenko Thread Starter

    Joined:
    May 22, 2015
    Messages:
    4
    Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
    Ran by BAKRAN at 2015-05-22 22:27:04 Run:1
    Running from C:\Users\BAKRAN\Desktop\Serije i Filmovi
    Loaded Profiles: BAKRAN (Available Profiles: UpdatusUser & BAKRAN & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    () C:\ProgramData\ZDENKO\ZDENKO.exe
    C:\ProgramData\ZDENKO\ZDENKO.exe
    Startup: C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe [2015-05-21] ()
    C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe
    SearchScopes: HKU\S-1-5-21-717424191-130957203-730115578-1002 -> DefaultScope {51D679D6-B39E-11E4-BEB0-008CFA327F3E} URL = http://search.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-717424191-130957203-730115578-1002 -> {51D679D6-B39E-11E4-BEB0-008CFA327F3E} URL = http://search.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-717424191-130957203-730115578-1002 -> {F43000DA-ADFF-11E4-BEAD-008CFA327F3E} URL = http://search.homepage-web.com/?src=omnibox&partner=toshibabund&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> homepage-web.com
    CHR DefaultSearchURL: Default -> http://search.homepage-web.com/?src=omnibox&partner=toshibaupd&q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    2015-05-21 19:39 - 2015-05-21 19:39 - 00000000 __SHD () C:\ProgramData\ZDENKO
    2015-05-21 19:39 - 2015-05-19 02:08 - 07317158 ___SH () C:\ProgramData\UserCheck.exe
    2015-05-21 19:39 - 2015-05-19 02:08 - 07317158 ____S () C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe2015-05-21 19:39 - 2015-05-19 02:06 - 00556332 ___SH () C:\ProgramData\ZDENKO\ZDENKO.exe











    EmptyTemp:


    *****************

    [1276] C:\ProgramData\ZDENKO\ZDENKO.exe => Process closed successfully.
    C:\ProgramData\ZDENKO\ZDENKO.exe => Moved successfully.
    C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe => Moved successfully.
    "C:\Users\BAKRAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BAKRAN.exe" => File/Folder not found.
    HKU\S-1-5-21-717424191-130957203-730115578-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
    "HKU\S-1-5-21-717424191-130957203-730115578-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{51D679D6-B39E-11E4-BEB0-008CFA327F3E}" => key Removed successfully
    HKCR\CLSID\{51D679D6-B39E-11E4-BEB0-008CFA327F3E} => key not found.
    "HKU\S-1-5-21-717424191-130957203-730115578-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F43000DA-ADFF-11E4-BEAD-008CFA327F3E}" => key Removed successfully
    HKCR\CLSID\{F43000DA-ADFF-11E4-BEAD-008CFA327F3E} => key not found.
    Chrome DefaultSearchKeyword Removed successfully
    Chrome DefaultSearchURL Removed successfully
    Chrome DefaultSuggestURL Removed successfully
    C:\ProgramData\ZDENKO => Moved successfully.
    C:\ProgramData\UserCheck.exe => Moved successfully.
    "C:\ProgramData\ZDENKO\ZDENKO.exe" => File/Folder not found.
    EmptyTemp: => Removed 399.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 22:27:30 ====
     
  6. Zdenko

    Zdenko Thread Starter

    Joined:
    May 22, 2015
    Messages:
    4
    Derek thank you very much, I think the problem is fixed.
    The CPU and the temperatures are back to normal.
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    I would like to examine the files we removed so we can get them detected by antivirus companies and help others not be infected
    can you go to C:\FRST and right click the quarantine folder, select send to compressed( zip) folders
    that makes a zip copy of the quarantine folder

    please email that zip to me [email protected]
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148665

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice