start 
CloseProcesses:
CreateRestorePoint:
(Tonec Inc.) C:\Users\USER\AppData\Local\Temp\IDMan .exe 
HKU\S-1-5-21-2429467849-1766266843-749531403-1001\...\Run: [Facebook Update] => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2015-11-01] (Facebook Inc.) 
HKU\S-1-5-21-2429467849-1766266843-749531403-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-01] (Valve Corporation) 
HKU\S-1-5-21-2429467849-1766266843-749531403-1001\...\Run: [IDMan] => C:\Users\USER\AppData\Local\Temp\IDMan .exe [3911248 2015-10-21] (Tonec Inc.) <===== ATTENTION 
HKU\S-1-5-21-2429467849-1766266843-749531403-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-2429467849-1766266843-749531403-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ae/ 
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\idjgxrv7.default 
FF Homepage: hxxps://www.google.ae 
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed] 
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed] 
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated) [File not signed] 
2429467849-1766266843-749531403-1001UA.job 
2016-04-18 19:33 - 2015-11-02 09:56 - 00000034 _____ 
2016-04-18 10:59 - 2015-11-01 12:34 - 00002383 _____ 
2429467849-1766266843-749531403-1001Core.job 


EmptyTemp: 
end