Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
- Ran by Moni (administrator) on MONI-PC on 25-05-2015 08:33:05
- Running from C:\Users\Moni\Desktop
- Loaded Profiles: Moni & Mcx1-MONI-PC (Available Profiles: Moni & Mcx1-MONI-PC)
- Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
- Internet Explorer Version 11 (Default browser: Chrome)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- (Microsoft Corporation) C:\Windows\System32\wlanext.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
- (Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
- (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
- (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
- (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
- () C:\Users\Moni\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
- (Microsoft Corporation) C:\Windows\System32\rundll32.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
- (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
- (TunnelBear) D:\TunnelBear\TBear.Client.exe
- (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
- (Microsoft Corporation) C:\Windows\System32\rundll32.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
- (www.BitComet.com) D:\BitComet\BitComet.exe
- (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
- (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
- (Flux Software LLC) C:\Users\Moni\AppData\Local\FluxSoftware\Flux\flux.exe
- () C:\Program Files (x86)\puush\puush.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
- () C:\ProgramData\DatacardService\HWDeviceService64.exe
- () C:\Program Files (x86)\AVG Secure Search\vprot.exe
- (MyWebSearch.com) C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE
- (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
- (TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
- (Famatech Corp.) C:\Windows\SysWOW64\rserver30\rserver3.exe
- (A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
- (Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
- (Somoto LTD) C:\Program Files (x86)\Movies App\SafetyNut\SafetyNutManager.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
- (Somoto LTD) C:\Program Files (x86)\Movies App\SafetyNut\SafetyNutManager.exe
- (Somoto LTD) C:\Program Files (x86)\Movies App\SafetyNut\safetynut.exe
- (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
- (TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
- (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
- (Wondershare) C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
- (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
- (TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe
- (TMRG, Inc.) C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe
- (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
- (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
- (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
- () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
- (Winstep Software Technologies) D:\Winstep\WsxService.exe
- (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
- (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
- (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
- (www.BitComet.com) D:\BitComet\tools\BitCometService.exe
- (Microsoft Corporation) C:\Windows\System32\alg.exe
- (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
- () D:\TunnelBear\TBear.Maintenance.exe
- () C:\ProgramData\GBox\GBox.exe
- () C:\ProgramData\OptimizerPro\OptimizerPro.exe
- () C:\ProgramData\GBox\GBox.exe
- () C:\ProgramData\OptimizerPro\OptimizerPro.exe
- () C:\ProgramData\GBox\GBox.exe
- () C:\ProgramData\OptimizerPro\OptimizerPro.exe
- () C:\ProgramData\steg\steg.exe
- () C:\ProgramData\tor\tor.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
- (Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
- (Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- () C:\Users\Moni\AppData\Local\Viber\Viber.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
- () C:\ProgramData\rkcl\rkcl.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
- (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (NVIDIA Corporation) C:\Users\Moni\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- ==================== Registry (Whitelisted) ==================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
- HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
- HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
- HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
- HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
- HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
- HKLM-x32\...\Run: [] => [X]
- HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe
- HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
- HKLM-x32\...\Run: [FileTransferForMobileGo] => C:\Program Files (x86)\Wondershare\MobileGo for Android\FileTransfer.exe [336272 2014-11-05] (Wondershare)
- HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-05-14] ()
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [AdobeBridge] => [X]
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [BitComet] => D:\BitComet\BitComet.exe [17257648 2013-12-31] (www.BitComet.com)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [f.lux] => C:\Users\Moni\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [GoogleChromeAutoLaunch_2AB7CFC998D028F823B446CEC054EA1A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-31] ()
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3328384 2015-05-10] (Echobit LLC)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Run: [Viber] => C:\Users\Moni\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {2257eafd-6170-11e1-9def-90d4fb622999} - H:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {277a4398-d264-11e1-a6fa-88ae1d83c45e} - G:\setup.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {6cc48bd8-609f-11e1-9359-cf17e4c60f9e} - H:\setup_vmb_lite.exe /checkApplicationPresence
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {6cc48cf4-609f-11e1-9359-cf17e4c60f9e} - I:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {6cc48cf8-609f-11e1-9359-cf17e4c60f9e} - H:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {79f71797-9889-11e2-a99c-88ae1d83c45e} - F:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {8e61bc57-cc08-11e1-b52a-88ae1d83c45e} - H:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {92bf2344-6171-11e1-bdce-b36dfc1a9f98} - H:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {a6db8b5f-3e02-11e1-b10b-88ae1d83c45e} - G:\setup_vmc_lite.exe /checkApplicationPresence
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {a6db8b65-3e02-11e1-b10b-88ae1d83c45e} - G:\setup_vmc_lite.exe /checkApplicationPresence
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {b3a5e9fb-39cc-11e1-a69b-88ae1d83c45e} - 0
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {befe23ab-5eca-11e1-a5a9-aa55b3fff9e0} - K:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {befe23ad-5eca-11e1-a5a9-aa55b3fff9e0} - K:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {e1d77772-fcfe-11e1-b8c8-88ae1d83c45e} - F:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {e1d7779c-fcfe-11e1-b8c8-88ae1d83c45e} - F:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {f6f9f5dd-c995-11e1-823b-88ae1d83c45e} - H:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {f6f9f5ee-c995-11e1-823b-88ae1d83c45e} - H:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {f6f9f5ff-c995-11e1-823b-88ae1d83c45e} - H:\AutoRun.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\MountPoints2: {ff4f14fa-5481-11e1-96ad-a7c08798e007} - F:\MGS2SSetup.exe
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1005\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-05-31] (AVG Secure Search)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1005\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search)
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1005\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation) <==== ATTENTION
- IFEO\bitguard.exe: [Debugger] tasklist.exe
- IFEO\bprotect.exe: [Debugger] tasklist.exe
- IFEO\bpsvc.exe: [Debugger] tasklist.exe
- IFEO\browsemngr.exe: [Debugger] tasklist.exe
- IFEO\browserdefender.exe: [Debugger] tasklist.exe
- IFEO\browsermngr.exe: [Debugger] tasklist.exe
- IFEO\browserprotect.exe: [Debugger] tasklist.exe
- IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
- IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
- IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
- IFEO\delta babylon.exe: [Debugger] tasklist.exe
- IFEO\delta tb.exe: [Debugger] tasklist.exe
- IFEO\delta2.exe: [Debugger] tasklist.exe
- IFEO\deltainstaller.exe: [Debugger] tasklist.exe
- IFEO\deltasetup.exe: [Debugger] tasklist.exe
- IFEO\deltatb.exe: [Debugger] tasklist.exe
- IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
- IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
- IFEO\iminentsetup.exe: [Debugger] tasklist.exe
- IFEO\jumpflip: [Debugger] tasklist.exe
- IFEO\protectedsearch.exe: [Debugger] tasklist.exe
- IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
- IFEO\searchinstaller.exe: [Debugger] tasklist.exe
- IFEO\searchprotection.exe: [Debugger] tasklist.exe
- IFEO\searchprotector.exe: [Debugger] tasklist.exe
- IFEO\searchsettings.exe: [Debugger] tasklist.exe
- IFEO\searchsettings64.exe: [Debugger] tasklist.exe
- IFEO\snapdo.exe: [Debugger] tasklist.exe
- IFEO\stinst32.exe: [Debugger] tasklist.exe
- IFEO\stinst64.exe: [Debugger] tasklist.exe
- IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
- IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
- IFEO\umbrella.exe: [Debugger] tasklist.exe
- IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
- IFEO\volaro: [Debugger] tasklist.exe
- IFEO\vonteera: [Debugger] tasklist.exe
- IFEO\websteroids.exe: [Debugger] tasklist.exe
- IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
- HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies App\SafetyNut\safetycrt.dll [493776 2014-12-15] ()
- HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies App\SafetyNut\x64\safetycrt.dll [669392 2014-12-15] ()
- ShellIconOverlayIdentifiers: [ 0POLinkIconDone] -> {4931EE43-90CB-4D46-A50F-474D7C5D97BE} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
- ShellIconOverlayIdentifiers: [ 1POLinkIconFailed] -> {828F1FF1-021C-4EC0-A4F8-B1BFF6390DD3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
- ShellIconOverlayIdentifiers: [ 2POLinkIconIng] -> {8AE3CBEA-8E21-4883-BFD0-925F5513F190} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
- ShellIconOverlayIdentifiers: [ 3POLinkIconProhibited] -> {DED0F1AF-0505-4FB7-83AA-C2E51FA0721F} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
- ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Moni\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
- GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
- CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
- CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://smart-homepage.blogspot.com
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112555&tt=090812_ppc_3212_1&babsrc=HP_ss&mntrId=f259e42100000000000088ae1d83c45e
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=112555&tt=090812_ppc_3212_1&babsrc=HP_ss&mntrId=f259e42100000000000088ae1d83c45e
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&home=true&tid=592
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112555&tt=090812_ppc_3212_1&babsrc=HP_ss&mntrId=f259e42100000000000088ae1d83c45e
- HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940
- URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
- URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
- URLSearchHook: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
- URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE64.dll (Spigot, Inc.)
- URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE.dll (Spigot, Inc.)
- URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - Search.com Toolbar - {BFEAF3D0-307E-4F52-B64A-AF56BABE82B5} - C:\Program Files (x86)\Search.com Toolbar\IE\6.9\searchcomToolbarIE.dll (CBS Interactive)
- URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
- URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
- URLSearchHook: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
- SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a15005-148&apn_uid=0695044213944151&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
- SearchScopes: HKLM -> {AA74FE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztA0CyEyD0E0EyEtBtCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1975286060
- SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
- SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- SearchScopes: HKLM-x32 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a15005-148&apn_uid=0695044213944151&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
- SearchScopes: HKLM-x32 -> {72015028-694F-B215-0E17-3B6E199F6EB1} URL = http://search.gboxapp.com/?q={searchTerms}
- SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
- SearchScopes: HKLM-x32 -> {AA74FE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.certified-toolbar.com?si=41460&bs=true&tid=592&q={searchTerms}
- SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztA0CyEyD0E0EyEtBtCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1975286060
- SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.gboxapp.com/?q={searchTerms}
- SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={49A57737-0BFA-11E2-BFBD-88AE1D83C45E}
- SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
- SearchScopes: HKU\.DEFAULT -> {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BASICSCAN115&keywords={searchTerms}
- SearchScopes: HKU\.DEFAULT -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = http://www.basicserve.com/?prt=BASICSERVE115&sp=&keywords={searchTerms}
- SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.gigabase.ru/search?q={searchTerms}&clid=1
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F25988AE1D83C45E&affID=128492&tsp=5264
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {1F7878FB-13DF-4E3F-9DCA-ABAC41E52ED2} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {2CF13FD9-315B-413B-A339-4A6F4CACEDB9} URL = http://t1.search.com/search?q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {33524C00-63FB-43DB-A6BF-0A4E14B24649} URL = http://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1415639473&from=wpc&uid=WDCXWD6400BEVT-22A0RT0_WD-WX71A804394043940&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = http://www.basicserve.com/?prt=bscsrvlink5&sp=&keywords={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=100&systemid=473&v=a15005-148&apn_uid=0695044213944151&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {72015028-694F-B215-0E17-3B6E199F6EB1} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=090812_ppc_3212_1&babsrc=SP_ss&mntrId=f259e42100000000000088ae1d83c45e
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={FE3E8E5F-8C14-45B8-A746-A1F784C5628E}&mid=4bcd29d8ce2147d08bb059e75b672dad-5d28af1a4b4adffb8029b0d5e95c6ecc0152629a&lang=en&ds=gm011&pr=sa&d=2012-10-03 17:05:11&v=17.1.2.1&pid=avg&sg=43&sap=dsp&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {A8BE2D8E-4604-4846-B044-6A1AC1AB1492} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {AA74FE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.gboxapp.com/?q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DzztA0CyEyD0E0EyEtBtCtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1975286060
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.gboxapp.com/?q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {BE3B0D25-D1DE-4C9C-AB62-263CE4184C59} URL = http://www.mysearchresults.com/search?c=2402&t=15&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb167/?search={searchTerms}&loc=IB_DS&a=6R8AuDGDwI&i=26
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {D32AB177-DDFA-4263-B652-3E00DC4EED28} URL = http://www.google.com/search?q={searchTerms}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={49A57737-0BFA-11E2-BFBD-88AE1D83C45E}
- SearchScopes: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> {FF2A2C0A-FD8D-42DE-B0E5-0AB0FD8CE029} URL = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=b5088342e51e45a8bd3c9740f9942153
- BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
- BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
- BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
- BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
- BHO-x32: MyWebSearch Search Assistant BHO -> {00A6FAF1-072E-44cf-8957-5838F569A31D} -> C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL [2012-03-31] (MyWebSearch.com)
- BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
- BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
- BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll [2014-11-11] (Search Results LLC.)
- BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
- BHO-x32: Staging -> {C35B7206-62EB-F808-5475-18A6FDE7DD94} -> c:\Users\All Users\dl159\159.dll [2014-11-21] ()
- BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
- BHO-x32: YTD Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE.dll [2015-03-19] (Spigot, Inc.)
- Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE64.dll [2015-03-19] (Spigot, Inc.)
- Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll [2015-05-14] (AVG Secure Search)
- Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\11.3\ytdToolbarIE.dll [2015-03-19] (Spigot, Inc.)
- Toolbar: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
- Toolbar: HKU\S-1-5-21-3181489392-1428851397-2468278675-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
- DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
- Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
- Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
- Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
- Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-14] (AVG Secure Search)
- Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
- Tcpip\Parameters: [DhcpNameServer] 89.190.192.166 89.190.192.162
- Tcpip\..\Interfaces\{1A0A3083-6DDB-42D4-87D9-10FB05FA9538}: [NameServer] 212.39.90.42 212.39.90.43
- Tcpip\..\Interfaces\{53719EE1-9E8D-4388-925A-D70C27AB7A96}: [NameServer] 211.162.78.1,211.162.78.2
- Tcpip\..\Interfaces\{78EB48DC-3FFE-4ED5-9975-15EB8E31727D}: [NameServer] 212.39.90.42 212.39.90.43
- FireFox:
- ========
- FF ProfilePath: C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\cokd9nus.default-1427527468806
- FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
- FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
- FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-04-13] (Oracle Corporation)
- FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
- FF Plugin: @microsoft.com/GENUINE -> disabled No File
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
- FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
- FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
- FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
- FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
- FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
- FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-27] (Google)
- FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
- FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
- FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
- FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll [2012-03-31] (MyWebSearch.com)
- FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll [2012-04-11] ( )
- FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
- FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
- FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-05] (Pando Networks)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
- FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
- FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-695ea9f5bdba4fec\\NPRobloxProxy.dll No File
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Moni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Moni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-07-02] (Google)
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @talk.google.com/O1DPlugin -> C:\Users\Moni\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-07-02] (Google)
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @talk.google.com/O3DPlugin -> C:\Users\Moni\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-02] ()
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Moni\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Moni\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Moni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-21] (Unity Technologies ApS)
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: facebook.com/fbDesktopPlugin -> C:\Users\Moni\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-05] (Pando Networks)
- FF Plugin HKU\S-1-5-21-3181489392-1428851397-2468278675-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Users\Moni\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-02] (Google)
- FF Plugin ProgramFiles/Appdata: C:\Users\Moni\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-02] ()
- FF Plugin ProgramFiles/Appdata: C:\Users\Moni\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-02] (Google)
- FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2014-12-21]
- FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2014-09-02]
- FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-10]
- FF Extension: MP3Tube Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com [2014-07-22]
- FF Extension: BasicScan - C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} [2014-07-22]
- FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-22]
- FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-22]
- FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2014-07-22]
- FF Extension: BasicServe - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} [2014-07-22]
- FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
- FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
- FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\2.bin
- FF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\2.bin [2012-03-31]
- FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
- FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
- FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
- FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
- FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-09-02]
- FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
- FF Extension: Smiley Bar for Facebook - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012-12-16]
- FF HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
- FF HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
- FF HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
- FF Extension: Special Savings - C:\Users\Moni\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2012-12-16]
- FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
- Chrome:
- =======
- CHR HomePage: Default -> hxxp://www.google.com/
- CHR StartupUrls: Default -> "https://www.google.bg/", "https://www.youtube.com/?feature=ytca"
- CHR Profile: C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (Magic Actions for YouTube™) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-03-20]
- CHR Extension: (Google Drive) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-24]
- CHR Extension: (Please enter your password) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-01-22]
- CHR Extension: (Ultron Browser NewTab Page) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bokdjpogohejegnkmlijjnfohcbcifkk [2015-03-15]
- CHR Extension: (Gom VPN - Bypass blocked sites) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2015-03-26]
- CHR Extension: (Tampermonkey) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-03-19]
- CHR Extension: (YouTube mp3) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena [2015-03-31]
- CHR Extension: (Gom VPN - App to bypass blocked sites) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\eelphgpfmjhndihoopgadghfonahifel [2015-03-26]
- CHR Extension: (TickTick - Todo & Task List) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\eempgbpnkjnacmilmobpbhbfpdjdcpgd [2015-01-22]
- CHR Extension: (Conversor de Medidas) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiicdapcioonpclifmhmcnhhdegnpke [2015-01-22]
- CHR Extension: (Bookmark Manager) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02]
- CHR Extension: (SoundCloud) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-01-22]
- CHR Extension: (Ultron Browser) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfldicokfdgaipmlmfghjfhkaijlpcoi [2015-03-15]
- CHR Extension: (Hangouts) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-01-22]
- CHR Extension: (Turn Off the Lights) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2015-01-22]
- CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
- CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-29]
- CHR Extension: (Facebook Messenger) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-01-26]
- CHR Extension: (Google Wallet) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-19]
- CHR Extension: (Hover Zoom) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-03-15]
- CHR Extension: (dotEPUB) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm [2015-01-22]
- CHR Extension: (Click&Clean App) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-03-15]
- CHR Extension: (Ambient Aurea) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa [2015-03-20]
- CHR Profile: C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1
- CHR Extension: (Movies Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic [2015-01-22]
- CHR Extension: (Ask Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaamnjcfigiihfpfilaaiifgdgfogcg [2015-01-22]
- CHR Extension: (Google Slides) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
- CHR Extension: (SpecialSavings.com) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel [2015-01-22]
- CHR Extension: (Google Docs) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
- CHR Extension: (Google Drive) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
- CHR Extension: (Funmoods) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2015-01-22]
- CHR Extension: (Bcool) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkimjmdklbhkpnpknanflhneggbkhncj [2015-01-22]
- CHR Extension: (YouTube) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
- CHR Extension: (Google Search) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
- CHR Extension: (DownTango Launcher Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejdabpabkmacjiiooccecnpakonoibah [2015-01-22]
- CHR Extension: (Google Sheets) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
- CHR Extension: (Smiley Bar for Facebook) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgojaaaiddhmiiakpejiklijbalpckih [2015-01-22]
- CHR Extension: (SweetIM for Facebook) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2015-01-22]
- CHR Extension: (Select Links App) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhhjnhpfgnffpcjncnmkfiahofahoihh [2015-01-22]
- CHR Extension: (New tab for Chrome™) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2015-01-22]
- CHR Extension: (DefaultTab) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2015-01-22]
- CHR Extension: (Skype Click to Call) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-22]
- CHR Extension: (AVG Security Toolbar) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-01-22]
- CHR Extension: (Google Wallet) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
- CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2015-01-22]
- CHR Extension: (DealPly Shopping) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn [2015-01-22]
- CHR Extension: (Sense) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2015-01-23]
- CHR Extension: (GoPhoto.it) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2015-01-22]
- CHR Extension: (Gmail) - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
- CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Moni\AppData\Local\funmoods.crx [2012-08-29]
- CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
- CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Moni\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-24]
- CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Moni\AppData\Local\funmoods.crx [2012-08-29]
- CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - http://clients2.google.com/service/update2/crx
- CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [Not Found]
- CHR HKU\S-1-5-21-3181489392-1428851397-2468278675-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
- CHR HKLM-x32\...\Chrome\Extension: [aaaaimdcedbpbcjjbbnfcbbjcngmomic] - C:\Users\Moni\AppData\Local\somotomoviestoolbar1\GC\toolbar.crx [2013-08-19]
- CHR HKLM-x32\...\Chrome\Extension: [aaaamnjcfigiihfpfilaaiifgdgfogcg] - C:\Users\Moni\AppData\Local\APN\GoogleCRXs\aaaamnjcfigiihfpfilaaiifgdgfogcg_7.17.2.0.crx [2013-02-01]
- CHR HKLM-x32\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\Moni\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx [2012-08-19]
- CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Moni\AppData\Local\funmoods.crx [2012-08-29]
- CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Surf Canyon\surfcanyon.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Moni\AppData\Local\Temp\ccex.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [bkimjmdklbhkpnpknanflhneggbkhncj] - C:\ProgramData\Bcool\bkimjmdklbhkpnpknanflhneggbkhncj.crx [2012-08-06]
- CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [ejdabpabkmacjiiooccecnpakonoibah] - C:\Program Files (x86)\DownTangoLauncherToolbar\chrome\DownTangoLauncherToolbar.crx [2012-09-11]
- CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Moni\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Moni\AppData\Roaming\StatusWinks\statuswinks.crx [2012-10-11]
- CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-10-01]
- CHR HKLM-x32\...\Chrome\Extension: [jhhjnhpfgnffpcjncnmkfiahofahoihh] - C:\Program Files (x86)\OApps\chrome-sl.crx [2013-07-13]
- CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-07-29]
- CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-12]
- CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
- CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [Not Found]
- CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
- CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-10-01]
- CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx [2012-07-31]
- CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader11.crx [Not Found]
- Opera:
- =======
- OPR Extension: (SavePass) - C:\Users\Moni\AppData\Roaming\Opera Software\Opera Stable\Extensions\eoakcjefpghelmgacocefhiniapndeoo [2014-07-29]
- OPR Extension: (Adblock Plus) - C:\Users\Moni\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-08-04]
- ==================== Services (Whitelisted) =================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-18] () []
- R3 BITCOMET_HELPER_SERVICE; D:\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
- R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
- R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
- R2 DefaultTabUpdate; C:\Users\Moni\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-07-13] () []
- S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-05-10] (Echobit LLC)
- R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [3906048 2014-11-10] () [] <==== ATTENTION
- R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake) []
- R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
- R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
- S2 ldr; C:\ProgramData\rkcl\ldr.exe [105984 2015-05-25] () []
- R2 MyWebSearchService; C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE [34320 2012-03-31] (MyWebSearch.com)
- S4 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [204304 2012-04-11] (Nitro PDF Software)
- R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
- R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
- S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-19] (Electronic Arts)
- R2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [186136 2013-08-17] (TMRG, Inc.) <==== ATTENTION
- S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
- R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1154752 2012-12-19] (Famatech Corp.)
