MyCity » Ambulanta -> Arhiva Ambulante » Usporen tempo

Usporen tempo

Napisano na dan: 24.2.2015

Strana:
1
2

Usporen tempo

Sledeća strana

Pagination

Odgovori

Strana:
1
2

TheChains Poslao: 24 Feb 2015 17:31 Idi na vrh
offline TheChains Zaslužni građanin Absolut Gut Pridružio: 13 Avg 2012 Poruke: 561 Gde živiš: Atakama	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. detaljan opis problema; Usporen dosta tempo računara, pali se znatno duže i znatno duže treba mu da se osvesti pa da počne sa radom. 2. postavljanje dijagnostičkog izveštaja (log-a, logfile-a); Imam problem, prilikom pokretanja FIRST programa, naime izbacuje ovo. Nisam se susretao sa ovim. Šta je loše krenulo?

Profil

Sass Drake Poslao: 24 Feb 2015 17:47 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini opet FRST pa probaj onda da ga pokreneš.

Profil

TheChains Poslao: 24 Feb 2015 17:51 Idi na vrh
offline TheChains Zaslužni građanin Absolut Gut Pridružio: 13 Avg 2012 Poruke: 561 Gde živiš: Atakama	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probao par puta i sada. Ne, ne želi da saradjuje..

Profil

Sass Drake Poslao: 24 Feb 2015 21:42 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probajmo onda ovako: Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop. Zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sljedeći tekst: `process; startupall; drivers-services-list; skipfix-iedefaults; firefoxlook; chromelook; filesrcm;` Klikni na dugme i pričekaj da se skeniranje završi. Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju. Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadržaj tog loga u poruku.

