Untitled

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Moni (administrator) on MONI-PC on 25-05-2015 08:33:05
Running from C:\Users\Moni\Desktop
Loaded Profiles: Moni & Mcx1-MONI-PC (Available Profiles: Moni & Mcx1-MONI-PC)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Moni\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(TunnelBear) D:\TunnelBear\TBear.Client.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(www.BitComet.com) D:\BitComet\BitComet.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Moni\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\puush\puush.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(MyWebSearch.com) C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TMRG,  Inc.) C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\rserver3.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Somoto LTD) C:\Program Files (x86)\Movies App\SafetyNut\SafetyNutManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Somoto LTD) C:\Program Files (x86)\Movies App\SafetyNut\SafetyNutManager.exe
(Somoto LTD) C:\Program Files (x86)\Movies App\SafetyNut\safetynut.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(TMRG,  Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TMRG,  Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe
(TMRG,  Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
(Winstep Software Technologies) D:\Winstep\WsxService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(www.BitComet.com) D:\BitComet\tools\BitCometService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() D:\TunnelBear\TBear.Maintenance.exe
() C:\ProgramData\GBox\GBox.exe
() C:\ProgramData\OptimizerPro\OptimizerPro.exe
() C:\ProgramData\GBox\GBox.exe
() C:\ProgramData\OptimizerPro\OptimizerPro.exe
() C:\ProgramData\GBox\GBox.exe
() C:\ProgramData\OptimizerPro\OptimizerPro.exe
() C:\ProgramData\steg\steg.exe
() C:\ProgramData\tor\tor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Moni\AppData\Local\Viber\Viber.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\ProgramData\rkcl\rkcl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Users\Moni\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [FileTransferForMobileGo] => C:\Program Files (x86)\Wondershare\MobileGo for Android\FileTransfer.exe [336272 2014-11-05] (Wondershare)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-05-14] ()
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [BitComet] => D:\BitComet\BitComet.exe [17257648 2013-12-31] (www.BitComet.com)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [f.lux] => C:\Users\Moni\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [GoogleChromeAutoLaunch_2AB7CFC998D028F823B446CEC054EA1A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-31] ()
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3328384 2015-05-10] (Echobit LLC)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [Viber] => C:\Users\Moni\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {2257eafd-6170-11e1-9def-90d4fb622999} - H:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {277a4398-d264-11e1-a6fa-88ae1d83c45e} - G:\setup.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {6cc48bd8-609f-11e1-9359-cf17e4c60f9e} - H:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {6cc48cf4-609f-11e1-9359-cf17e4c60f9e} - I:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {6cc48cf8-609f-11e1-9359-cf17e4c60f9e} - H:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {79f71797-9889-11e2-a99c-88ae1d83c45e} - F:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {8e61bc57-cc08-11e1-b52a-88ae1d83c45e} - H:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {92bf2344-6171-11e1-bdce-b36dfc1a9f98} - H:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {a6db8b5f-3e02-11e1-b10b-88ae1d83c45e} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {a6db8b65-3e02-11e1-b10b-88ae1d83c45e} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {b3a5e9fb-39cc-11e1-a69b-88ae1d83c45e} - 0
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {befe23ab-5eca-11e1-a5a9-aa55b3fff9e0} - K:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {befe23ad-5eca-11e1-a5a9-aa55b3fff9e0} - K:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {e1d77772-fcfe-11e1-b8c8-88ae1d83c45e} - F:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {e1d7779c-fcfe-11e1-b8c8-88ae1d83c45e} - F:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {f6f9f5dd-c995-11e1-823b-88ae1d83c45e} - H:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {f6f9f5ee-c995-11e1-823b-88ae1d83c45e} - H:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {f6f9f5ff-c995-11e1-823b-88ae1d83c45e} - H:\AutoRun.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {ff4f14fa-5481-11e1-96ad-a7c08798e007} - F:\MGS2SSetup.exe
HKU\S-1-5-21-3181489392-1428851397-2468278675-1005\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-05-31] (AVG Secure Search)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1005\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search)
HKU\S-1-5-21-3181489392-1428851397-2468278675-1005\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation) <==== ATTENTION
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies App\SafetyNut\safetycrt.dll [493776 2014-12-15] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies App\SafetyNut\x64\safetycrt.dll [669392 2014-12-15] ()
ShellIconOverlayIdentifiers: [ 0POLinkIconDone] -> {4931EE43-90CB-4D46-A50F-474D7C5D97BE} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 1POLinkIconFailed] -> {828F1FF1-021C-4EC0-A4F8-B1BFF6390DD3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 2POLinkIconIng] -> {8AE3CBEA-8E21-4883-BFD0-925F5513F190} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 3POLinkIconProhibited] -> {DED0F1AF-0505-4FB7-83AA-C2E51FA0721F} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://smart-homepage.blogspot.com
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112555&tt=090812_ppc_3212_1&babsrc=HP_ss&mntrId=f259e42100000000000088ae1d83c45e
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=112555&tt=090812_ppc_3212_1&babsrc=HP_ss&mntrId=f259e42100000000000088ae1d83c45e
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112555&tt=090812_ppc_3212_1&babsrc=HP_ss&mntrId=f259e42100000000000088ae1d83c45e
HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - Search.com Toolbar - {BFEAF3D0-307E-4F52-B64A-AF56BABE82B5} - C:\Program Files (x86)\Search.com Toolbar\IE\6.9\searchcomToolbarIE.dll (CBS Interactive)
URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a15005-148&apn_uid=0695044213944151&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM -> {AA74FE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztA0CyEyD0E0EyEtBtCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1975286060
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
SearchScopes: HKLM-x32 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a15005-148&apn_uid=0695044213944151&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 -> {72015028-694F-B215-0E17-3B6E199F6EB1} URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {AA74FE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztA0CyEyD0E0EyEtBtCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1975286060
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={49A57737-0BFA-11E2-BFBD-88AE1D83C45E}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = http://www.basicserve.com/?prt=BASICSERVE115&sp=&keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.gigabase.ru/search?q={searchTerms}&clid=1
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F25988AE1D83C45E&affID=128492&tsp=5264
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {1F7878FB-13DF-4E3F-9DCA-ABAC41E52ED2} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {2CF13FD9-315B-413B-A339-4A6F4CACEDB9} URL = http://t1.search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = http://www.basicserve.com/?prt=bscsrvlink5&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a15005-148&apn_uid=0695044213944151&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {72015028-694F-B215-0E17-3B6E199F6EB1} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=090812_ppc_3212_1&babsrc=SP_ss&mntrId=f259e42100000000000088ae1d83c45e
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FE3E8E5F-8C14-45B8-A746-A1F784C5628E}&mid=4bcd29d8ce2147d08bb059e75b672dad-5d28af1a4b4adffb8029b0d5e95c6ecc0152629a&lang=en&ds=gm011&pr=sa&d=2012-10-03 17:05:11&v=17.1.2.1&pid=avg&sg=43&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {A8BE2D8E-4604-4846-B044-6A1AC1AB1492} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {AA74FE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztA0CyEyD0E0EyEtBtCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1975286060
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.gboxapp.com/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {BE3B0D25-D1DE-4C9C-AB62-263CE4184C59} URL = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb167/?search={searchTerms}&loc=IB_DS&a=6R8AuDGDwI&i=26
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {D32AB177-DDFA-4263-B652-3E00DC4EED28} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={49A57737-0BFA-11E2-BFBD-88AE1D83C45E}
SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {FF2A2C0A-FD8D-42DE-B0E5-0AB0FD8CE029} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=b5088342e51e45a8bd3c9740f9942153
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: MyWebSearch Search Assistant BHO -> {00A6FAF1-072E-44cf-8957-5838F569A31D} -> C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL [2012-03-31] (MyWebSearch.com)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll [2014-11-11] (Search Results LLC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Staging -> {C35B7206-62EB-F808-5475-18A6FDE7DD94} -> c:\Users\All Users\dl159\159.dll [2014-11-21] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: YTD Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE.dll [2015-03-19] (Spigot, Inc.)
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE64.dll [2015-03-19] (Spigot, Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll [2015-05-14] (AVG Secure Search)
Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE.dll [2015-03-19] (Spigot, Inc.)
Toolbar: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.190.192.166 89.190.192.162
Tcpip\..\Interfaces\{1A0A3083-6DDB-42D4-87D9-10FB05FA9538}: [NameServer] 212.39.90.42 212.39.90.43
Tcpip\..\Interfaces\{53719EE1-9E8D-4388-925A-D70C27AB7A96}: [NameServer] 211.162.78.1,211.162.78.2
Tcpip\..\Interfaces\{78EB48DC-3FFE-4ED5-9975-15EB8E31727D}: [NameServer] 212.39.90.42 212.39.90.43

FireFox:
========
FF ProfilePath: C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\cokd9nus.default-1427527468806
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-27] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll [2012-03-31] (MyWebSearch.com)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-04-11] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-05] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-695ea9f5bdba4fec\\NPRobloxProxy.dll No File
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Moni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Moni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-07-02] (Google)
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @talk.google.com/O1DPlugin -> C:\Users\Moni\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-07-02] (Google)
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @talk.google.com/O3DPlugin -> C:\Users\Moni\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-02] ()
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Moni\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Moni\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Moni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: facebook.com/fbDesktopPlugin -> C:\Users\Moni\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-05] (Pando Networks)
FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Moni\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-02] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Moni\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-02] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Moni\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-02] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2014-12-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-09-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-10]
FF Extension: MP3Tube Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com [2014-07-22]
FF Extension: BasicScan - C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} [2014-07-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2014-07-22]
FF Extension: BasicServe - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} [2014-07-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\2.bin [2012-03-31]
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012-12-16]
FF HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
FF Extension: Special Savings - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2012-12-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.bg/", "https://www.youtube.com/?feature=ytca"
CHR Profile: C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-20]
CHR Extension: (Google Drive) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
CHR Extension: (Please enter your password) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-01-22]
CHR Extension: (Ultron Browser NewTab Page) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bokdjpogohejegnkmlijjnfohcbcifkk [2015-03-15]
CHR Extension: (Gom VPN - Bypass blocked sites) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2015-03-26]
CHR Extension: (Tampermonkey) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-03-19]
CHR Extension: (YouTube mp3) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena [2015-03-31]
CHR Extension: (Gom VPN - App to bypass blocked sites) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\eelphgpfmjhndihoopgadghfonahifel [2015-03-26]
CHR Extension: (TickTick - Todo & Task List) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\eempgbpnkjnacmilmobpbhbfpdjdcpgd [2015-01-22]
CHR Extension: (Conversor de Medidas) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiicdapcioonpclifmhmcnhhdegnpke [2015-01-22]
CHR Extension: (Bookmark Manager) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02]
CHR Extension: (SoundCloud) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-01-22]
CHR Extension: (Ultron Browser) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfldicokfdgaipmlmfghjfhkaijlpcoi [2015-03-15]
CHR Extension: (Hangouts) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-01-22]