- R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) []
- R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-02-21] (Razer, Inc.)
- R2 SafetyNutManager; C:\Program Files (x86)\Movies App\SafetyNut\SafetyNutManager.exe [3574480 2014-12-15] (Somoto LTD)
- R4 steg; C:\ProgramData\steg\steg.exe [4079104 2015-05-20] () []
- R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [392984 2014-04-13] (Tlapia)
- S2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [394520 2014-04-13] (Tlapia)
- S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)
- R3 TunnelBearMaintenance; D:\TunnelBear\TBear.Maintenance.exe [26048 2014-07-05] ()
- R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) []
- S4 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [655712 2012-09-15] ()
- S4 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2010-04-28] (Vodafone) []
- R2 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-14] (AVG Secure Search)
- R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
- R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
- R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
- S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
- S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
- R2 Winstep Xtreme Service; D:\Winstep\WsxService [X]
- ==================== Drivers (Whitelisted) ====================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
- R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-21] (DT Soft Ltd)
- R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-01-24] (Echobit, LLC)
- R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Movies App\SafetyNut\x64\configmgrc3.cfg [46160 2014-12-15] (Somoto LTD)
- S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
- S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [224768 2012-09-15] (Huawei Technologies Co., Ltd.)
- S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
- S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
- R3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
- R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
- R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
- R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
- R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
- R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [71576 2012-12-19] (Famatech Corp.)
- S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
- S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-02-21] (Razer, Inc.)
- R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2014-02-21] (Razer, Inc.)
- R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
- S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [108072 2007-11-02] (MCCI Corporation)
- S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [19496 2007-11-02] (MCCI Corporation)
- S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [145448 2007-11-02] (MCCI Corporation)
- S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [33832 2007-11-02] (MCCI Corporation)
- S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [124968 2007-11-02] (MCCI Corporation)
- S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [138792 2007-11-02] (MCCI)
- S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek)
- R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [39168 2014-06-17] (The OpenVPN Project)
- U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
- S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
- S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) []
- S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
- S1 aydcepjb; \??\C:\Windows\system32\drivers\aydcepjb.sys [X]
- S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
- S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
- S1 tibhfuuh; \??\C:\Windows\system32\drivers\tibhfuuh.sys [X]
- S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [X]
- S1 udkhquam; \??\C:\Windows\system32\drivers\udkhquam.sys [X]
- S3 VGPU; System32\drivers\rdvgkmd.sys [X]
- S3 X6va006; \??\C:\Users\Moni\AppData\Local\Temp\0066667.tmp [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-05-25 08:33 - 2015-05-25 08:35 - 00068076 _____ () C:\Users\Moni\Desktop\FRST.txt
- 2015-05-25 08:32 - 2015-05-25 08:33 - 00000000 ____D () C:\FRST
- 2015-05-25 08:32 - 2015-05-25 08:31 - 02108416 _____ (Farbar) C:\Users\Moni\Desktop\FRST64.exe
- 2015-05-25 08:31 - 2015-05-25 08:31 - 02108416 _____ (Farbar) C:\Users\Moni\Downloads\FRST64.exe
- 2015-05-25 08:21 - 2015-05-25 08:21 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
- 2015-05-25 08:21 - 2015-05-25 08:21 - 00000000 ____D () C:\Program Files\Unlocker
- 2015-05-25 08:18 - 2015-05-25 08:20 - 01078591 _____ () C:\Users\Moni\Downloads\Unlocker1.9.2.exe
- 2015-05-25 08:17 - 2015-05-25 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
- 2015-05-25 00:02 - 2015-05-25 00:22 - 00000000 ____D () C:\ProgramData\rkcl
- 2015-05-23 11:17 - 2015-05-23 11:17 - 00575510 _____ () C:\Users\Moni\Downloads\JaYamxM.mp4