Profil

TheChains Poslao: 25 Feb 2015 13:55 Idi na vrh
offline TheChains Zaslužni građanin Absolut Gut Pridružio: 13 Avg 2012 Poruke: 561 Gde živiš: Atakama	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Došlo je do nekog vremenskog perioda skeniranja i izašlo ovo. To što je skeniralo, vidi se u logu do prekida. Zoek.exe v5.0.0.0 Updated 24-February-2015 Tool run by prle on sre 25.02.2015 at 13:47:52,90. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\prle\Downloads\zoek.scr [Scan all users] [Script inserted] ==== System Restore Info ====================== 25.2.2015 13:49:00 Zoek.exe System Restore Point Created Succesfully. ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Stardock\WindowBlinds\wbsrv.exe C:\Program Files\Stardock\WindowBlinds\WBCore.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\MyPC Backup\BackupStack.exe C:\Program Files\BlueStacks\HD-LogRotatorService.exe C:\Program Files\BlueStacks\HD-UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\KMSpico v9 3 2.exe C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv ==== Services(whitelist) ====================== Powered by E Dev R2 - [591fc86d] - BocaFunc - files\bocafunc\bocafunc.dll [x] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe R2 - [BackupStack] - Computer Backup (MyPC Backup) - c:\program files\mypc backup\backupstack.exe R2 - [BstHdLogRotatorSvc] - BlueStacks Log Rotator Service - c:\program files\bluestacks\hd-logrotatorservice.exe R2 - [BstHdUpdaterSvc] - BlueStacks Updater Service - c:\program files\bluestacks\hd-updaterservice.exe R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files\nvidia corporation\nvidia update core\daemonu.exe R2 - [WindowBlinds] - Stardock WindowBlinds - c:\program files\stardock\windowblinds\wbsrv.exe R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe R2 - [WMPNetworkSvc] - Usluga deljenja putem mreže za Windows Media Player - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe R3 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S2 - [BstHdAndroidSvc] - BlueStacks Android Service - c:\program files\bluestacks\hd-service.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe S2 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe S2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Faks - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe S3 - [IDriverT] - InstallDriver Table Manager - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [NBService] - NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [SwitchBoard] - SwitchBoard - c:\program files\common files\adobe\switchboard\switchboard.exe S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [WatAdminSvc] - Usluga tehnologije aktivacije operativnog sistema Windows - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe ==== Drivers(whitelist) ====================== Powered by E Dev R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys R0 - [Mup] - MUP - C:\Windows\system32\Drivers\Mup.sys R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys R0 - [nvstor] - nvstor - C:\Windows\system32\Drivers\nvstor.sys R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys R0 - [sptd] - sptd - C:\Windows\system32\Drivers\sptd.sys R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x] R0 - [Tcpip] - Upravljački program TCP/IP protokola - C:\Windows\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys R0 - [vmbus] - Virtual Machine Bus - C:\Windows\system32\Drivers\vmbus.sys R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys R1 - [tdx] - NetIO TDI upravljačkog programa podrške koji je zastareo - C:\Windows\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\prle\AppData\Local\Temp ==== 2015-02-24 16:58:12 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\97E0\temp\Windows 7 Ultimate (zabranjeno) Genuine Activator.exe 2015-02-24 16:58:09 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\B0A0.exe 2015-02-24 16:39:05 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\EB78\temp\Widows7Activator.exe 2015-02-24 16:39:03 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\A6E8.exe 2015-02-24 16:33:11 A6E07514B5E33C415E47ED57D1863196 331776 ----a-w- C:\Users\prle\AppData\Local\Temp\eauninstall.exe 2015-02-24 13:10:03 264637E9B0BC6C5C592DB2F1ABD8B6D4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\14F4.exe 2015-02-23 20:46:36 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\68F0\temp\KMSpico v9 3 2.exe 2015-02-23 20:46:33 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\44C0\temp\KMSpico v9 3 2.exe 2015-02-23 20:46:31 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\13D0.exe 2015-02-23 20:46:30 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\7E80.exe 2015-02-23 20:46:29 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\DF70.exe 2015-02-23 18:30:21 BCBA8747AB53932F8613C006444078E9 297672 ----a-w- C:\Users\prle\AppData\Local\Temp\OnlineBackup.exe 2015-02-23 18:23:50 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\C598.exe ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-02-12 22:12:11 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\Windows\System32\jscript9diag.dll 2015-02-12 22:12:10 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\Windows\System32\jscript9.dll ====== C:\Windows\system32\drivers ===== 2015-02-11 04:52:34 F516F1167EFBBC5ABC90687C94497869 369968 ----a-w- C:\Windows\System32\drivers\cng.sys 2015-02-11 04:52:34 EF88BAC2B489D9C46F4E41ACF0219CD0 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-02-11 04:52:34 49D70660EE8266988C1F99A0297A1430 136640 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-24 16:41:20 -------- d-----w- C:\Program Files\BocaFunc 2015-02-24 13:12:00 -------- d-----w- C:\Program Files\PragmaFunc 2015-02-23 20:50:11 -------- d-----w- C:\Program Files\SystemAugment 2015-02-23 20:49:43 -------- d-----w- C:\Program Files\UenniDeaLsa 2015-02-23 20:49:26 -------- d-----w- C:\Program Files\UniiDealse 2015-02-23 18:30:27 -------- d-----w- C:\Program Files\MyPC Backup 2015-02-23 18:28:54 -------- d-----w- C:\Program Files\LibraryApps 2015-02-23 18:25:48 -------- d-----w- C:\Program Files\UniDeals 2015-02-23 18:24:46 -------- d-----w- C:\Program Files\UniDueaaolsoa 2015-02-18 17:20:13 -------- d-----w- C:\Program Files\Common Files\Skype 2015-02-18 17:20:12 -------- d-----r- C:\Program Files\Skype 2015-02-13 16:39:16 -------- d-----w- C:\Program Files\Nero 2015-02-10 08:51:38 -------- d-----w- C:\Program Files\Microsoft Works 2015-02-10 08:50:57 -------- d-----w- C:\Program Files\Microsoft Visual Studio 2015-02-10 08:50:56 -------- d-----w- C:\Program Files\Common Files\DESIGNER 2015-02-10 08:48:20 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8 2015-02-05 05:08:26 -------- d-----w- C:\Program Files\Common Files\Java ======= C: ===== ====== C:\Users\prle\AppData\Roaming ====== 2015-02-23 18:31:19 -------- d-----w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2015-02-21 08:18:31 -------- d-sh--w- C:\Users\prle\AppData\Locallow\EmieUserList 2015-02-21 08:18:31 -------- d-sh--w- C:\Users\prle\AppData\Locallow\EmieBrowserModeList 2015-02-21 08:18:27 -------- d-sh--w- C:\Users\prle\AppData\Local\EmieUserList 2015-02-21 08:18:27 -------- d-sh--w- C:\Users\prle\AppData\Local\EmieSiteList 2015-02-21 08:18:27 -------- d-sh--w- C:\Users\prle\AppData\Local\EmieBrowserModeList 2015-02-07 06:43:14 -------- d-----w- C:\Users\prle\AppData\Roaming\addpcs 2015-01-30 00:13:02 0EE7C3CEA1DED759A5D27CCB7E8801DC 115 ----a-w- C:\Users\prle\AppData\Roaming\LogFile.txt ====== C:\Users\prle ====== 2015-02-24 13:11:06 -------- d-----w- C:\ProgramData\mklmbnpkafihmmhjhkdielpafiioicaj 2015-02-24 13:10:05 -------- d-----w- C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe} 2015-02-23 20:49:32 -------- d-----w- C:\ProgramData\fjccnbdbhediagolgafkefkgaiicffgh 2015-02-23 20:49:13 -------- d-----w- C:\ProgramData\ognmjdhiemmlmcohmbfpmfiofigblfle 2015-02-23 20:46:35 -------- d-----w- C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654} 2015-02-23 20:46:34 -------- d-----w- C:\ProgramData\{d781939f-3188-0949-d781-1939f3184e7c} 2015-02-23 20:46:33 -------- d-----w- C:\ProgramData\{05592932-1ad3-9d7b-0559-929321ada4c8} 2015-02-23 18:24:46 -------- d-----w- C:\ProgramData\2727273379398511586 2015-02-23 18:24:34 -------- d-----w- C:\ProgramData\npkgecfgpbaioddpbgopdbfllmlgiofi 2015-02-23 18:23:52 -------- d-----w- C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7} 2015-02-18 17:20:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-02-13 16:39:16 -------- d-----w- C:\ProgramData\Nero 2015-02-10 08:54:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office ====== C: exe-files == 2015-02-24 16:58:12 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\97E0\temp\Windows 7 Ultimate (zabranjeno) Genuine Activator.exe 2015-02-24 16:58:09 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\B0A0.exe 2015-02-24 16:50:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\prle\AppData\Local\Temporary Internet Files\Content.IE5\5LI5A0X6\ezdownloader[1].exe 2015-02-24 16:50:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\prle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LI5A0X6\ezdownloader[1].exe 2015-02-24 16:39:05 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\EB78\temp\Widows7Activator.exe 2015-02-24 16:39:03 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\A6E8.exe 2015-02-24 16:33:11 A6E07514B5E33C415E47ED57D1863196 331776 ----a-w- C:\Users\prle\AppData\Local\Temp\eauninstall.exe 2015-02-24 13:43:39 DF085A41E6CC782F9A50377776207D25 552056 ----a-w- C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe 2015-02-24 13:43:39 CA887EFE4E19350205CCE381F68AFD86 2152056 ----a-w- C:\Program Files\Opera\27.0.1689.76\opera_autoupdate.exe 2015-02-24 13:43:39 5D165F4948BD6B8D8663FD6106B53A1D 51366008 ----a-w- C:\Program Files\Opera\27.0.1689.76\opera.exe 2015-02-24 13:43:39 150090FB932CC14ADEECCA3AB742B110 73336 ----a-w- C:\Program Files\Opera\27.0.1689.76\wow_helper.exe 2015-02-24 13:43:33 0DC4C0CF8A0545D1BB53DF8361CEA2CA 1284728 ----a-w- C:\Program Files\Opera\27.0.1689.76\installer.exe 2015-02-24 13:10:03 264637E9B0BC6C5C592DB2F1ABD8B6D4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\14F4.exe 2015-02-23 20:49:44 114095B85E186B7DF9BFB8366F67F976 222720 ----a-w- C:\Program Files\UenniDeaLsa\K1MhPvSxHXg066.exe 2015-02-23 20:49:27 31CF492EF3749109DAD024F2B0CB6276 222720 ----a-w- C:\Program Files\UniiDealse\F0GyhxaDBM5jpq.exe 2015-02-23 20:46:36 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\68F0\temp\KMSpico v9 3 2.exe 2015-02-23 20:46:33 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\44C0\temp\KMSpico v9 3 2.exe 2015-02-23 20:46:31 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\13D0.exe 2015-02-23 20:46:30 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\7E80.exe 2015-02-23 20:46:29 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\DF70.exe 2015-02-23 18:31:19 53B9DFE8BE74F29DC10D12DF6B438F31 83532 ----a-w- C:\Program Files\MyPC Backup\uninst.exe 2015-02-23 18:31:18 D7ADBD1850FBAC3662F7ABBFB5C0A223 16992 ----a-w- C:\Program Files\MyPC Backup\Configuration Updater.exe 2015-02-23 18:31:18 CBC8AC881DCBB86E9F3BCD0C72374284 223344 ----a-w- C:\Program Files\MyPC Backup\Updater.exe 2015-02-23 18:31:18 BB830033C3E24A0B82CAF23662918278 9728 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet40_x64.exe 2015-02-23 18:31:18 A6A26E38B3596FA740F7039D98BD3A22 10240 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet40_x86.exe 2015-02-23 18:31:18 7C4C3FA08BA63596349243F52F604BCE 9728 ----a-w- C:\Program Files\MyPC Backup\UnRegisterExtensions.exe 2015-02-23 18:31:18 74A8C01B69ADEDD7F1330245CD994821 20480 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x86.exe 2015-02-23 18:31:18 5870C5E8C8E67FD29BC758A02F6DC1D7 856176 ----a-w- C:\Program Files\MyPC Backup\Signup Wizard.exe 2015-02-23 18:31:18 4BB211393828D585CB5396A273008D94 16384 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x64.exe 2015-02-23 18:31:18 3AAA70F71BA473ED9C88C83FECAB28D7 53832 ----a-w- C:\Program Files\MyPC Backup\BackupStack.exe 2015-02-23 18:31:18 33CBBBE9C389CE2DAA639E0E44D481A6 14944 ----a-w- C:\Program Files\MyPC Backup\Service Start.exe 2015-02-23 18:30:21 BCBA8747AB53932F8613C006444078E9 297672 ----a-w- C:\Users\prle\AppData\Local\Temp\OnlineBackup.exe 2015-02-23 18:25:55 064457B3DF770CCF4661770B4181632F 222720 ----a-w- C:\Program Files\UniDeals\nIORPIWwjvSuay.exe 2015-02-23 18:24:46 2CD8B44D91D440155D281763D45F8CB6 222720 ----a-w- C:\Program Files\UniDueaaolsoa\UniDueaaolsoa.exe 2015-02-23 18:23:52 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7}\KMSpico v9 3 2.exe 2015-02-23 18:23:50 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\C598.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Windows\CurrentVersion\Run] "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" "Password Door"="C:\PROGRA~1\PASSWO~1\TLPD.EXE" "LightShot"="C:\Users\UpdatusUser\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3RVX] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="3RVX" "hkey"="HKCU" "command"="C:\\Program Files\\3RVX\\3RVX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BlueStacks Agent" "hkey"="HKLM" "command"="C:\\Program Files\\BlueStacks\\HD-Agent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chatango] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Chatango" "hkey"="HKCU" "command"="C:\\Program Files\\Chatango\\Chatango.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Pro Agent" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools Pro\\DTAgent.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Ultra Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Ultra Agent" "hkey"="HKCU" "command"="\"C:\\Program Files\\DAEMON Tools Ultra\\DTAgent.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\f.lux] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="f.lux" "hkey"="HKCU" "command"="\"C:\\Users\\prle\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\prle\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fences] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Fences" "hkey"="HKLM" "command"="\"C:\\Program Files\\Stardock\\Fences\\Fences.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeAC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FreeAC" "hkey"="HKCU" "command"="C:\\Program Files\\FreeAlarmClock\\FreeAlarmClock.exe -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoSystemTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GenieoSystemTray" "hkey"="HKCU" "command"="\"C:\\Users\\prle\\AppData\\Roaming\\Genieo\\Application\\TrayUi\\bin\\gentray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoUpdaterService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GenieoUpdaterService" "hkey"="HKCU" "command"="\"C:\\Users\\prle\\AppData\\Roaming\\Genieo\\Application\\Updater\\bin\\genupdater.exe\" -wait 5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_72C4CCDB27045DE9679412ACC2C5666F] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleChromeAutoLaunch_72C4CCDB27045DE9679412ACC2C5666F" "hkey"="HKCU" "command"="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightShot] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LightShot" "hkey"="HKCU" "command"="C:\\Users\\prle\\AppData\\Local\\Skillbrains\\lightshot\\Lightshot.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Luxand Blink!] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Luxand Blink!" "hkey"="HKLM" "command"="C:\\Program Files\\Luxand\\Blink!\\LuxandBlinkTray.exe /s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroFilterCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NokiaSuite.exe" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NSU_agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NSU_agent" "hkey"="HKLM" "command"="\"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu3ui_agent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Password Door] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Password Door" "hkey"="HKCU" "command"="C:\\PROGRA~1\\PASSWO~1\\TLPD.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PWRISOVM.EXE" "hkey"="HKLM" "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RESTART_STICKY_NOTES] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RESTART_STICKY_NOTES" "hkey"="HKCU" "command"="C:\\Windows\\System32\\StikyNot.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RTHDVCPL" "hkey"="HKLM" "command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe\" -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SDTray" "hkey"="HKLM" "command"="\"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="se" "hkey"="HKCU" "command"="\"C:\\Users\\prle\\AppData\\Roaming\\SkypEmoticons\\SE.exe\" /minimized " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Sony Ericsson PC Suite" "hkey"="HKCU" "command"="\"C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe\" /systray /nologon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SPDriver" "hkey"="HKLM" "command"="C:\\Program Files\\ShopperPro\\JSDriver\\1.37.0.202\\jsdrv.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\prle\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="vProt" "hkey"="HKLM" "command"="\"C:\\Program Files\\AVG Secure Search\\vprot.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TP-LINK Wireless Configuration Utility.lnk" "backup"="C:\\Windows\\pss\\TP-LINK Wireless Configuration Utility.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\TP-LINK\\TP-LIN~1\\TWCU.exe -nogui" "item"="TP-LINK Wireless Configuration Utility" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Aquarius Soft PC Alarm Clock Pro.lnk] "path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Aquarius Soft PC Alarm Clock Pro.lnk" "backup"="C:\\Windows\\pss\\Aquarius Soft PC Alarm Clock Pro.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\AQUARI~1\\PCALAR~1\\alarm.exe /Startup" "item"="Aquarius Soft PC Alarm Clock Pro" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk] "path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Fences.lnk" "backup"="C:\\Windows\\pss\\Fences.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\Stardock\\Fences\\Fences.exe /startup" "item"="Fences" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk] "path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk" "backup"="C:\\Windows\\pss\\MyPC Backup.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Program Files\\MyPC Backup\\MyPC Backup.exe" "item"="MyPC Backup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHLR 09 Registration.lnk] "path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NHLR 09 Registration.lnk" "backup"="C:\\Windows\\pss\\NHLR 09 Registration.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\EASPOR~1\\NHL09~1\\Support\\EAREGI~1.EXE /remind /language=ENU /PRID=\"ODS:15374.110.Base Product\" /WHPR=\"NHLR 09\" /PRNM=\"Electronic Arts Product\"" "item"="NHLR 09 Registration" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk] "path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Stardock ObjectDock.lnk" "backup"="C:\\Windows\\pss\\Stardock ObjectDock.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Program Files\\Stardock\\ObjectDock\\ObjectDock.exe " "item"="Stardock ObjectDock" ==== Startup Folders ====================== 2015-02-23 18:23:52 1966 ----a-w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSpico v9 3 2.lnk 2015-02-24 13:10:05 2274 ----a-w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.02.2015 21:57] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6H0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04.12.2014 18:20] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Opera scheduled Autoupdate 1422158942" [C:\Program Files\Opera\launcher.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default user_pref("browser.startup.homepage", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84"); user_pref("browser.search.defaulturl", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q="); user_pref("browser.search.defaultenginename", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.selectedEngine", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("keyword.URL", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q="); ==== Firefox Extensions ====================== ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default - LavaFox V2 - %ProfilePath%\extensions\info@djzig.com - Undetermined - %ProfilePath%\extensions\staged - Undetermined - %ProfilePath%\extensions\lwthemes-manager@loucypher.xpi - Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi - YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\prle\AppData\Roaming\Thunderbird\Profiles\9ih8p39i.default - Test Pilot for Thunderbird - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 9759358F96AD19A9BC6E7314FB99D830 - C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 5E4595C16426E695B0D2049FFF71F77C - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 40.0.2214.115) Clip to OneNote - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic SingleFile - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle Clip to OneNote - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh MySearch - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic SingleFile - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle Clip to OneNote - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh MySearch - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic SingleFile - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle Clip to OneNote - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag Clip to OneNote - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh MySearch - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic SingleFile - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle Clip to OneNote - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh prIcuechop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji NExTCoup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo MySearch - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic ppruiceChop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb pricechop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi NeXtCoup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan pricEEcehop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo SingleFile - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle WebbINgg - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag ==== Chromium Startpages ====================== C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84", "startup_urls": [ "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84" ], ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0E90424D-0616-420E-8E5C-6B6FD05CD6D7} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {72302D6D-935C-4346-A5BB-96881B825ED8} Yahoo Url="https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}" {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} WebSearch Url="http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84" ==== C:\zoek_backup content ====================== C:\zoek_backup (files= ==== EOF on sre 25.02.2015 at 13:53:20,44 ======================