CHR Extension: (Turn Off the Lights) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2015-01-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-29]
CHR Extension: (Facebook Messenger) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
CHR Extension: (Hover Zoom) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-03-15]
CHR Extension: (dotEPUB) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm [2015-01-22]
CHR Extension: (Click&Clean App) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-03-15]
CHR Extension: (Ambient Aurea) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa [2015-03-20]
CHR Profile: C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Movies Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic [2015-01-22]
CHR Extension: (Ask Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaamnjcfigiihfpfilaaiifgdgfogcg [2015-01-22]
CHR Extension: (Google Slides) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
CHR Extension: (SpecialSavings.com) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
CHR Extension: (Google Drive) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
CHR Extension: (Funmoods) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2015-01-22]
CHR Extension: (Bcool) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkimjmdklbhkpnpknanflhneggbkhncj [2015-01-22]
CHR Extension: (YouTube) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
CHR Extension: (Google Search) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
CHR Extension: (DownTango Launcher Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejdabpabkmacjiiooccecnpakonoibah [2015-01-22]
CHR Extension: (Google Sheets) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgojaaaiddhmiiakpejiklijbalpckih [2015-01-22]
CHR Extension: (SweetIM for Facebook) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2015-01-22]
CHR Extension: (Select Links App) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhhjnhpfgnffpcjncnmkfiahofahoihh [2015-01-22]
CHR Extension: (New tab for Chrome™) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2015-01-22]
CHR Extension: (DefaultTab) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2015-01-22]
CHR Extension: (Skype Click to Call) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-22]
CHR Extension: (AVG Security Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-22]
CHR Extension: (Google Wallet) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2015-01-22]
CHR Extension: (DealPly  Shopping) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn [2015-01-22]
CHR Extension: (Sense) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2015-01-23]
CHR Extension: (GoPhoto.it) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2015-01-22]
CHR Extension: (Gmail) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Moni\AppData\Local\funmoods.crx [2012-08-29]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Moni\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Moni\AppData\Local\funmoods.crx [2012-08-29]
CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [Not Found]
CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Moni\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [aaaamnjcfigiihfpfilaaiifgdgfogcg] - C:\Users\Moni\AppData\Local\APN\GoogleCRXs\aaaamnjcfigiihfpfilaaiifgdgfogcg_7.17.2.0.crx [2013-02-01]
CHR HKLM-x32\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\Moni\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx [2012-08-19]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Moni\AppData\Local\funmoods.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Moni\AppData\Local\Temp\ccex.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bkimjmdklbhkpnpknanflhneggbkhncj] - C:\ProgramData\Bcool\bkimjmdklbhkpnpknanflhneggbkhncj.crx [2012-08-06]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ejdabpabkmacjiiooccecnpakonoibah] - C:\Program Files (x86)\DownTangoLauncherToolbar\chrome\DownTangoLauncherToolbar.crx [2012-09-11]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Moni\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Moni\AppData\Roaming\StatusWinks\statuswinks.crx [2012-10-11]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-10-01]
CHR HKLM-x32\...\Chrome\Extension: [jhhjnhpfgnffpcjncnmkfiahofahoihh] - C:\Program Files (x86)\OApps\chrome-sl.crx [2013-07-13]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-07-29]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-10-01]
CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [Not Found]

Opera:
=======
OPR Extension: (SavePass) - C:\Users\Moni\AppData\Roaming\Opera Software\Opera Stable\Extensions\eoakcjefpghelmgacocefhiniapndeoo [2014-07-29]
OPR Extension: (Adblock Plus) - C:\Users\Moni\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-08-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-18] () []
R3 BITCOMET_HELPER_SERVICE; D:\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DefaultTabUpdate; C:\Users\Moni\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-13] () []
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-05-10] (Echobit LLC)
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [3906048 2014-11-10] () [] <==== ATTENTION
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake) []
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ldr; C:\ProgramData\rkcl\ldr.exe [105984 2015-05-25] () []
R2 MyWebSearchService; C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE [34320 2012-03-31] (MyWebSearch.com)
S4 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [204304 2012-04-11] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-19] (Electronic Arts)
R2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [186136 2013-08-17] (TMRG,  Inc.) <==== ATTENTION
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) []
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-02-21] (Razer, Inc.)
R2 SafetyNutManager; C:\Program Files (x86)\Movies App\SafetyNut\SafetyNutManager.exe [3574480 2014-12-15] (Somoto LTD)
R4 steg; C:\ProgramData\steg\steg.exe [4079104 2015-05-20] () []
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [392984 2014-04-13] (Tlapia)
S2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394520 2014-04-13] (Tlapia)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
R3 TunnelBearMaintenance; D:\TunnelBear\TBear.Maintenance.exe [26048 2014-07-05] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) []
S4 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [655712 2012-09-15] ()
S4 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-04-28] (Vodafone) []
R2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-14] (AVG Secure Search)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
R2 Winstep Xtreme Service; D:\Winstep\WsxService [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-21] (DT Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-01-24] (Echobit, LLC)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Movies App\SafetyNut\x64\configmgrc3.cfg [46160 2014-12-15] (Somoto LTD)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [224768 2012-09-15] (Huawei Technologies Co., Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
R3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [71576 2012-12-19] (Famatech Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-21] (Razer, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [19496 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [145448 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [33832 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [138792 2007-11-02] (MCCI)
S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [39168 2014-06-17] (The OpenVPN Project)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) []
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S1 aydcepjb; \??\C:\Windows\system32\drivers\aydcepjb.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S1 tibhfuuh; \??\C:\Windows\system32\drivers\tibhfuuh.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [X]
S1 udkhquam; \??\C:\Windows\system32\drivers\udkhquam.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va006; \??\C:\Users\Moni\AppData\Local\Temp\0066667.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 08:33 - 2015-05-25 08:35 - 00068076 _____ () C:\Users\Moni\Desktop\FRST.txt
2015-05-25 08:32 - 2015-05-25 08:33 - 00000000 ____D () C:\FRST
2015-05-25 08:32 - 2015-05-25 08:31 - 02108416 _____ (Farbar) C:\Users\Moni\Desktop\FRST64.exe
2015-05-25 08:31 - 2015-05-25 08:31 - 02108416 _____ (Farbar) C:\Users\Moni\Downloads\FRST64.exe
2015-05-25 08:21 - 2015-05-25 08:21 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-05-25 08:21 - 2015-05-25 08:21 - 00000000 ____D () C:\Program Files\Unlocker
2015-05-25 08:18 - 2015-05-25 08:20 - 01078591 _____ () C:\Users\Moni\Downloads\Unlocker1.9.2.exe
2015-05-25 08:17 - 2015-05-25 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
2015-05-25 00:02 - 2015-05-25 00:22 - 00000000 ____D () C:\ProgramData\rkcl