- 2015-05-22 15:46 - 2015-05-22 19:26 - 00000000 ____D () C:\Users\Moni\Desktop\NVO MAT
- 2015-05-20 19:35 - 2015-05-20 19:35 - 00000062 ____H () C:\Users\Moni\Downloads\.picasa.ini
- 2015-05-20 15:59 - 2015-05-20 16:29 - 00000000 ____D () C:\Users\Moni\Desktop\NVO
- 2015-05-20 14:48 - 2015-05-25 00:03 - 00000000 ____D () C:\ProgramData\steg
- 2015-05-20 14:48 - 2015-05-20 14:48 - 00000000 ____D () C:\ProgramData\tor
- 2015-05-18 23:26 - 2015-05-18 23:26 - 00093077 _____ () C:\Users\Moni\Downloads\preview_image
- 2015-05-18 22:00 - 2015-05-18 22:00 - 00000000 ____D () C:\Users\Moni\Tracing
- 2015-05-18 21:55 - 2015-05-18 21:55 - 00000000 ____D () C:\ProgramData\Digger
- 2015-05-14 11:43 - 2015-05-14 11:43 - 00001794 _____ () C:\Users\Moni\Desktop\испански.txt
- 2015-05-12 08:42 - 2015-05-12 09:00 - 72390124 _____ () C:\Users\Moni\Downloads\cm12.1_golden.nova.20150510.zip
- 2015-05-12 08:14 - 2015-05-12 08:24 - 34391673 _____ () C:\Users\Moni\Downloads\cm12.0_golden.nova.20150131 (2).zip
- 2015-05-11 22:59 - 2015-05-11 23:17 - 73061212 _____ () C:\Users\Moni\Downloads\cm12.0_golden.nova.20150131 (1).zip
- 2015-05-11 22:17 - 2015-05-11 22:17 - 130498368 _____ () C:\Users\Moni\Desktop\cm12.0_golden.nova.20150131.zip
- 2015-05-11 21:47 - 2015-05-11 22:17 - 130498368 _____ () C:\Users\Moni\Downloads\cm12.0_golden.nova.20150131.zip
- 2015-05-11 21:44 - 2015-05-11 21:43 - 229325307 _____ () C:\Users\Moni\Desktop\pa_gapps-modular-mini-5.0.1-RC3-20150201-signed.zip
- 2015-05-11 21:34 - 2015-05-11 21:43 - 229325307 _____ () C:\Users\Moni\Downloads\pa_gapps-modular-mini-5.0.1-RC3-20150201-signed.zip
- 2015-05-11 21:13 - 2015-05-11 21:13 - 08693820 _____ () C:\Users\Moni\Desktop\GT-I8190_TWRP_2.8.1.0.tar.md5
- 2015-05-11 21:12 - 2015-05-11 21:13 - 08693820 _____ () C:\Users\Moni\Downloads\GT-I8190_TWRP_2.8.1.0.tar.md5
- 2015-05-11 20:43 - 2015-05-11 20:47 - 00000000 ____D () C:\Users\Moni\Desktop\ъхъ
- 2015-05-11 20:12 - 2015-05-11 20:12 - 00002587 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
- 2015-05-11 20:09 - 2015-05-11 20:10 - 27024112 _____ (Microsoft Corporation) C:\Users\Moni\Downloads\PowerPointViewer.exe
- 2015-05-11 20:09 - 2015-05-11 20:09 - 00755056 _____ (Program Application software ) C:\Users\Moni\Downloads\Malavida_Download_Manager.exe
- 2015-05-11 19:54 - 2015-05-25 00:09 - 00405796 _____ () C:\Users\Moni\Downloads\ИНСТРУКТАЖ_ЗА_УЧЕНИКА.ppt
- 2015-05-10 21:51 - 2015-05-10 21:51 - 00000800 _____ () C:\Users\Moni\Desktop\thissoundslikeroleplaygonewrongplshalp.txt
- 2015-05-10 19:01 - 2015-05-10 19:06 - 00000880 _____ () C:\Users\Moni\Desktop\uhu.txt
- 2015-05-10 16:23 - 2015-05-10 16:23 - 00000000 ____D () C:\Windows\pss
- 2015-05-08 22:02 - 2015-05-08 22:02 - 00002143 _____ () C:\Users\Moni\Desktop\FLV Player.lnk
- 2015-05-03 20:05 - 2015-05-03 20:05 - 00000600 _____ () C:\Users\Moni\Desktop\Kerbal Space Program.lnk
- 2015-05-03 20:05 - 2015-05-03 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program
- 2015-05-03 13:48 - 2015-05-04 20:43 - 00000000 ____D () C:\Users\Moni\Desktop\100CANON
- 2015-04-27 19:59 - 2015-04-27 19:59 - 00000000 ____D () C:\Users\Moni\AppData\Local\openvr
- 2015-04-27 09:13 - 2015-04-27 09:13 - 00664645 _____ () C:\Users\Moni\Downloads\lia.rar
- 2015-04-27 09:13 - 2015-04-27 09:13 - 00664645 _____ () C:\Users\Moni\Desktop\lia.rar
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-05-25 08:34 - 2014-10-12 23:40 - 00000000 ___RD () C:\Users\Moni\Desktop\Избори
- 2015-05-25 08:31 - 2012-06-14 13:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
- 2015-05-25 08:30 - 2013-12-25 22:30 - 00000294 _____ () C:\Windows\Tasks\Dealply.job
- 2015-05-25 08:29 - 2011-12-28 03:52 - 01933818 _____ () C:\Windows\WindowsUpdate.log
- 2015-05-25 08:15 - 2011-12-27 19:47 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Skype
- 2015-05-25 07:46 - 2014-02-14 09:46 - 00000296 _____ () C:\Windows\Tasks\Funmoods.job
- 2015-05-25 07:42 - 2012-08-02 16:15 - 00000000 ____D () C:\Users\Moni\AppData\Local\CrashDumps
- 2015-05-25 07:39 - 2012-04-05 21:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2015-05-25 07:36 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\tracing
- 2015-05-25 07:01 - 2012-12-01 23:15 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3181489392-1428851397-2468278675-1000UA.job
- 2015-05-25 03:56 - 2014-01-29 22:56 - 00001544 _____ () C:\Windows\Tasks\Apps Hat Mini-updater.job
- 2015-05-25 03:56 - 2014-01-29 22:55 - 00001372 _____ () C:\Windows\Tasks\Apps Hat Mini-enabler.job
- 2015-05-25 03:55 - 2014-01-29 22:55 - 00002676 _____ () C:\Windows\Tasks\Apps Hat Mini-firefoxinstaller.job
- 2015-05-25 03:55 - 2014-01-29 22:55 - 00001494 _____ () C:\Windows\Tasks\Apps Hat Mini-codedownloader.job
- 2015-05-25 03:54 - 2014-01-29 22:54 - 00002166 _____ () C:\Windows\Tasks\Apps Hat Mini-chromeinstaller.job
- 2015-05-25 03:29 - 2014-12-21 18:28 - 00000000 ____D () C:\ProgramData\SafetyNut