Profil

Sass Drake Poslao: 25 Feb 2015 18:24 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zatvori browser i ostale pokrenute programe; deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ; dvoklikom pokreni zoek.exe; pričekaj da se alat startuje ... U beli okvir prozora iskopiraj sljedeći tekst: C:\Program Files\UniDueaaolsoa;fs C:\Program Files\UniDeals;fs C:\Program Files\LibraryApps;fs C:\Program Files\MyPC Backup;fs C:\Program Files\UniiDealse;fs C:\Program Files\UenniDeaLsa;fs C:\Program Files\SystemAugment;fs C:\ProgramData\mklmbnpkafihmmhjhkdielpafiioicaj;fs C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe};fs C:\ProgramData\fjccnbdbhediagolgafkefkgaiicffgh;fs C:\ProgramData\ognmjdhiemmlmcohmbfpmfiofigblfle;fs C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654};fs C:\ProgramData\{d781939f-3188-0949-d781-1939f3184e7c};fs C:\ProgramData\{05592932-1ad3-9d7b-0559-929321ada4c8};fs C:\ProgramData\2727273379398511586;fs C:\ProgramData\npkgecfgpbaioddpbgopdbfllmlgiofi;fs C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7};fs [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoSystemTray];r C:\Users\\prle\AppData\Roaming\Genieo;fs [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoUpdaterService];r [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se];r C:\Users\prle\AppData\Roaming\SkypEmoticons;fs [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver];r C:\Program Files\ShopperPro;fs [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt];r C:\Program Files\AVG Secure Search;fs [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk];r C:\Windows\pss\MyPC Backup.lnk.Startup;fs aobhabljihdjejjfhfjoifpginokoaji;chr baglmalcondloklnfgimjaljakojgooo;chr dpejaigcnihfpkghmgbkldlhpmoodlic;chr eglhenilcnljodgkoganfogeejaobbfb;chr hngegahohpjkdinobobplbepfnjhiapi;chr jonkilmpochnfeolnaemapokondgjmdo;chr mpiodijhokgodhhofbcjdecpffjipkle;chr najbgfecdkpcinmghjdnppcpocdffmag;chr jnfiknodfamfadimbpboenlekogbbpan;chr [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r "Start Page"="http://www.google.com";r [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main];r "Start Page"="http://www.google.com";r {BB82DE59-BC4C-4172-9AC4-73315F71CFFE};c emptyalltemp; emptyclsid; autoclean; Klikni na dugme i pričekaj da se skeniranje završi. Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju. Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log) Kopiraj sadržaj tog loga u poruku.

Profil

TheChains Poslao: 25 Feb 2015 19:39 Idi na vrh
offline TheChains Zaslužni građanin Absolut Gut Pridružio: 13 Avg 2012 Poruke: 561 Gde živiš: Atakama	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 25 Feb 2015 19:32 Zoek.exe v5.0.0.0 Updated 24-February-2015 Tool run by prle on sre 25.02.2015 at 19:08:17,21. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\prle\Downloads\zoek.scr [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-02-25-125320.log 56508 bytes ==== Empty Folders Check ====================== C:\Program Files\Alwil Software deleted successfully C:\Program Files\Glarysoft deleted successfully C:\Program Files\KONAMI deleted successfully C:\Program Files\LibraryApps deleted successfully C:\Program Files\Malwarebytes' Anti-Malware deleted successfully C:\Program Files\PragmaFunc deleted successfully C:\Program Files\R.G. Mechanics deleted successfully C:\Program Files\Samsung deleted successfully C:\Program Files\SecurityXploded deleted successfully C:\Program Files\Sony Ericsson deleted successfully C:\Program Files\Sony Mobile deleted successfully C:\Program Files\SystemAugment deleted successfully C:\Program Files\Utherverse Digital Inc deleted successfully C:\Program Files\Voznja deleted successfully C:\PROGRA~2\Alwil Software deleted successfully C:\PROGRA~2\AVAST Software deleted successfully C:\PROGRA~2\GlarySoft deleted successfully C:\PROGRA~2\Informer Technologies, Inc deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~2\Solid State Networks deleted successfully C:\PROGRA~2\Sony Mobile deleted successfully C:\Users\prle\AppData\Roaming\Aquarius Soft deleted successfully C:\Users\prle\AppData\Roaming\GlarySoft deleted successfully C:\Users\prle\AppData\Roaming\JAM Software deleted successfully C:\Users\prle\AppData\Roaming\Malwarebytes deleted successfully C:\Users\prle\AppData\Roaming\Nokia deleted successfully C:\Users\prle\AppData\Roaming\Nokia Suite deleted successfully C:\Users\prle\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\prle\AppData\Local\cache deleted successfully C:\Users\prle\AppData\Local\CrashDumps deleted successfully C:\Users\prle\AppData\Local\DriverToolkit deleted successfully C:\Users\prle\AppData\Local\FluxSoftware deleted successfully C:\Users\prle\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\SearchScopes\{72302D6D-935C-4346-A5BB-96881B825ED8} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04734f44-4cfd-4491-816a-4831b9c15c3a} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{113CAC62-ED4F-4C1C-9E81-B21B5B7298F9} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11D1E862-42DE-465A-B9DF-23F817EC7ABD} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11D1E862-42DE-465A-B9DF-23F817EC7ABD} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{120086EC-8AE9-4D88-B388-DECB88A24D24} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBD1517-44E7-429F-976A-FAADFEC4E50} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBE9F19-6F25-4574-BC4-60BCD221FCBF} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F4A76D4-7A58-47D4-8EC9-DA6D9B661F8} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2111290D-A2D5-4EFD-9FE8-FE7E242DE712} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23B822CB-CF31-4C42-BE38-170F6B965C0} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24452E27-CD7B-457C-997A-507CF4B68660} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24452E27-CD7B-457C-997A-507CF4B68660} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{260658FA-D360-4A9C-9F4B-396BF8916D78} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{265E558B-74F9-4C91-AFB2-782D171F058} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A8CB1E9-A1D9-422F-BB53-1374B772D4F} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CF19E0F-F84B-4B15-BE94-C236D52130CE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D5B36D7-D9A6-4DCB-9A2D-F9E4381B53C} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D5B36D7-D9A6-4DCB-9A2D-F9E4381B53C} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ED15055-4401-40A1-BF35-C83EEBF0AB23} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F2154B5-A58F-4B4B-B3AE-336878731AFD} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3095A65E-E242-4FC4-BE3F-F9D4CC2C9CA} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{314C2412-CD22-438B-A1C9-5068F35B9022} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3505F8DE-5FF8-4A14-A5D9-E9A99B7C271} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35BCD555-5E26-459B-9FAE-4E7127DC65A} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3616C86D-2DD9-4442-A684-D5747521B9BF} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380BFA4-1E89-4021-865E-72D1D6C4D0C3} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38C6E0FD-2014-443B-9571-92D121CB75A} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4060C93-B4E2-4C7E-A46E-9D557DB93B83} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{420EBA26-4A9F-4FF4-881-688865353F38} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4363CA47-E476-4E8C-8C17-9DD6221BE2EC} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{464E5124-FE08-4C69-9510-9C973971569} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AD9DAAF-F549-4E92-9987-7CC938A323E6} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DA902D8-A306-428F-B6E6-9BC2D7772E52} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3BFED4-5A6-4002-9017-867CB6430A3} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FC2B07E-6454-458A-94A6-82C4E9BB1C6D} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55FF5086-E9BE-458F-91BF-7ACC72FE6FE1} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58A3EE2D-CC7A-4E43-BCD3-2436D3A3C3AC} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58A616B5-1D32-4670-8C7E-9F18ED1A9360} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A4FB167-1754-4AC0-A4F2-24697672A782} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CB7454D-2B9D-47A9-BCDA-761475B2BCB} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E6F6DA-FCA5-4E7C-9A8F-A5B872E65442} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F804355-65C1-4FDD-9053-8AFE4E386CCE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AF0DDE5-4207-4F69-A91-E5EB679396E} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73A1AB18-236F-42F0-ADB-BB7C481A2E8} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73F2D278-2995-4D87-949F-3E133D14D66F} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7449963B-2739-4A31-997D-DA9FCCDB9BBC} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7581737F-C84C-4CF5-AC9B-DBF6BAA9A220} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{776C25AB-4322-4816-9D82-7EEE37EDC15} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7818EB92-7446-4EE2-8E53-11273A1ADAE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AAD2930-676D-41BA-ACAA-DF9023E7A8FF} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AF734F-7D4A-4C23-BA51-F77D70B13252} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C5D7661-FEA2-4A9A-9DB4-773675F9FAFB} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CA961D5-3FC2-4FC8-A6EA-DCD4E9BED35F} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D148CF9-EF13-42F3-9511-18757FC8089} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D26061D-997A-4EB3-9742-84AC7FD8A9B} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D71CCA2-1503-40A0-A34E-EB203E05DFC} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DC01235-94F8-4307-8730-37141C437AD7} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EAC42D9-21E2-48E7-B830-2E6EF4ECB2DE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82BB0790-BD9C-42AB-A134-A27D30295F20} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82C53F7D-5B96-42A0-A868-B05835D91423} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{836C3EE0-EC28-4B23-84F8-1F6C1B02D7} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{836C3EE0-EC28-4B23-84F8-1F6C1B02D7} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83AFB983-6457-4F2A-83A7-40B6D45ACE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83AFB983-6457-4F2A-83A7-40B6D45ACE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83FD788-505D-4B36-A5B8-FA12B0C8B682} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84acb84c-d0c7-4c1e-a216-0ffa24f46d46} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84D18BFF-30BD-4838-9A1C-95A9E1A2795} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8532072E-5172-46AE-AF6-9F92B9DD61B} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85651D5D-1A3D-46EA-B123-F4CF1E3FFAE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{867E448D-586-40BB-B66F-70CB67D89F7} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EA3DB05-AB46-48DC-AC60-324B3DB0C535} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{903EE15D-69F0-45C0-83E7-7F5BDD4EC03B} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90977FBA-21B7-49F7-9157-2D95BDE09EA4} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91136B78-1F31-41AB-A9F1-3FEBC4AE0} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92CCB7BB-FC38-453B-9ADA-CD4F6ED7E076} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{951769D9-3F17-42ED-8B58-3FD682168C7} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98B11BD-3D56-468E-AECD-5B708CC696B8} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F545701-B0F7-45AE-92E3-D73B14FB7DC5} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FE76DFF-9F47-4460-BF2-12BF78478FBE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2D4F445-E89-4E9B-BAC3-B7D978F19211} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A63126BB-4C54-4420-9C8E-C165A5A7BAA} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABD57266-3EBE-4BFB-8D5F-F8B05287322F} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{af1b172c-f5b8-4bb2-b196-0b96940880ce} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B020454C-A721-4CB3-ACD3-85E49B32488} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B374F9BA-C395-4F52-A975-A0B0539F4F2} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B374F9BA-C395-4F52-A975-A0B0539F4F2} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB368796-4E48-415C-8630-5F6E9032AE73} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCACB1D0-19C4-476A-BD34-9DA39963CFD5} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE603191-D4EF-4ED4-A63-E160F4DF5B34} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE6BE2FB-DD4E-408C-BB1-B5813320B61} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE6BE2FB-DD4E-408C-BB1-B5813320B61} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF133815-8819-4FE1-AA21-C611C5E48A68} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF133815-8819-4FE1-AA21-C611C5E48A68} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFE5B705-6CA1-465B-984D-CF43C8FBFC4} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C08BFE48-2FAC-4C4D-BE72-222F629BF352} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C08BFE48-2FAC-4C4D-BE72-222F629BF352} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c1e0e3c9-74a4-40d5-9b2b-972f352c5bd5} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3EA7CE9-FBB8-4540-B0C6-6E9052499FD6} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C47AFD62-3B31-463C-B5F3-729831DFF2E3} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C47AFD62-3B31-463C-B5F3-729831DFF2E3} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C61054F-D638-48CD-BFE1-E0C27ECE487E} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7239025-8D0B-43C2-984D-DBD0358D7B49} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C742C9C0-4A0A-4DED-8B51-6B442A1308A} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAEEEE61-EE54-4470-9817-5514340B183} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBC02A92-534D-47E6-AF7C-9D82E2473B57} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBC02A92-534D-47E6-AF7C-9D82E2473B57} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC008F07-64D2-43E7-BE69-6841833C57DA} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCE789A9-C506-4DE7-9351-BEF19310131C} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCE789A9-C506-4DE7-9351-BEF19310131C} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDA2DEEA-2B3B-4F22-93EE-AFE46A8FF737} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFB8C26C-356E-4F26-84D9-89C1CCD8CD5} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D20A9B7-3CF2-4CF4-8E72-1ABE784133C} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8548920-E5C5-417A-825F-6D27C6AEE5A1} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D984EAB6-89A1-46D0-BEBC-4FFA77F826EC} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D98941DE-9808-48A7-9091-2B4669369DBD} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DADC05A1-5145-4E65-905D-A571BF7BB80} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC71891-B44E-4460-B58C-8BD28C7877E} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDE79F7D-BAC2-4A14-BE72-25C1D4429983} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E02D0ECA-F2D9-4E93-93DF-91D57ACD5DA} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E140590C-65EA-4997-9834-A3F2F27212C0} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E140590C-65EA-4997-9834-A3F2F27212C0} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1EF0AD4-4AD8-488F-AB16-137DBE5AAE9E} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E470D065-5FCC-49D2-AC38-CBF1B261A0BC} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E613ECAF-7CD-4053-91A-E0154440903E} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA2EA80D-E787-4381-A0A6-9AFFFC1AE9EF} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB9350E0-A093-46C9-93DC-452FEB501CA5} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC61E115-5C39-4144-B68-AF8BB0FBA990} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED9F1217-B119-41DC-A420-F2BEBAD0CDFD} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDAE1523-EF3C-48D0-B6B0-D72468EA5526} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1D88A78-D2B8-4094-ABD0-9B48F48F669} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7D9135B-59B6-42D4-997E-62B99A9FA1B} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F87487F6-AC81-4F45-9C0-26BF66539AB} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8D7B05C-72F5-46BC-923-9A26B46CAFE8} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8D7B05C-72F5-46BC-923-9A26B46CAFE8} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F939CD97-68E0-4F95-8137-7CEA1F529F1C} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD366082-300A-4A6F-A43A-5FE122C52C50} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE63D1FF-3322-43A9-A4AD-C05F6C598235} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE63D1FF-3322-43A9-A4AD-C05F6C598235} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE6D905E-D5BF-4458-A21D-21C6A23E9E27} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE6D905E-D5BF-4458-A21D-21C6A23E9E27} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04734f44-4cfd-4491-816a-4831b9c15c3a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84acb84c-d0c7-4c1e-a216-0ffa24f46d46} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{af1b172c-f5b8-4bb2-b196-0b96940880ce} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c1e0e3c9-74a4-40d5-9b2b-972f352c5bd5} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{70956a7e-af16-4c30-a0b2-a8530b9a4bf1} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{f3e96a3a-3ad9-4bdd-abcb-8f3f6756aba3} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{d901c848-d153-4f9a-a6df-40b9a471e688} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411821192} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\591fc86d deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\591fc86d deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BackupStack deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default user.js not found ---- Lines aRNEOMVW50611856ZKVKQ22976610com61908 removed from prefs.js ---- user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.InstallationThankYouPage", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.InstallationTime", 1406463645); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comaRNEOMVW50611856ZKVKQ22976610com61908_dbWasSet", tr user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comaRNEOMVW50611856ZKVKQ22976610com61908_dbWasSet_FF25 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncdb_dbWasSet", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncinternaldb_dbWasSet", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.active", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.addressbar", "NA"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.addressbarenhanced", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.asyncdb.was_copied", "true"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.asyncinternaldb.was_copied", "true"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.backgroundver", 1); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.certdomaininstaller", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.changeprevious", false); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallationTime.value", "%221406463645%22"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%22%3A% user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.description", "Just Save"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.domain", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.enablesearch", false); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.homepage", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.iframe", false); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%224D72F5F429AE49A user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%22 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_ user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+ user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%224D72F5 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_appVer.value", "8"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_nextCheck.expiration", "Mon Jul 28 2014 21:09:27 GMT+0200"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+010 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.__defualt_browser__.value", "%22opera%22"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+010 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67108872%2C-2147483 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GM user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:0 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledWithHash.value", "null"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.lastDailyReport", "1406552954217"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.lastUpdate", "1406552953216"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.manifesturl", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.name", "SavePass"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.newtab", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.opensearch", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.pluginsurl", "http://js.infodatacloud.com/plugin/apps/61908/plugins/na/ff/plugins.js user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.pluginsversion", 3); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.publisher", "OutBrowse"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.searchstatus", 0); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.setnewtab", false); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.thankyou", ""); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.updateinterval", 360); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.ver", 8); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.apps", "61908"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.bic", "1477d16a9e32c7d7ebd69f5741fe79ac"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.cid", 61908); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.firstrun", false); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.hadappinstalled", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.installationdate", 1406552943); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.installerAdditionalInfo", "{\"asw\":[67108872, -2147483579, 16777216]}"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.modetype", "production"); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.reportInstall", true); user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.statsDailyCounter", 1); ---- Lines ac1b9d30675ba43908a8b76b504015572gmailcom61764 removed from prefs.js ---- user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.active", true); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.addressbar", "NA"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.addressbarenhanced", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.asyncdb.was_copied", "true"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.asyncinternaldb.was_copied", "true"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.backgroundver", 1); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comac1b9d30675ba43908a8b76b50401 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comac1b9d30675ba43908a8b76b50401 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncdb_dbWasSet", true); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncdb_dbWasSet_FF25_FIX", t user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncinternaldb_dbWasSet", tr user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncinternaldb_dbWasSet_FF25 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.certdomaininstaller", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.changeprevious", false); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallationTime.value", "%221406463701%22"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001902%22%2C%22sub_ user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.description", "Turn YouTube videos to High Definition by default"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.domain", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.enablesearch", false); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.homepage", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.iframe", false); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.InstallationThankYouPage", true); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.InstallationTime", 1406463701); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.__defualt_browser__.value", "%22opera%22"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:0 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67108872%2 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22install user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+ user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%224D72F5 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100" user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001902%22%2C%22 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+ user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001902%22% user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:0 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 203 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_bundledWithHash.value", "null"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_appVer.value", "20"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100") user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_meta.value", "%7B%7D"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_nextCheck.expiration", "Mon Jul 28 2014 21:09:29 GMT+0 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100" user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:0 user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.lastDailyReport", "1406552968075"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.lastUpdate", "1406552968001"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.manifesturl", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.name", "P-HD-V1.4"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.newtab", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.opensearch", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.pluginsurl", "http://js.infodatacloud.com/plugin/apps/61764/plugins/na/ff/p user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.pluginsversion", 14); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.publisher", "P-HD"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.searchstatus", 0); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.setnewtab", false); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.thankyou", ""); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.updateinterval", 360); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.ver", 20); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.apps", "61764"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.bic", "1477d16a9e32c7d7ebd69f5741fe79ac"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.cid", 61764); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.firstrun", false); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.hadappinstalled", true); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.installationdate", 1406552943); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.installerAdditionalInfo", "{\"asw\":[67108872, -2139094971, 16777216]}"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.modetype", "production"); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.reportInstall", true); user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.statsDailyCounter", 1); ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaultenginename", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaulturl", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q= user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.selectedEngine", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("browser.startup.homepage", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84"); user_pref("keyword.URL", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q="); ---- Lines offers removed from prefs.js ---- user_pref("extensions.speedtest4354@BestOffers.id", "\"1d6d209e-4e70-7ef5-ca5b-e4a6e66532f3\""); ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 1); ---- Lines extensions.0JKVdFj removed from prefs.js ---- user_pref("extensions.0JKVdFj.epoch", "1407530933"); user_pref("extensions.0JKVdFj.url", "http://fastgroupchinayour.net/sync2/?q=hfZ9ofDSBShEAen0rHsErihTB6lKDzt4oltjtNtVh7n0rjnEqHs5rTsEqds9tMFHhd9Fqda5rd ---- Lines extensions.1S_9FL9 removed from prefs.js ---- user_pref("extensions.1S_9FL9.epoch", "1407530932"); user_pref("extensions.1S_9FL9.url", "http://guardsetstarr.info/sync2/?q=hfZ9ofbTAy1MCyVUojrGrdwMg708BNmGWj8ikGhGheDUojw9rdCGpdsGrdwGpchIC7n0rjnEpda6rT ---- Lines extensions.OK2_ removed from prefs.js ---- user_pref("extensions.OK2_.epoch", "1407530933"); ---- Lines extensions.Ywo removed from prefs.js ---- user_pref("extensions.Ywo.epoch", "1407530934"); ---- Lines extensions.iEQF1GpIf removed from prefs.js ---- user_pref("extensions.iEQF1GpIf.epoch", "1407530934"); ---- Lines extensions.xuVHVAY removed from prefs.js ---- user_pref("extensions.xuVHVAY.epoch", "1407530932"); user_pref("extensions.xuVHVAY.url", "http://simpleguardcompletesun.in/sync2/?q=hfZ9ofbTAy1MCyVUojCFqchTB6lKDzt4oltjtNtVh7n0rjnEqHw4rjYFrHk4tMFHhd9Fqda ---- FireFox user.js and prefs.js backups ---- prefs_25.02.2015_1925_.backup ProfilePath: C:\Users\prle\AppData\Roaming\Thunderbird\Profiles\9ih8p39i.