2015-05-23 11:17 - 2015-05-23 11:17 - 00575510 _____ () C:\Users\Moni\Downloads\JaYamxM.mp4
2015-05-22 15:46 - 2015-05-22 19:26 - 00000000 ____D () C:\Users\Moni\Desktop\NVO MAT
2015-05-20 19:35 - 2015-05-20 19:35 - 00000062 ____H () C:\Users\Moni\Downloads\.picasa.ini
2015-05-20 15:59 - 2015-05-20 16:29 - 00000000 ____D () C:\Users\Moni\Desktop\NVO
2015-05-20 14:48 - 2015-05-25 00:03 - 00000000 ____D () C:\ProgramData\steg
2015-05-20 14:48 - 2015-05-20 14:48 - 00000000 ____D () C:\ProgramData\tor
2015-05-18 23:26 - 2015-05-18 23:26 - 00093077 _____ () C:\Users\Moni\Downloads\preview_image
2015-05-18 22:00 - 2015-05-18 22:00 - 00000000 ____D () C:\Users\Moni\Tracing
2015-05-18 21:55 - 2015-05-18 21:55 - 00000000 ____D () C:\ProgramData\Digger
2015-05-14 11:43 - 2015-05-14 11:43 - 00001794 _____ () C:\Users\Moni\Desktop\испански.txt
2015-05-12 08:42 - 2015-05-12 09:00 - 72390124 _____ () C:\Users\Moni\Downloads\cm12.1_golden.nova.20150510.zip
2015-05-12 08:14 - 2015-05-12 08:24 - 34391673 _____ () C:\Users\Moni\Downloads\cm12.0_golden.nova.20150131 (2).zip
2015-05-11 22:59 - 2015-05-11 23:17 - 73061212 _____ () C:\Users\Moni\Downloads\cm12.0_golden.nova.20150131 (1).zip
2015-05-11 22:17 - 2015-05-11 22:17 - 130498368 _____ () C:\Users\Moni\Desktop\cm12.0_golden.nova.20150131.zip
2015-05-11 21:47 - 2015-05-11 22:17 - 130498368 _____ () C:\Users\Moni\Downloads\cm12.0_golden.nova.20150131.zip
2015-05-11 21:44 - 2015-05-11 21:43 - 229325307 _____ () C:\Users\Moni\Desktop\pa_gapps-modular-mini-5.0.1-RC3-20150201-signed.zip
2015-05-11 21:34 - 2015-05-11 21:43 - 229325307 _____ () C:\Users\Moni\Downloads\pa_gapps-modular-mini-5.0.1-RC3-20150201-signed.zip
2015-05-11 21:13 - 2015-05-11 21:13 - 08693820 _____ () C:\Users\Moni\Desktop\GT-I8190_TWRP_2.8.1.0.tar.md5
2015-05-11 21:12 - 2015-05-11 21:13 - 08693820 _____ () C:\Users\Moni\Downloads\GT-I8190_TWRP_2.8.1.0.tar.md5
2015-05-11 20:43 - 2015-05-11 20:47 - 00000000 ____D () C:\Users\Moni\Desktop\ъхъ
2015-05-11 20:12 - 2015-05-11 20:12 - 00002587 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2015-05-11 20:09 - 2015-05-11 20:10 - 27024112 _____ (Microsoft Corporation) C:\Users\Moni\Downloads\PowerPointViewer.exe
2015-05-11 20:09 - 2015-05-11 20:09 - 00755056 _____ (Program Application software ) C:\Users\Moni\Downloads\Malavida_Download_Manager.exe
2015-05-11 19:54 - 2015-05-25 00:09 - 00405796 _____ () C:\Users\Moni\Downloads\ИНСТРУКТАЖ_ЗА_УЧЕНИКА.ppt
2015-05-10 21:51 - 2015-05-10 21:51 - 00000800 _____ () C:\Users\Moni\Desktop\thissoundslikeroleplaygonewrongplshalp.txt
2015-05-10 19:01 - 2015-05-10 19:06 - 00000880 _____ () C:\Users\Moni\Desktop\uhu.txt
2015-05-10 16:23 - 2015-05-10 16:23 - 00000000 ____D () C:\Windows\pss
2015-05-08 22:02 - 2015-05-08 22:02 - 00002143 _____ () C:\Users\Moni\Desktop\FLV Player.lnk
2015-05-03 20:05 - 2015-05-03 20:05 - 00000600 _____ () C:\Users\Moni\Desktop\Kerbal Space Program.lnk
2015-05-03 20:05 - 2015-05-03 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program
2015-05-03 13:48 - 2015-05-04 20:43 - 00000000 ____D () C:\Users\Moni\Desktop\100CANON
2015-04-27 19:59 - 2015-04-27 19:59 - 00000000 ____D () C:\Users\Moni\AppData\Local\openvr
2015-04-27 09:13 - 2015-04-27 09:13 - 00664645 _____ () C:\Users\Moni\Downloads\lia.rar
2015-04-27 09:13 - 2015-04-27 09:13 - 00664645 _____ () C:\Users\Moni\Desktop\lia.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 08:34 - 2014-10-12 23:40 - 00000000 ___RD () C:\Users\Moni\Desktop\Избори
2015-05-25 08:31 - 2012-06-14 13:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 08:30 - 2013-12-25 22:30 - 00000294 _____ () C:\Windows\Tasks\Dealply.job
2015-05-25 08:29 - 2011-12-28 03:52 - 01933818 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 08:15 - 2011-12-27 19:47 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Skype
2015-05-25 07:46 - 2014-02-14 09:46 - 00000296 _____ () C:\Windows\Tasks\Funmoods.job
2015-05-25 07:42 - 2012-08-02 16:15 - 00000000 ____D () C:\Users\Moni\AppData\Local\CrashDumps
2015-05-25 07:39 - 2012-04-05 21:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 07:36 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\tracing
2015-05-25 07:01 - 2012-12-01 23:15 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3181489392-1428851397-2468278675-1000UA.job
2015-05-25 03:56 - 2014-01-29 22:56 - 00001544 _____ () C:\Windows\Tasks\Apps Hat Mini-updater.job
2015-05-25 03:56 - 2014-01-29 22:55 - 00001372 _____ () C:\Windows\Tasks\Apps Hat Mini-enabler.job
2015-05-25 03:55 - 2014-01-29 22:55 - 00002676 _____ () C:\Windows\Tasks\Apps Hat Mini-firefoxinstaller.job
2015-05-25 03:55 - 2014-01-29 22:55 - 00001494 _____ () C:\Windows\Tasks\Apps Hat Mini-codedownloader.job
2015-05-25 03:54 - 2014-01-29 22:54 - 00002166 _____ () C:\Windows\Tasks\Apps Hat Mini-chromeinstaller.job
2015-05-25 03:29 - 2014-12-21 18:28 - 00000000 ____D () C:\ProgramData\SafetyNut
2015-05-25 00:09 - 2015-02-07 00:22 - 01062660 _____ () C:\Users\Moni\Downloads\youtube-channel-art-template.psd
2015-05-24 22:39 - 2012-04-05 21:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 21:54 - 2014-05-31 12:36 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2015-05-24 21:40 - 2014-12-08 21:46 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\ViberPC
2015-05-24 21:36 - 2014-12-08 21:44 - 00000000 ____D () C:\Users\Moni\AppData\Local\Viber
2015-05-24 21:29 - 2012-12-27 16:16 - 00000464 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2015-05-24 21:26 - 2012-04-01 19:12 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181489392-1428851397-2468278675-1000Core.job
2015-05-23 11:43 - 2015-01-18 17:03 - 00024420 _____ () C:\Windows\setupact.log
2015-05-22 19:41 - 2014-01-19 19:27 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-22 19:01 - 2012-12-01 23:15 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3181489392-1428851397-2468278675-1000Core.job
2015-05-22 14:38 - 2009-07-14 08:13 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 16:05 - 2012-08-02 13:15 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\vlc
2015-05-20 14:48 - 2015-01-08 17:55 - 00002676 _____ () C:\Windows\SysWOW64\uhawedgipsy.bin
2015-05-20 01:54 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 01:54 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 07:47 - 2014-06-19 18:30 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-18 22:34 - 2012-04-05 21:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 22:34 - 2012-04-05 21:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 22:18 - 2014-08-04 14:34 - 00000000 ____D () C:\Users\Moni\AppData\Local\HockeyCrashes
2015-05-18 22:00 - 2011-12-27 17:57 - 00000000 ____D () C:\Users\Moni
2015-05-18 21:58 - 2011-12-27 19:43 - 00000000 ____D () C:\ProgramData\Skype
2015-05-18 21:57 - 2011-12-27 19:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-18 21:54 - 2014-11-07 22:01 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-05-18 21:54 - 2012-02-05 14:02 - 00000430 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-18 21:51 - 2013-09-01 11:38 - 00028723 _____ () C:\autoupdate.log
2015-05-18 21:50 - 2014-09-24 20:28 - 00000000 ___RD () C:\Users\Moni\Google Drive
2015-05-18 21:45 - 2015-01-24 20:01 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-18 21:45 - 2014-11-10 20:10 - 00000474 ____H () C:\Windows\Tasks\SW-Booster-S-792098896.job
2015-05-18 21:45 - 2013-06-07 20:29 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-05-18 21:45 - 2013-05-31 18:26 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-05-18 21:45 - 2012-08-06 18:43 - 00000324 ____H () C:\Windows\Tasks\GBoxUpdaterTask{E6BD1590-5E1B-4B65-8E94-FB1A09A03187}.job
2015-05-18 21:45 - 2012-08-06 18:42 - 00000372 ____H () C:\Windows\Tasks\OptimizerProUpdaterTask{48D49302-3060-4DE8-8D92-7DB9614AB643}.job
2015-05-18 21:44 - 2011-12-27 19:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-18 21:44 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-18 21:43 - 2010-11-21 06:47 - 24024386 _____ () C:\Windows\PFRO.log
2015-05-14 20:41 - 2012-10-03 17:05 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2015-05-14 10:48 - 2014-06-17 21:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-11 20:12 - 2015-03-11 13:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-05-11 20:10 - 2014-09-22 12:21 - 00000000 ____D () C:\Program Files (x86)\MSECache
2015-05-11 20:00 - 2015-04-11 23:07 - 00000000 ____D () C:\Users\Moni\AppData\Local\Adobe
2015-05-11 20:00 - 2014-10-11 20:03 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Adobe
2015-05-10 16:27 - 2015-02-18 12:34 - 00000000 ____D () C:\Users\Moni\AppData\Local\Spotify
2015-05-10 15:51 - 2015-03-11 13:31 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\PolarisOfficeLink
2015-05-10 15:21 - 2015-02-18 12:32 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Spotify
2015-05-10 15:07 - 2014-09-24 19:58 - 00000000 ___RD () C:\Users\Moni\Dropbox