- 2015-05-25 00:09 - 2015-02-07 00:22 - 01062660 _____ () C:\Users\Moni\Downloads\youtube-channel-art-template.psd
- 2015-05-24 22:39 - 2012-04-05 21:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2015-05-24 21:54 - 2014-05-31 12:36 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
- 2015-05-24 21:40 - 2014-12-08 21:46 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\ViberPC
- 2015-05-24 21:36 - 2014-12-08 21:44 - 00000000 ____D () C:\Users\Moni\AppData\Local\Viber
- 2015-05-24 21:29 - 2012-12-27 16:16 - 00000464 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
- 2015-05-24 21:26 - 2012-04-01 19:12 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3181489392-1428851397-2468278675-1000Core.job
- 2015-05-23 11:43 - 2015-01-18 17:03 - 00024420 _____ () C:\Windows\setupact.log
- 2015-05-22 19:41 - 2014-01-19 19:27 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
- 2015-05-22 19:01 - 2012-12-01 23:15 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3181489392-1428851397-2468278675-1000Core.job
- 2015-05-22 14:38 - 2009-07-14 08:13 - 00795754 _____ () C:\Windows\system32\PerfStringBackup.INI
- 2015-05-20 16:05 - 2012-08-02 13:15 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\vlc
- 2015-05-20 14:48 - 2015-01-08 17:55 - 00002676 _____ () C:\Windows\SysWOW64\uhawedgipsy.bin
- 2015-05-20 01:54 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2015-05-20 01:54 - 2009-07-14 07:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2015-05-19 07:47 - 2014-06-19 18:30 - 00000000 ____D () C:\Program Files (x86)\Opera
- 2015-05-18 22:34 - 2012-04-05 21:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
- 2015-05-18 22:34 - 2012-04-05 21:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
- 2015-05-18 22:18 - 2014-08-04 14:34 - 00000000 ____D () C:\Users\Moni\AppData\Local\HockeyCrashes
- 2015-05-18 22:00 - 2011-12-27 17:57 - 00000000 ____D () C:\Users\Moni
- 2015-05-18 21:58 - 2011-12-27 19:43 - 00000000 ____D () C:\ProgramData\Skype
- 2015-05-18 21:57 - 2011-12-27 19:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
- 2015-05-18 21:54 - 2014-11-07 22:01 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
- 2015-05-18 21:54 - 2012-02-05 14:02 - 00000430 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
- 2015-05-18 21:51 - 2013-09-01 11:38 - 00028723 _____ () C:\autoupdate.log
- 2015-05-18 21:50 - 2014-09-24 20:28 - 00000000 ___RD () C:\Users\Moni\Google Drive
- 2015-05-18 21:45 - 2015-01-24 20:01 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
- 2015-05-18 21:45 - 2014-11-10 20:10 - 00000474 ____H () C:\Windows\Tasks\SW-Booster-S-792098896.job
- 2015-05-18 21:45 - 2013-06-07 20:29 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
- 2015-05-18 21:45 - 2013-05-31 18:26 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
- 2015-05-18 21:45 - 2012-08-06 18:43 - 00000324 ____H () C:\Windows\Tasks\GBoxUpdaterTask{E6BD1590-5E1B-4B65-8E94-FB1A09A03187}.job
- 2015-05-18 21:45 - 2012-08-06 18:42 - 00000372 ____H () C:\Windows\Tasks\OptimizerProUpdaterTask{48D49302-3060-4DE8-8D92-7DB9614AB643}.job
- 2015-05-18 21:44 - 2011-12-27 19:23 - 00000000 ____D () C:\ProgramData\NVIDIA
- 2015-05-18 21:44 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
- 2015-05-18 21:43 - 2010-11-21 06:47 - 24024386 _____ () C:\Windows\PFRO.log
- 2015-05-14 20:41 - 2012-10-03 17:05 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
- 2015-05-14 10:48 - 2014-06-17 21:22 - 00000000 ____D () C:\Program Files (x86)\Steam
- 2015-05-11 20:12 - 2015-03-11 13:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
- 2015-05-11 20:10 - 2014-09-22 12:21 - 00000000 ____D () C:\Program Files (x86)\MSECache
- 2015-05-11 20:00 - 2015-04-11 23:07 - 00000000 ____D () C:\Users\Moni\AppData\Local\Adobe
- 2015-05-11 20:00 - 2014-10-11 20:03 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Adobe
- 2015-05-10 16:27 - 2015-02-18 12:34 - 00000000 ____D () C:\Users\Moni\AppData\Local\Spotify
- 2015-05-10 15:51 - 2015-03-11 13:31 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\PolarisOfficeLink
- 2015-05-10 15:21 - 2015-02-18 12:32 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Spotify
- 2015-05-10 15:07 - 2014-09-24 19:58 - 00000000 ___RD () C:\Users\Moni\Dropbox
- 2015-05-10 15:07 - 2014-09-24 19:34 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Dropbox
- 2015-05-10 15:06 - 2014-09-24 19:40 - 00000000 ____D () C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
- 2015-05-10 14:46 - 2015-03-11 13:38 - 00000000 ___RD () C:\Users\Moni\Documents\Polaris Office
- 2015-05-10 14:44 - 2015-04-18 23:49 - 00000000 ____D () C:\Users\Moni\.VirtualBox
- 2015-05-08 22:02 - 2013-10-27 20:44 - 00000000 ____D () C:\Users\Moni\AppData\Local\WebPlayer
- 2015-05-08 21:49 - 2015-03-15 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
- 2015-05-04 22:47 - 2013-08-22 15:45 - 00000000 ___RD () C:\Users\Moni\Desktop\Pack_Memes_YgorTutoriais