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_25.02.2015_1925_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoSystemTray] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoUpdaterService] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== Deleting Files \ Folders ====================== C:\Program Files\Alwil Software not found C:\Program Files\Glarysoft not found C:\Program Files\KONAMI not found C:\Program Files\LibraryApps not found C:\Program Files\Malwarebytes' Anti-Malware not found C:\Program Files\PragmaFunc not found C:\Program Files\R.G. Mechanics not found C:\Program Files\Samsung not found C:\Program Files\SecurityXploded not found C:\Program Files\Sony Ericsson not found C:\Program Files\Sony Mobile not found C:\Program Files\SystemAugment not found C:\Program Files\Utherverse Digital Inc not found C:\Program Files\Voznja not found C:\Program Files\LibraryApps not found C:\Program Files\SystemAugment not found C:\Users\\prle\AppData\Roaming\Genieo not found C:\Users\prle\AppData\Roaming\SkypEmoticons not found C:\Program Files\ShopperPro not found C:\Program Files\AVG Secure Search not found C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found C:\Program Files\Temp deleted C:\Program Files\UenniDeaLsa deleted C:\Program Files\UniDeals deleted C:\Program Files\UniiDealse deleted C:\Program Files\BocaFunc deleted C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter deleted C:\Program Files\UniDueaaolsoa deleted C:\Program Files\MyPC Backup deleted C:\ProgramData\mklmbnpkafihmmhjhkdielpafiioicaj deleted C:\ProgramData\fjccnbdbhediagolgafkefkgaiicffgh deleted C:\ProgramData\ognmjdhiemmlmcohmbfpmfiofigblfle deleted C:\ProgramData\{d781939f-3188-0949-d781-1939f3184e7c} deleted C:\ProgramData\{05592932-1ad3-9d7b-0559-929321ada4c8} deleted C:\ProgramData\2727273379398511586 deleted C:\ProgramData\npkgecfgpbaioddpbgopdbfllmlgiofi deleted C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7} deleted C:\Windows\pss\MyPC Backup.lnk.Startup deleted C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\KMSpico v9 3 2.lnk deleted C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.lnk deleted C:\Users\prle\AppData\LocalLow\{00A23F44-9F69-E1E5-0A50-6F5043E3933C} deleted C:\Users\prle\AppData\LocalLow\{099ECB26-E9C5-443A-2CDE-5DC332DF755C} deleted C:\Users\prle\AppData\LocalLow\{14669796-CB3C-9319-34CA-35BBB8D245CB} deleted C:\Users\prle\AppData\LocalLow\{3FEAEC20-746B-0718-E9CF-36BE3447B908} deleted C:\Users\prle\AppData\LocalLow\{453FA534-9E32-9505-97D9-08904D3E50E6} deleted C:\Users\prle\AppData\LocalLow\{FEB569F1-BAF6-0E26-D327-ABA8F275D30A} deleted C:\PROGRA~2\SummerSoft deleted C:\Users\prle\.android deleted C:\Users\prle\AppData\Roaming\PLGComp.ini deleted C:\PROGRA~2\Package Cache deleted C:\Users\prle\AppData\Local\updater.log deleted C:\Users\prle\AppData\Local\Skillbrains deleted C:\Users\prle\AppData\Local\Installer deleted C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup deleted C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot deleted C:\Users\prle\AppData\LocalLow\{160BEE9D-7658-C4F5-F4D4-D1B72CDA0E7B} deleted C:\Users\prle\AppData\LocalLow\{3858F4D9-B62E-B792-D721-2F8A9D4ACFFB} deleted C:\Users\prle\AppData\LocalLow\{BE682707-07C5-DB3D-C25D-B7D72987BFD0} deleted C:\Users\prle\AppData\LocalLow\{EF33DFE3-410A-DA77-323E-31083972CF43} deleted C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\System32\AniGIF.ocx deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\searchplugins\WebSearch.xml deleted C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\staged deleted "C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not deleted "C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not deleted "C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.exe" deleted "C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not deleted "C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not deleted "C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\KMSpico v9 3 2.exe" deleted "C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not deleted "C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not deleted "C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.exe" deleted "C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not deleted "C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not deleted "C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\KMSpico v9 3 2.exe" deleted "C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not deleted "C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not deleted "C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not deleted "C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not deleted ==== Firefox Extensions ====================== ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default - LavaFox V2 - %ProfilePath%\extensions\info@djzig.com - Undetermined - %ProfilePath%\extensions\lwthemes-manager@loucypher.xpi - Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi - YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\prle\AppData\Roaming\Thunderbird\Profiles\9ih8p39i.default - Test Pilot for Thunderbird - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 9759358F96AD19A9BC6E7314FB99D830 - C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 5E4595C16426E695B0D2049FFF71F77C - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\prle\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\prle\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 40.0.2214.115) ==== Chromium Startpages ====================== C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84", "startup_urls": [ "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84" ], ==== Chromium Fix ====================== C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.swellsearch.info_0.localstorage deleted successfully C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.swellsearch.info_0.localstorage-journal deleted successfully C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpejaigcnihfpkghmgbkldlhpmoodlic_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {0E90424D-0616-420E-8E5C-6B6FD05CD6D7} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07af7647-0fef-460a-a4be-1fc23e009b1e} deleted successfully HKEY_CLASSES_ROOT\CLSID\{07af7647-0fef-460a-a4be-1fc23e009b1e} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07af7647-0fef-460a-a4be-1fc23e009b1e} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0e1e61cb-381d-4b03-9bc3-7652bb48f3a2} deleted successfully HKEY_CLASSES_ROOT\CLSID\{0e1e61cb-381d-4b03-9bc3-7652bb48f3a2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e1e61cb-381d-4b03-9bc3-7652bb48f3a2} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ef03c57-4ce2-4e45-80b5-52e780433ce5} deleted successfully HKEY_CLASSES_ROOT\CLSID\{6ef03c57-4ce2-4e45-80b5-52e780433ce5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ef03c57-4ce2-4e45-80b5-52e780433ce5} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3RVX deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chatango deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Ultra Agent deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f.lux deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fences deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Password Door deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite deleted successfully ==== Empty IE Cache ====================== C:\Users\prle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\prle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\prle\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\prle\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\prle\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=254 folders=88 48558226 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\prle\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\prle\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not found "C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not found "C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not found "C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not found "C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not found "C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not found "C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not found "C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not found "C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not found "C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not found "C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not found "C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not found ==== EOF on sre 25.02.2015 at 19:31:28,18 ====================== Dopuna: 25 Feb 2015 19:39 DOPUNA Sada FRST program radi, bez problema. Skeniranje uspešno. -------> Izvoli Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01 Ran by prle (administrator) on PRLE-PC on 25-02-2015 19:34:31 Running from C:\Users\prle\Downloads Loaded Profiles: prle & UpdatusUser (Available profiles: prle & UpdatusUser) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: engleski (SAD) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files\Stardock\WindowBlinds\WBSrv.exe (Stardock Software, Inc) C:\Program Files\Stardock\WindowBlinds\WBCore.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [] => [X] HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [uTorrent] => C:\Users\prle\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-25] (BitTorrent Inc.) HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\MountPoints2: {cd0294e6-8447-11e4-8c81-6c626d450386} - F:\setup.exe HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [Password Door] => C:\PROGRA~1\PASSWO~1\TLPD.EXE HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [LightShot] => C:\Users\UpdatusUser\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&.....M%3DIE8SRC HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&.....M%3DIE11SR SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {0E90424D-0616-420E-8E5C-6B6FD05CD6D7} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 178.217.8.10 192.168.0.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1606030900-3430388029-1771253369-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1606030900-3430388029-1771253369-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml FF Extension: LavaFox V2 - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\info@djzig.com [2014-10-09] FF Extension: Lightweight Themes Manager - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\lwthemes-manager@loucypher.xpi [2014-03-17] FF Extension: Stylish - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-03-17] FF Extension: YouTube High Definition - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-03-17] FF Extension: Adblock Plus - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17] FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com [Not Found] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR DefaultSearchKeyword: Default -> 1640B246F3DB79A353AB140EE3CB6DCE9B62BCD2EB9A9E49494D758371FC538B CHR DefaultSearchURL: Default -> 3A2F1F4279D4EE6E909A16034EA11F7E6BAF3BFC874330CAD8AA80186C5B4188 CHR Profile: C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WindowBlinds; C:\Program Files\Stardock\WindowBlinds\wbsrv.exe [84592 2014-03-10] (Stardock Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2012-10-18] (Atheros Communications, Inc.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems) S3 gggen; C:\Windows\System32\DRIVERS\gggen.sys [11648 2006-09-28] (Sony Ericsson Mobile Communications) [File not signed] S3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [11648 2006-09-28] (Sony Ericsson Mobile Communications) [File not signed] S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-08-03] (Sony Mobile Communications) S3 hcdriver; C:\Windows\System32\DRIVERS\hcdriver.sys [55208 2013-08-21] (Intel Corporation) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-07-20] (REALiX(tm)) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation) S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation) S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation) S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation) S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation) S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2014-01-18] (Duplex Secure Ltd.) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] S3 cpuz134; \??\C:\Users\prle\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 19:34 - 2015-02-25 19:34 - 00015049 _____ () C:\Users\prle\Downloads\FRST.txt 2015-02-25 19:34 - 2015-02-25 19:34 - 00000000 ____D () C:\FRST 2015-02-25 19:33 - 2015-02-25 19:33 - 01127424 _____ (Farbar) C:\Users\prle\Downloads\FRST.exe 2015-02-25 19:30 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe 2015-02-25 19:07 - 2015-02-25 19:27 - 00000000 ____D () C:\zoek_backup 2015-02-25 14:02 - 2015-02-25 19:30 - 00001388 _____ () C:\Windows\PFRO.log 2015-02-25 13:57 - 2015-02-25 13:57 - 00000000 ____D () C:\Genuine Activator for Windows XP Vista and Win 7 2015-02-25 13:56 - 2015-02-25 13:56 - 00003533 _____ () C:\Users\prle\Downloads\[kickass.to]genuine.activator.for.windows.xp.vista.and.win.7.honest.torrent 2015-02-25 13:48 - 2015-02-25 19:31 - 00072679 _____ () C:\zoek-results.log 2015-02-25 13:47 - 2015-02-13 00:50 - 01440116 _____ () C:\Users\prle\Downloads\zoek.scr 2015-02-25 13:47 - 2015-02-13 00:50 - 01440116 _____ () C:\Users\prle\Downloads\zoek.pif 2015-02-25 13:47 - 2015-02-13 00:50 - 01440116 _____ () C:\Users\prle\Downloads\zoek.com 2015-02-25 13:46 - 2015-02-25 13:47 - 04311354 _____ () C:\Users\prle\Downloads\zoek.rar 2015-02-24 14:34 - 2015-02-25 19:31 - 00001426 _____ () C:\Windows\setupact.log 2015-02-24 14:34 - 2015-02-24 14:34 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-21 09:18 - 2015-02-21 09:18 - 00000000 __SHD () C:\Users\prle\AppData\Local\EmieUserList 2015-02-21 09:18 - 2015-02-21 09:18 - 00000000 __SHD () C:\Users\prle\AppData\Local\EmieSiteList 2015-02-21 09:18 - 2015-02-21 09:18 - 00000000 __SHD () C:\Users\prle\AppData\Local\EmieBrowserModeList 2015-02-18 18:20 - 2015-02-18 18:20 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-02-18 18:20 - 2015-02-18 18:20 - 00000000 ___RD () C:\Program Files\Skype 2015-02-18 18:20 - 2015-02-18 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-02-18 18:20 - 2015-02-18 18:20 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-02-13 17:43 - 2015-02-13 17:43 - 00002652 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk 2015-02-13 17:43 - 2015-02-13 17:43 - 00002552 _____ () C:\Users\Public\Desktop\Nero Home.lnk 2015-02-13 17:42 - 2015-02-13 17:43 - 20434858 _____ () C:\Users\prle\Downloads\hdsentinel_trial_setup.zip 2015-02-13 17:39 - 2015-02-13 17:39 - 00000000 ____D () C:\ProgramData\Nero 2015-02-13 17:39 - 2015-02-13 17:39 - 00000000 ____D () C:\Program Files\Nero 2015-02-13 17:22 - 2015-02-13 17:24 - 00000000 ____D () C:\Nero 7.10.1.0 By M3ZKAL 2015-02-13 17:17 - 2015-02-13 17:19 - 00000000 ____D () C:\z 2015-02-12 23:12 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-12 23:12 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-11 05:52 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 05:52 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 05:52 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 05:52 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 05:52 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 05:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 05:52 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 05:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 05:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 05:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 05:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 05:52 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 05:52 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 05:51 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 05:51 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 05:51 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 05:51 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 05:51 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 05:51 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 05:51 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 05:51 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 05:51 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-02-11 05:51 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 05:51 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 05:51 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 05:51 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 05:51 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 05:51 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 05:51 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 05:51 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 05:51 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 05:50 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 05:50 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 05:50 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 05:50 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 05:50 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 05:50 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 05:50 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 05:50 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 05:50 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 05:50 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 05:50 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 05:50 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 05:50 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 05:50 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 05:50 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 05:50 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 05:50 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 05:50 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 05:50 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 05:50 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 05:50 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 05:50 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 05:50 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 05:50 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 05:50 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 05:50 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 05:50 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 05:50 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 05:49 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 05:49 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 05:49 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 05:49 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 05:49 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-02-10 09:54 - 2015-02-10 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-02-10 09:54 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll 2015-02-10 09:51 - 2015-02-10 09:51 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-02-10 09:50 - 2015-02-10 09:50 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 2015-02-10 09:50 - 2015-02-10 09:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-02-10 09:48 - 2015-02-10 09:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8 2015-02-10 09:45 - 2015-02-10 09:45 - 00000000 __RHD () C:\MSOCache 2015-02-09 16:24 - 2015-02-09 16:24 - 00000071 _____ () C:\Users\prle\Downloads\listen (2).pls 2015-02-07 16:02 - 2015-02-07 16:02 - 00000071 _____ () C:\Users\prle\Downloads\listen.pls 2015-02-07 16:02 - 2015-02-07 16:02 - 00000071 _____ () C:\Users\prle\Downloads\listen (1).pls 2015-02-07 07:43 - 2015-02-07 07:43 - 00000000 ____D () C:\Users\prle\AppData\Roaming\addpcs 2015-02-07 07:34 - 2015-02-02 19:13 - 01388274 _____ (Thisisu) C:\Users\prle\Desktop\JRT_NEW.exe 2015-02-07 07:32 - 2015-02-07 07:33 - 00000000 ____D () C:\Users\prle\Desktop\Sve i svasta 2015-02-05 06:08 - 2015-02-05 06:08 - 00000000 ____D () C:\Program Files\Common Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-25 19:32 - 2013-08-28 16:39 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-25 19:31 - 2013-08-28 16:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-25 19:31 - 2013-06-28 11:51 - 00000000 ____D () C:\Users\prle\AppData\Roaming\uTorrent 2015-02-25 19:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-25 19:30 - 2014-07-27 21:37 - 01442603 _____ () C:\Windows\WindowsUpdate.log 2015-02-25 19:30 - 2013-06-28 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-25 19:30 - 2009-07-14 05:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-25 19:30 - 2009-07-14 05:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\prle\AppData\Local\Comodo 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2015-02-25 19:27 - 2013-06-28 11:59 - 00000000 ____D () C:\Users\prle\AppData\Local\Google 2015-02-25 19:26 - 2014-07-07 01:49 - 00000000 ____D () C:\Windows\pss 2015-02-25 19:26 - 2013-06-28 11:10 - 00000000 ____D () C:\Users\prle 2015-02-25 19:26 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-02-25 18:49 - 2015-01-01 21:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-25 13:44 - 2014-07-27 00:56 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Skype 2015-02-24 20:08 - 2013-06-28 11:15 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-24 19:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-02-24 18:03 - 2014-05-26 23:00 - 00233472 ___SH () C:\Users\prle\Downloads\Thumbs.db 2015-02-24 15:57 - 2013-08-20 20:26 - 03070464 ___SH () C:\Users\prle\Desktop\Thumbs.db 2015-02-24 14:43 - 2013-06-28 11:48 - 00000000 ____D () C:\Program Files\Opera 2015-02-24 12:21 - 2013-06-28 12:11 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Winamp 2015-02-23 21:59 - 2013-06-28 12:03 - 00000000 ____D () C:\Users\prle\AppData\Local\Adobe 2015-02-23 21:57 - 2013-06-28 12:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-23 21:57 - 2013-06-28 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-02-18 18:20 - 2013-06-28 12:09 - 00000000 ____D () C:\ProgramData\Skype 2015-02-15 03:57 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\ShellNew 2015-02-13 17:49 - 2014-08-06 04:06 - 00000000 ____D () C:\Program Files\Hard Disk Sentinel 2015-02-13 17:41 - 2013-07-04 05:52 - 00000000 ____D () C:\Program Files\Common Files\Ahead 2015-02-13 11:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2015-02-12 05:15 - 2009-07-14 05:33 - 03831880 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 05:13 - 2014-12-14 15:10 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 05:13 - 2014-12-14 15:10 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 05:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS 2015-02-12 04:02 - 2014-12-10 14:27 - 00000000 ____D () C:\Windows 7 Ultimate SP1 (32 Bit) 2015-02-12 03:30 - 2013-07-14 18:47 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 03:12 - 2013-07-02 21:03 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-12 03:11 - 2014-12-10 16:40 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-12 03:05 - 2013-07-03 08:28 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-12 03:05 - 2013-07-03 08:27 - 00002155 _____ () C:\Windows\epplauncher.mif 2015-02-12 03:05 - 2013-06-29 21:06 - 00111520 _____ () C:\Users\prle\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-12 03:04 - 2013-07-03 08:28 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-10 09:51 - 2014-06-09 14:14 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-02-10 09:51 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\MSBuild 2015-02-10 09:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-10 09:50 - 2013-07-14 18:57 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-02-10 09:47 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini 2015-02-05 08:46 - 2013-09-11 08:19 - 00006656 _____ () C:\Windows\system32\lpcio.dll 2015-02-05 06:07 - 2014-08-29 04:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-02-05 06:07 - 2014-01-05 01:22 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-05 06:07 - 2013-07-06 16:01 - 00000000 ____D () C:\Program Files\Java 2015-01-28 10:54 - 2014-03-12 20:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-01-27 20:29 - 2014-03-12 20:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-27 20:28 - 2013-06-28 11:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-01-27 20:26 - 2014-11-16 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock 2015-01-27 20:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET ==================== Files in the root of some directories ======= 2015-01-30 01:13 - 2015-01-30 01:14 - 0000115 _____ () C:\Users\prle\AppData\Roaming\LogFile.txt 2013-08-08 12:44 - 2013-08-10 14:09 - 0000018 _____ () C:\Users\prle\AppData\Roaming\uid.dat 2012-05-03 12:12 - 2012-05-03 12:12 - 0000532 _____ () C:\Users\prle\AppData\Local\datos.txt 2014-08-06 04:16 - 2014-08-06 04:16 - 0000001 _____ () C:\Users\prle\AppData\Local\llftool.4.40.agreement 2013-07-07 05:30 - 2014-08-29 04:52 - 0007598 _____ () C:\Users\prle\AppData\Local\Resmon.ResmonCfg 2013-07-27 02:03 - 2014-10-09 00:44 - 0000435 _____ () C:\Users\prle\AppData\Local\UserProducts.xml ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-24 04:17 ==================== End Of Log ============================ https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 25 Feb 2015 19:40 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odlično. Korak 1 Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop Dvoklikom pokreni program. u EULA prozoru klikni na I agree. Klikni na dugme Scan i sačekaj da se završi skeniranje. Klikni na dugme Clean i pričekaj da program završi. Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu. Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem. Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl" Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt Korak 2 Ponovo skini FRST i probaj opet da postaviš izvještaje koji se traže u uputstvu za otvaranje teme.

Profil

TheChains Poslao: 25 Feb 2015 19:48 Idi na vrh
offline TheChains Zaslužni građanin Absolut Gut Pridružio: 13 Avg 2012 Poruke: 561 Gde živiš: Atakama	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 25 Feb 2015 19:42 FRST je okačen, poruka iznad, sa Addition fajlom. Dopuna: 25 Feb 2015 19:48 https://www.mycity.rs/must-login.png

Profil

Sass Drake Poslao: 25 Feb 2015 20:25 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK. Idemo dalje. Korak 1 Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe: KingfisherAggregator TechFuser Korak 2 Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja. FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com [Not Found] HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\MountPoints2: {cd0294e6-8447-11e4-8c81-6c626d450386} - F:\setup.exe Task: {238B553A-A6D7-4C17-8675-FE8779651066} - System32\Tasks\{B3522109-C991-4D67-AAF7-5995B150AB7C} => pcalua.exe -a "C:\Program Files\Password Door\uninst.exe" Task: {54261CDB-EC34-41A8-9399-F103EC1E7CFE} - System32\Tasks\{229C8E19-A50F-4CFF-AD5C-CAD2217874EF} => pcalua.exe -a "C:\Program Files\ShopperPro\SPremove.exe" <==== ATTENTION Task: {74A23698-2B0A-406F-8F3E-9ABC53E1E97B} - System32\Tasks\{BF56B925-1165-496E-BFC1-B7B1FC14A39C} => pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe" Task: {8FF13D53-DE5A-4345-9BE2-106F9C37E69E} - System32\Tasks\{34C64026-428E-4F88-9270-A349D7F801C5} => pcalua.exe -a "C:\Program Files\KONAMI\Pro Evolution Soccer 2009\Uninstall.exe" Task: {90C71143-D045-4845-872F-FC66445B1FA0} - System32\Tasks\{AFAAEA38-A906-4343-BD86-FC174C2C6646} => pcalua.exe -a "D:\Prle\Prle Fajlovi\Memory\Make Bootable USB Pen Drive For Windows XP,Windows 7,And Windows 8\Windows XP\WinSetupFromUSB_0-2-3.exe" -d "D:\Prle\Prle Fajlovi\Memory\Make Bootable USB Pen Drive For Windows XP,Windows 7,And Windows 8\Windows XP" U okviru Notepad-a klikni na File --> Save As Fajl nazovi Fixlist i sačuvaj na Desktop Dvoklikom ponovo pokreni FRST.exe Klikni na Fix i sačekaj dok program ne završi. Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi. Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu. Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Usporen tempo

Ko je trenutno na forumu

Ukupno su 852 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 849 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Fog of War, saputnik plavetnila, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by