2015-05-10 15:07 - 2014-09-24 19:34 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Dropbox
2015-05-10 15:06 - 2014-09-24 19:40 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 14:46 - 2015-03-11 13:38 - 00000000 ___RD () C:\Users\Moni\Documents\Polaris Office
2015-05-10 14:44 - 2015-04-18 23:49 - 00000000 ____D () C:\Users\Moni\.VirtualBox
2015-05-08 22:02 - 2013-10-27 20:44 - 00000000 ____D () C:\Users\Moni\AppData\Local\WebPlayer
2015-05-08 21:49 - 2015-03-15 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-04 22:47 - 2013-08-22 15:45 - 00000000 ___RD () C:\Users\Moni\Desktop\Pack_Memes_YgorTutoriais
2015-05-04 22:35 - 2012-08-02 16:13 - 00000000 ____D () C:\Users\Moni\Documents\Quobi
2015-04-27 12:49 - 2012-09-02 22:09 - 00000000 ____D () C:\BDS

==================== Files in the root of some directories =======

2013-08-15 17:00 - 2013-08-16 13:37 - 0000132 ____H () C:\Users\Moni\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-03-14 11:15 - 2015-02-16 11:14 - 0000132 ____H () C:\Users\Moni\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-04-12 17:23 - 2014-04-12 16:45 - 0012005 ____H () C:\Users\Moni\AppData\Roaming\alsoft.ini
2014-10-03 16:09 - 2014-10-03 16:30 - 0000097 _____ () C:\Users\Moni\AppData\Roaming\LauncherSettings_live.cfg
2012-12-10 17:40 - 2012-12-10 17:40 - 0000000 ____H () C:\Users\Moni\AppData\Roaming\Made
2013-07-18 12:05 - 2013-08-13 10:40 - 0034816 ____H () C:\Users\Moni\AppData\Roaming\RZR_0010d58440a58281ec18ff3bf48c.db
2014-02-21 20:34 - 2014-04-08 20:33 - 0034816 ____H () C:\Users\Moni\AppData\Roaming\RZR_002065a748f9a23a54a46efc5796.db
2014-10-03 16:19 - 2014-10-03 16:20 - 0008144 _____ () C:\Users\Moni\AppData\Roaming\TheHunterSettings_live.bin
2014-10-03 16:12 - 2014-10-03 16:12 - 0000039 _____ () C:\Users\Moni\AppData\Roaming\TheHunterSettings_steam_live.cfg
2013-07-21 11:07 - 2013-07-21 11:07 - 0021541 ____H () C:\Users\Moni\AppData\Roaming\UserTile.png
2013-09-13 22:04 - 2014-03-20 12:30 - 0000175 ____H () C:\Users\Moni\AppData\Roaming\WB.CFG
2013-08-13 20:05 - 2013-08-13 20:06 - 0011220 ___RH () C:\Users\Moni\AppData\Local\CleanupUninstall.txt
2012-03-13 22:36 - 2015-01-05 17:09 - 0027648 ___RH () C:\Users\Moni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-29 13:25 - 2012-08-29 13:24 - 0031465 ___RH () C:\Users\Moni\AppData\Local\funmoods.crx
2012-01-14 00:07 - 2012-01-14 00:07 - 0000092 ___RH () C:\Users\Moni\AppData\Local\fusioncache.dat
2014-01-05 23:31 - 2014-01-05 23:31 - 0000000 __RSH () C:\Users\Moni\AppData\Local\LumaEmu
2013-07-02 19:46 - 2014-06-20 18:25 - 0007645 ___RH () C:\Users\Moni\AppData\Local\Resmon.ResmonCfg
2015-01-08 17:52 - 2015-01-08 17:52 - 0000008 _____ () C:\ProgramData\-
2013-08-20 17:13 - 2013-08-20 17:13 - 0000000 _____ () C:\ProgramData\25263d3d42223a_c
2012-08-06 16:02 - 2012-08-06 16:02 - 0000000 _____ () C:\ProgramData\6bdb00fbc3e2a8b61e3a21542f636ae6_c
2015-04-18 23:42 - 2015-04-18 23:42 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2010-04-22 20:37 - 2010-04-22 20:37 - 0155474 ____R () C:\ProgramData\DeviceManager.xml.rc4

Some files in TEMP:
====================
C:\Users\Moni\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Moni\AppData\Local\Temp\DeltaTB.exe
C:\Users\Moni\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps0n4sd.dll
C:\Users\Moni\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Moni\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Moni\AppData\Local\Temp\InstallGenieo.exe
C:\Users\Moni\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Moni\AppData\Local\Temp\Nexus Mod Manager-0.53.5.exe
C:\Users\Moni\AppData\Local\Temp\Nexus Mod Manager-0.53.6.exe
C:\Users\Moni\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Moni\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Moni\AppData\Local\Temp\nvStInst.exe
C:\Users\Moni\AppData\Local\Temp\ochelper.exe
C:\Users\Moni\AppData\Local\Temp\ose00000.exe
C:\Users\Moni\AppData\Local\Temp\ose00001.exe
C:\Users\Moni\AppData\Local\Temp\setup.exe
C:\Users\Moni\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Moni\AppData\Local\Temp\skyrim 1.7 patch razor1911__10924_i1472443238_il595059.exe
C:\Users\Moni\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Moni\AppData\Local\Temp\tmpC803.exe
C:\Users\Moni\AppData\Local\Temp\tu17p84.exe
C:\Users\Moni\AppData\Local\Temp\UmmyVideoDownloader.exe
C:\Users\Moni\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-28 12:47

==================== End of log ============================