- 2015-05-04 22:35 - 2012-08-02 16:13 - 00000000 ____D () C:\Users\Moni\Documents\Quobi
- 2015-04-27 12:49 - 2012-09-02 22:09 - 00000000 ____D () C:\BDS
- ==================== Files in the root of some directories =======
- 2013-08-15 17:00 - 2013-08-16 13:37 - 0000132 ____H () C:\Users\Moni\AppData\Roaming\Adobe BMP Format CS6 Prefs
- 2013-03-14 11:15 - 2015-02-16 11:14 - 0000132 ____H () C:\Users\Moni\AppData\Roaming\Adobe PNG Format CS6 Prefs
- 2014-04-12 17:23 - 2014-04-12 16:45 - 0012005 ____H () C:\Users\Moni\AppData\Roaming\alsoft.ini
- 2014-10-03 16:09 - 2014-10-03 16:30 - 0000097 _____ () C:\Users\Moni\AppData\Roaming\LauncherSettings_live.cfg
- 2012-12-10 17:40 - 2012-12-10 17:40 - 0000000 ____H () C:\Users\Moni\AppData\Roaming\Made
- 2013-07-18 12:05 - 2013-08-13 10:40 - 0034816 ____H () C:\Users\Moni\AppData\Roaming\RZR_0010d58440a58281ec18ff3bf48c.db
- 2014-02-21 20:34 - 2014-04-08 20:33 - 0034816 ____H () C:\Users\Moni\AppData\Roaming\RZR_002065a748f9a23a54a46efc5796.db
- 2014-10-03 16:19 - 2014-10-03 16:20 - 0008144 _____ () C:\Users\Moni\AppData\Roaming\TheHunterSettings_live.bin
- 2014-10-03 16:12 - 2014-10-03 16:12 - 0000039 _____ () C:\Users\Moni\AppData\Roaming\TheHunterSettings_steam_live.cfg
- 2013-07-21 11:07 - 2013-07-21 11:07 - 0021541 ____H () C:\Users\Moni\AppData\Roaming\UserTile.png
- 2013-09-13 22:04 - 2014-03-20 12:30 - 0000175 ____H () C:\Users\Moni\AppData\Roaming\WB.CFG
- 2013-08-13 20:05 - 2013-08-13 20:06 - 0011220 ___RH () C:\Users\Moni\AppData\Local\CleanupUninstall.txt
- 2012-03-13 22:36 - 2015-01-05 17:09 - 0027648 ___RH () C:\Users\Moni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
- 2012-08-29 13:25 - 2012-08-29 13:24 - 0031465 ___RH () C:\Users\Moni\AppData\Local\funmoods.crx
- 2012-01-14 00:07 - 2012-01-14 00:07 - 0000092 ___RH () C:\Users\Moni\AppData\Local\fusioncache.dat
- 2014-01-05 23:31 - 2014-01-05 23:31 - 0000000 __RSH () C:\Users\Moni\AppData\Local\LumaEmu
- 2013-07-02 19:46 - 2014-06-20 18:25 - 0007645 ___RH () C:\Users\Moni\AppData\Local\Resmon.ResmonCfg
- 2015-01-08 17:52 - 2015-01-08 17:52 - 0000008 _____ () C:\ProgramData\-
- 2013-08-20 17:13 - 2013-08-20 17:13 - 0000000 _____ () C:\ProgramData\25263d3d42223a_c
- 2012-08-06 16:02 - 2012-08-06 16:02 - 0000000 _____ () C:\ProgramData\6bdb00fbc3e2a8b61e3a21542f636ae6_c
- 2015-04-18 23:42 - 2015-04-18 23:42 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
- 2010-04-22 20:37 - 2010-04-22 20:37 - 0155474 ____R () C:\ProgramData\DeviceManager.xml.rc4
- Some files in TEMP:
- ====================
- C:\Users\Moni\AppData\Local\Temp\BI_RunOnce.exe
- C:\Users\Moni\AppData\Local\Temp\DeltaTB.exe
- C:\Users\Moni\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps0n4sd.dll
- C:\Users\Moni\AppData\Local\Temp\FLVPlayerSetup.exe
- C:\Users\Moni\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
- C:\Users\Moni\AppData\Local\Temp\InstallGenieo.exe
- C:\Users\Moni\AppData\Local\Temp\jre-8u40-windows-au.exe
- C:\Users\Moni\AppData\Local\Temp\Nexus Mod Manager-0.53.5.exe
- C:\Users\Moni\AppData\Local\Temp\Nexus Mod Manager-0.53.6.exe
- C:\Users\Moni\AppData\Local\Temp\nvSCPAPI.dll
- C:\Users\Moni\AppData\Local\Temp\nvSCPAPI64.dll
- C:\Users\Moni\AppData\Local\Temp\nvStInst.exe
- C:\Users\Moni\AppData\Local\Temp\ochelper.exe
- C:\Users\Moni\AppData\Local\Temp\ose00000.exe
- C:\Users\Moni\AppData\Local\Temp\ose00001.exe
- C:\Users\Moni\AppData\Local\Temp\setup.exe
- C:\Users\Moni\AppData\Local\Temp\SkypeSetup.exe
- C:\Users\Moni\AppData\Local\Temp\skyrim 1.7 patch razor1911__10924_i1472443238_il595059.exe
- C:\Users\Moni\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
- C:\Users\Moni\AppData\Local\Temp\tmpC803.exe
- C:\Users\Moni\AppData\Local\Temp\tu17p84.exe
- C:\Users\Moni\AppData\Local\Temp\UmmyVideoDownloader.exe
- C:\Users\Moni\AppData\Local\Temp\Uninstall.exe
- ==================== Bamital & volsnap Check =================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\System32\winlogon.exe => File is digitally signed
- C:\Windows\System32\wininit.exe => File is digitally signed
- C:\Windows\SysWOW64\wininit.exe => File is digitally signed
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\SysWOW64\explorer.exe => File is digitally signed
- C:\Windows\System32\svchost.exe => File is digitally signed
- C:\Windows\SysWOW64\svchost.exe => File is digitally signed
- C:\Windows\System32\services.exe => File is digitally signed
- C:\Windows\System32\User32.dll => File is digitally signed
- C:\Windows\SysWOW64\User32.dll => File is digitally signed
- C:\Windows\System32\userinit.exe => File is digitally signed
- C:\Windows\SysWOW64\userinit.exe => File is digitally signed
- C:\Windows\System32\rpcss.dll => File is digitally signed
- C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2015-03-28 12:47
- ==================== End of log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement