Usporen tempo

1

Usporen tempo

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

1. detaljan opis problema; Usporen dosta tempo računara, pali se znatno duže i znatno duže treba mu da se osvesti pa da počne sa radom.

2. postavljanje dijagnostičkog izveštaja (log-a, logfile-a);

Imam problem, prilikom pokretanja FIRST programa, naime izbacuje ovo.
Nisam se susretao sa ovim. Šta je loše krenulo?

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Skini opet FRST pa probaj onda da ga pokreneš.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Probao par puta i sada. Ne, ne želi da saradjuje..

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Probajmo onda ovako:


Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Došlo je do nekog vremenskog perioda skeniranja i izašlo ovo.



To što je skeniralo, vidi se u logu do prekida.


Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by prle on sre 25.02.2015 at 13:47:52,90.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\prle\Downloads\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

25.2.2015 13:49:00 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Stardock\WindowBlinds\wbsrv.exe
C:\Program Files\Stardock\WindowBlinds\WBCore.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\KMSpico v9 3 2.exe
C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv

==== Services(whitelist) ======================
Powered by E Dev

R2 - [591fc86d] - BocaFunc - files\bocafunc\bocafunc.dll [x]
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
R2 - [BackupStack] - Computer Backup (MyPC Backup) - c:\program files\mypc backup\backupstack.exe
R2 - [BstHdLogRotatorSvc] - BlueStacks Log Rotator Service - c:\program files\bluestacks\hd-logrotatorservice.exe
R2 - [BstHdUpdaterSvc] - BlueStacks Updater Service - c:\program files\bluestacks\hd-updaterservice.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - c:\program files\nvidia corporation\nvidia update core\daemonu.exe
R2 - [WindowBlinds] - Stardock WindowBlinds - c:\program files\stardock\windowblinds\wbsrv.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Usluga deljenja putem mreže za Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
R3 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [BstHdAndroidSvc] - BlueStacks Android Service - c:\program files\bluestacks\hd-service.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files\google\update\googleupdate.exe
S2 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe
S2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Faks - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [IDriverT] - InstallDriver Table Manager - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NBService] - NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [SwitchBoard] - SwitchBoard - c:\program files\common files\adobe\switchboard\switchboard.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Usluga tehnologije aktivacije operativnog sistema Windows - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
R0 - [Mup] - MUP - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - IDE Channel - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\Windows\system32\Drivers\NDIS.sys
R0 - [nvstor] - nvstor - C:\Windows\system32\Drivers\nvstor.sys
R0 - [partmgr] - Partition Manager - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pciide] - pciide - C:\Windows\system32\Drivers\pciide.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [sptd] - sptd - C:\Windows\system32\Drivers\sptd.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Upravljački program TCP/IP protokola - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [vmbus] - Virtual Machine Bus - C:\Windows\system32\Drivers\vmbus.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO TDI upravljačkog programa podrške koji je zastareo - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\prle\AppData\Local\Temp ====
2015-02-24 16:58:12 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\97E0\temp\Windows 7 Ultimate (zabranjeno) Genuine Activator.exe
2015-02-24 16:58:09 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\B0A0.exe
2015-02-24 16:39:05 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\EB78\temp\Widows7Activator.exe
2015-02-24 16:39:03 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\A6E8.exe
2015-02-24 16:33:11 A6E07514B5E33C415E47ED57D1863196 331776 ----a-w- C:\Users\prle\AppData\Local\Temp\eauninstall.exe
2015-02-24 13:10:03 264637E9B0BC6C5C592DB2F1ABD8B6D4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\14F4.exe
2015-02-23 20:46:36 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\68F0\temp\KMSpico v9 3 2.exe
2015-02-23 20:46:33 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\44C0\temp\KMSpico v9 3 2.exe
2015-02-23 20:46:31 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\13D0.exe
2015-02-23 20:46:30 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\7E80.exe
2015-02-23 20:46:29 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\DF70.exe
2015-02-23 18:30:21 BCBA8747AB53932F8613C006444078E9 297672 ----a-w- C:\Users\prle\AppData\Local\Temp\OnlineBackup.exe
2015-02-23 18:23:50 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\C598.exe
====== Java Cache =====
====== C:\Windows\system32 =====
2015-02-12 22:12:11 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-12 22:12:10 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\Windows\System32\jscript9.dll
====== C:\Windows\system32\drivers =====
2015-02-11 04:52:34 F516F1167EFBBC5ABC90687C94497869 369968 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-02-11 04:52:34 EF88BAC2B489D9C46F4E41ACF0219CD0 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-02-11 04:52:34 49D70660EE8266988C1F99A0297A1430 136640 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-02-24 16:41:20 -------- d-----w- C:\Program Files\BocaFunc
2015-02-24 13:12:00 -------- d-----w- C:\Program Files\PragmaFunc
2015-02-23 20:50:11 -------- d-----w- C:\Program Files\SystemAugment
2015-02-23 20:49:43 -------- d-----w- C:\Program Files\UenniDeaLsa
2015-02-23 20:49:26 -------- d-----w- C:\Program Files\UniiDealse
2015-02-23 18:30:27 -------- d-----w- C:\Program Files\MyPC Backup
2015-02-23 18:28:54 -------- d-----w- C:\Program Files\LibraryApps
2015-02-23 18:25:48 -------- d-----w- C:\Program Files\UniDeals
2015-02-23 18:24:46 -------- d-----w- C:\Program Files\UniDueaaolsoa
2015-02-18 17:20:13 -------- d-----w- C:\Program Files\Common Files\Skype
2015-02-18 17:20:12 -------- d-----r- C:\Program Files\Skype
2015-02-13 16:39:16 -------- d-----w- C:\Program Files\Nero
2015-02-10 08:51:38 -------- d-----w- C:\Program Files\Microsoft Works
2015-02-10 08:50:57 -------- d-----w- C:\Program Files\Microsoft Visual Studio
2015-02-10 08:50:56 -------- d-----w- C:\Program Files\Common Files\DESIGNER
2015-02-10 08:48:20 -------- d-----w- C:\Program Files\Microsoft Visual Studio 8
2015-02-05 05:08:26 -------- d-----w- C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\prle\AppData\Roaming ======
2015-02-23 18:31:19 -------- d-----w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-02-21 08:18:31 -------- d-sh--w- C:\Users\prle\AppData\Locallow\EmieUserList
2015-02-21 08:18:31 -------- d-sh--w- C:\Users\prle\AppData\Locallow\EmieBrowserModeList
2015-02-21 08:18:27 -------- d-sh--w- C:\Users\prle\AppData\Local\EmieUserList
2015-02-21 08:18:27 -------- d-sh--w- C:\Users\prle\AppData\Local\EmieSiteList
2015-02-21 08:18:27 -------- d-sh--w- C:\Users\prle\AppData\Local\EmieBrowserModeList
2015-02-07 06:43:14 -------- d-----w- C:\Users\prle\AppData\Roaming\addpcs
2015-01-30 00:13:02 0EE7C3CEA1DED759A5D27CCB7E8801DC 115 ----a-w- C:\Users\prle\AppData\Roaming\LogFile.txt
====== C:\Users\prle ======
2015-02-24 13:11:06 -------- d-----w- C:\ProgramData\mklmbnpkafihmmhjhkdielpafiioicaj
2015-02-24 13:10:05 -------- d-----w- C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}
2015-02-23 20:49:32 -------- d-----w- C:\ProgramData\fjccnbdbhediagolgafkefkgaiicffgh
2015-02-23 20:49:13 -------- d-----w- C:\ProgramData\ognmjdhiemmlmcohmbfpmfiofigblfle
2015-02-23 20:46:35 -------- d-----w- C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}
2015-02-23 20:46:34 -------- d-----w- C:\ProgramData\{d781939f-3188-0949-d781-1939f3184e7c}
2015-02-23 20:46:33 -------- d-----w- C:\ProgramData\{05592932-1ad3-9d7b-0559-929321ada4c8}
2015-02-23 18:24:46 -------- d-----w- C:\ProgramData\2727273379398511586
2015-02-23 18:24:34 -------- d-----w- C:\ProgramData\npkgecfgpbaioddpbgopdbfllmlgiofi
2015-02-23 18:23:52 -------- d-----w- C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7}
2015-02-18 17:20:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-13 16:39:16 -------- d-----w- C:\ProgramData\Nero
2015-02-10 08:54:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

====== C: exe-files ==
2015-02-24 16:58:12 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\97E0\temp\Windows 7 Ultimate (zabranjeno) Genuine Activator.exe
2015-02-24 16:58:09 B5EB2D244FD1C9402635395B69BD76C4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\B0A0.exe
2015-02-24 16:50:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\prle\AppData\Local\Temporary Internet Files\Content.IE5\5LI5A0X6\ezdownloader[1].exe
2015-02-24 16:50:45 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\prle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LI5A0X6\ezdownloader[1].exe
2015-02-24 16:39:05 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\EB78\temp\Widows7Activator.exe
2015-02-24 16:39:03 AFA75754DBC8D6A83C2958C010FD5D66 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\A6E8.exe
2015-02-24 16:33:11 A6E07514B5E33C415E47ED57D1863196 331776 ----a-w- C:\Users\prle\AppData\Local\Temp\eauninstall.exe
2015-02-24 13:43:39 DF085A41E6CC782F9A50377776207D25 552056 ----a-w- C:\Program Files\Opera\27.0.1689.76\opera_crashreporter.exe
2015-02-24 13:43:39 CA887EFE4E19350205CCE381F68AFD86 2152056 ----a-w- C:\Program Files\Opera\27.0.1689.76\opera_autoupdate.exe
2015-02-24 13:43:39 5D165F4948BD6B8D8663FD6106B53A1D 51366008 ----a-w- C:\Program Files\Opera\27.0.1689.76\opera.exe
2015-02-24 13:43:39 150090FB932CC14ADEECCA3AB742B110 73336 ----a-w- C:\Program Files\Opera\27.0.1689.76\wow_helper.exe
2015-02-24 13:43:33 0DC4C0CF8A0545D1BB53DF8361CEA2CA 1284728 ----a-w- C:\Program Files\Opera\27.0.1689.76\installer.exe
2015-02-24 13:10:03 264637E9B0BC6C5C592DB2F1ABD8B6D4 1057792 ----a-w- C:\Users\prle\AppData\Local\Temp\14F4.exe
2015-02-23 20:49:44 114095B85E186B7DF9BFB8366F67F976 222720 ----a-w- C:\Program Files\UenniDeaLsa\K1MhPvSxHXg066.exe
2015-02-23 20:49:27 31CF492EF3749109DAD024F2B0CB6276 222720 ----a-w- C:\Program Files\UniiDealse\F0GyhxaDBM5jpq.exe
2015-02-23 20:46:36 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\68F0\temp\KMSpico v9 3 2.exe
2015-02-23 20:46:33 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\44C0\temp\KMSpico v9 3 2.exe
2015-02-23 20:46:31 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\13D0.exe
2015-02-23 20:46:30 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\7E80.exe
2015-02-23 20:46:29 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\DF70.exe
2015-02-23 18:31:19 53B9DFE8BE74F29DC10D12DF6B438F31 83532 ----a-w- C:\Program Files\MyPC Backup\uninst.exe
2015-02-23 18:31:18 D7ADBD1850FBAC3662F7ABBFB5C0A223 16992 ----a-w- C:\Program Files\MyPC Backup\Configuration Updater.exe
2015-02-23 18:31:18 CBC8AC881DCBB86E9F3BCD0C72374284 223344 ----a-w- C:\Program Files\MyPC Backup\Updater.exe
2015-02-23 18:31:18 BB830033C3E24A0B82CAF23662918278 9728 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet40_x64.exe
2015-02-23 18:31:18 A6A26E38B3596FA740F7039D98BD3A22 10240 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet40_x86.exe
2015-02-23 18:31:18 7C4C3FA08BA63596349243F52F604BCE 9728 ----a-w- C:\Program Files\MyPC Backup\UnRegisterExtensions.exe
2015-02-23 18:31:18 74A8C01B69ADEDD7F1330245CD994821 20480 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x86.exe
2015-02-23 18:31:18 5870C5E8C8E67FD29BC758A02F6DC1D7 856176 ----a-w- C:\Program Files\MyPC Backup\Signup Wizard.exe
2015-02-23 18:31:18 4BB211393828D585CB5396A273008D94 16384 ----a-w- C:\Program Files\MyPC Backup\RegisterExtensionDotNet20_x64.exe
2015-02-23 18:31:18 3AAA70F71BA473ED9C88C83FECAB28D7 53832 ----a-w- C:\Program Files\MyPC Backup\BackupStack.exe
2015-02-23 18:31:18 33CBBBE9C389CE2DAA639E0E44D481A6 14944 ----a-w- C:\Program Files\MyPC Backup\Service Start.exe
2015-02-23 18:30:21 BCBA8747AB53932F8613C006444078E9 297672 ----a-w- C:\Users\prle\AppData\Local\Temp\OnlineBackup.exe
2015-02-23 18:25:55 064457B3DF770CCF4661770B4181632F 222720 ----a-w- C:\Program Files\UniDeals\nIORPIWwjvSuay.exe
2015-02-23 18:24:46 2CD8B44D91D440155D281763D45F8CB6 222720 ----a-w- C:\Program Files\UniDueaaolsoa\UniDueaaolsoa.exe
2015-02-23 18:23:52 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7}\KMSpico v9 3 2.exe
2015-02-23 18:23:50 8C2368FB9721181978817B8B3CB717F4 1085440 ----a-w- C:\Users\prle\AppData\Local\Temp\C598.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"Password Door"="C:\PROGRA~1\PASSWO~1\TLPD.EXE"
"LightShot"="C:\Users\UpdatusUser\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\3RVX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="3RVX"
"hkey"="HKCU"
"command"="C:\\Program Files\\3RVX\\3RVX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlueStacks Agent"
"hkey"="HKLM"
"command"="C:\\Program Files\\BlueStacks\\HD-Agent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chatango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Chatango"
"hkey"="HKCU"
"command"="C:\\Program Files\\Chatango\\Chatango.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Pro Agent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Ultra Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Ultra Agent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Ultra\\DTAgent.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\f.lux]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="f.lux"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Local\\FluxSoftware\\Flux\\flux.exe\" /noshow"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fences]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Fences"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Stardock\\Fences\\Fences.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeAC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FreeAC"
"hkey"="HKCU"
"command"="C:\\Program Files\\FreeAlarmClock\\FreeAlarmClock.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoSystemTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GenieoSystemTray"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Roaming\\Genieo\\Application\\TrayUi\\bin\\gentray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoUpdaterService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GenieoUpdaterService"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Roaming\\Genieo\\Application\\Updater\\bin\\genupdater.exe\" -wait 5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_72C4CCDB27045DE9679412ACC2C5666F]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleChromeAutoLaunch_72C4CCDB27045DE9679412ACC2C5666F"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightShot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightShot"
"hkey"="HKCU"
"command"="C:\\Users\\prle\\AppData\\Local\\Skillbrains\\lightshot\\Lightshot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Luxand Blink!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Luxand Blink!"
"hkey"="HKLM"
"command"="C:\\Program Files\\Luxand\\Blink!\\LuxandBlinkTray.exe /s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSC"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroFilterCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaSuite.exe"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NSU_agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NSU_agent"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu3ui_agent.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Password Door]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Password Door"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\PASSWO~1\\TLPD.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM.EXE"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RESTART_STICKY_NOTES]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RESTART_STICKY_NOTES"
"hkey"="HKCU"
"command"="C:\\Windows\\System32\\StikyNot.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe\" -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="se"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Roaming\\SkypEmoticons\\SE.exe\" /minimized "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sony Ericsson PC Suite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe\" /systray /nologon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPDriver"
"hkey"="HKLM"
"command"="C:\\Program Files\\ShopperPro\\JSDriver\\1.37.0.202\\jsdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\prle\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vProt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AVG Secure Search\\vprot.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TP-LINK Wireless Configuration Utility.lnk"
"backup"="C:\\Windows\\pss\\TP-LINK Wireless Configuration Utility.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\TP-LINK\\TP-LIN~1\\TWCU.exe -nogui"
"item"="TP-LINK Wireless Configuration Utility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Aquarius Soft PC Alarm Clock Pro.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Aquarius Soft PC Alarm Clock Pro.lnk"
"backup"="C:\\Windows\\pss\\Aquarius Soft PC Alarm Clock Pro.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\AQUARI~1\\PCALAR~1\\alarm.exe /Startup"
"item"="Aquarius Soft PC Alarm Clock Pro"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Fences.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Fences.lnk"
"backup"="C:\\Windows\\pss\\Fences.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\Stardock\\Fences\\Fences.exe /startup"
"item"="Fences"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk"
"backup"="C:\\Windows\\pss\\MyPC Backup.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files\\MyPC Backup\\MyPC Backup.exe"
"item"="MyPC Backup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHLR 09 Registration.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NHLR 09 Registration.lnk"
"backup"="C:\\Windows\\pss\\NHLR 09 Registration.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\EASPOR~1\\NHL09~1\\Support\\EAREGI~1.EXE /remind /language=ENU /PRID=\"ODS:15374.110.Base Product\" /WHPR=\"NHLR 09\" /PRNM=\"Electronic Arts Product\""
"item"="NHLR 09 Registration"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
"path"="C:\\Users\\prle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Stardock ObjectDock.lnk"
"backup"="C:\\Windows\\pss\\Stardock ObjectDock.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files\\Stardock\\ObjectDock\\ObjectDock.exe "
"item"="Stardock ObjectDock"


==== Startup Folders ======================

2015-02-23 18:23:52 1966 ----a-w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSpico v9 3 2.lnk
2015-02-24 13:10:05 2274 ----a-w- C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.02.2015 21:57]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6H0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04.12.2014 18:20]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Opera scheduled Autoupdate 1422158942" [C:\Program Files\Opera\launcher.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
user_pref("browser.startup.homepage", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84");
user_pref("browser.search.defaulturl", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q=");
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("keyword.URL", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q=");

==== Firefox Extensions ======================

ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
- LavaFox V2 - %ProfilePath%\extensions\info@djzig.com
- Undetermined - %ProfilePath%\extensions\staged
- Undetermined - %ProfilePath%\extensions\lwthemes-manager@loucypher.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\prle\AppData\Roaming\Thunderbird\Profiles\9ih8p39i.default
- Test Pilot for Thunderbird - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
9759358F96AD19A9BC6E7314FB99D830 - C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
5E4595C16426E695B0D2049FFF71F77C - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 40.0.2214.115)


Clip to OneNote - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - prle\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - prle\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag
Clip to OneNote - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
MySearch - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
SingleFile - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
Clip to OneNote - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh
prIcuechop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aobhabljihdjejjfhfjoifpginokoaji
NExTCoup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\baglmalcondloklnfgimjaljakojgooo
MySearch - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dpejaigcnihfpkghmgbkldlhpmoodlic
ppruiceChop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglhenilcnljodgkoganfogeejaobbfb
pricechop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hngegahohpjkdinobobplbepfnjhiapi
NeXtCoup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jnfiknodfamfadimbpboenlekogbbpan
pricEEcehop - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jonkilmpochnfeolnaemapokondgjmdo
SingleFile - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpiodijhokgodhhofbcjdecpffjipkle
WebbINgg - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\najbgfecdkpcinmghjdnppcpocdffmag

==== Chromium Startpages ======================

C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84",
"startup_urls": [ "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84" ],


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0E90424D-0616-420E-8E5C-6B6FD05CD6D7} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{72302D6D-935C-4346-A5BB-96881B825ED8} Yahoo Url="https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}"
{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} WebSearch Url="http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=
==== EOF on sre 25.02.2015 at 13:53:20,44 ======================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

C:\Program Files\UniDueaaolsoa;fs
C:\Program Files\UniDeals;fs
C:\Program Files\LibraryApps;fs
C:\Program Files\MyPC Backup;fs
C:\Program Files\UniiDealse;fs
C:\Program Files\UenniDeaLsa;fs
C:\Program Files\SystemAugment;fs
C:\ProgramData\mklmbnpkafihmmhjhkdielpafiioicaj;fs
C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe};fs
C:\ProgramData\fjccnbdbhediagolgafkefkgaiicffgh;fs
C:\ProgramData\ognmjdhiemmlmcohmbfpmfiofigblfle;fs
C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654};fs
C:\ProgramData\{d781939f-3188-0949-d781-1939f3184e7c};fs
C:\ProgramData\{05592932-1ad3-9d7b-0559-929321ada4c8};fs
C:\ProgramData\2727273379398511586;fs
C:\ProgramData\npkgecfgpbaioddpbgopdbfllmlgiofi;fs
C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7};fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoSystemTray];r
C:\Users\\prle\AppData\Roaming\Genieo;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoUpdaterService];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se];r
C:\Users\prle\AppData\Roaming\SkypEmoticons;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver];r
C:\Program Files\ShopperPro;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt];r
C:\Program Files\AVG Secure Search;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk];r
C:\Windows\pss\MyPC Backup.lnk.Startup;fs
aobhabljihdjejjfhfjoifpginokoaji;chr
baglmalcondloklnfgimjaljakojgooo;chr
dpejaigcnihfpkghmgbkldlhpmoodlic;chr
eglhenilcnljodgkoganfogeejaobbfb;chr
hngegahohpjkdinobobplbepfnjhiapi;chr
jonkilmpochnfeolnaemapokondgjmdo;chr
mpiodijhokgodhhofbcjdecpffjipkle;chr
najbgfecdkpcinmghjdnppcpocdffmag;chr
jnfiknodfamfadimbpboenlekogbbpan;chr
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main];r
"Start Page"="http://www.google.com";r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main];r
"Start Page"="http://www.google.com";r
{BB82DE59-BC4C-4172-9AC4-73315F71CFFE};c
emptyalltemp;
emptyclsid;
autoclean;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Napisano: 25 Feb 2015 19:32

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by prle on sre 25.02.2015 at 19:08:17,21.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\prle\Downloads\zoek.scr [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-02-25-125320.log 56508 bytes

==== Empty Folders Check ======================

C:\Program Files\Alwil Software deleted successfully
C:\Program Files\Glarysoft deleted successfully
C:\Program Files\KONAMI deleted successfully
C:\Program Files\LibraryApps deleted successfully
C:\Program Files\Malwarebytes' Anti-Malware deleted successfully
C:\Program Files\PragmaFunc deleted successfully
C:\Program Files\R.G. Mechanics deleted successfully
C:\Program Files\Samsung deleted successfully
C:\Program Files\SecurityXploded deleted successfully
C:\Program Files\Sony Ericsson deleted successfully
C:\Program Files\Sony Mobile deleted successfully
C:\Program Files\SystemAugment deleted successfully
C:\Program Files\Utherverse Digital Inc deleted successfully
C:\Program Files\Voznja deleted successfully
C:\PROGRA~2\Alwil Software deleted successfully
C:\PROGRA~2\AVAST Software deleted successfully
C:\PROGRA~2\GlarySoft deleted successfully
C:\PROGRA~2\Informer Technologies, Inc deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~2\Solid State Networks deleted successfully
C:\PROGRA~2\Sony Mobile deleted successfully
C:\Users\prle\AppData\Roaming\Aquarius Soft deleted successfully
C:\Users\prle\AppData\Roaming\GlarySoft deleted successfully
C:\Users\prle\AppData\Roaming\JAM Software deleted successfully
C:\Users\prle\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\prle\AppData\Roaming\Nokia deleted successfully
C:\Users\prle\AppData\Roaming\Nokia Suite deleted successfully
C:\Users\prle\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\prle\AppData\Local\cache deleted successfully
C:\Users\prle\AppData\Local\CrashDumps deleted successfully
C:\Users\prle\AppData\Local\DriverToolkit deleted successfully
C:\Users\prle\AppData\Local\FluxSoftware deleted successfully
C:\Users\prle\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\SearchScopes\{72302D6D-935C-4346-A5BB-96881B825ED8} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04734f44-4cfd-4491-816a-4831b9c15c3a} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{113CAC62-ED4F-4C1C-9E81-B21B5B7298F9} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11D1E862-42DE-465A-B9DF-23F817EC7ABD} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11D1E862-42DE-465A-B9DF-23F817EC7ABD} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{120086EC-8AE9-4D88-B388-DECB88A24D24} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBD1517-44E7-429F-976A-FAADFEC4E50} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBE9F19-6F25-4574-BC4-60BCD221FCBF} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F4A76D4-7A58-47D4-8EC9-DA6D9B661F8} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2111290D-A2D5-4EFD-9FE8-FE7E242DE712} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23B822CB-CF31-4C42-BE38-170F6B965C0} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24452E27-CD7B-457C-997A-507CF4B68660} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24452E27-CD7B-457C-997A-507CF4B68660} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{260658FA-D360-4A9C-9F4B-396BF8916D78} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{265E558B-74F9-4C91-AFB2-782D171F058} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A8CB1E9-A1D9-422F-BB53-1374B772D4F} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CF19E0F-F84B-4B15-BE94-C236D52130CE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D5B36D7-D9A6-4DCB-9A2D-F9E4381B53C} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D5B36D7-D9A6-4DCB-9A2D-F9E4381B53C} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ED15055-4401-40A1-BF35-C83EEBF0AB23} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F2154B5-A58F-4B4B-B3AE-336878731AFD} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3095A65E-E242-4FC4-BE3F-F9D4CC2C9CA} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{314C2412-CD22-438B-A1C9-5068F35B9022} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3505F8DE-5FF8-4A14-A5D9-E9A99B7C271} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35BCD555-5E26-459B-9FAE-4E7127DC65A} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3616C86D-2DD9-4442-A684-D5747521B9BF} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380BFA4-1E89-4021-865E-72D1D6C4D0C3} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38C6E0FD-2014-443B-9571-92D121CB75A} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4060C93-B4E2-4C7E-A46E-9D557DB93B83} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{420EBA26-4A9F-4FF4-881-688865353F38} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4363CA47-E476-4E8C-8C17-9DD6221BE2EC} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{464E5124-FE08-4C69-9510-9C973971569} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AD9DAAF-F549-4E92-9987-7CC938A323E6} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DA902D8-A306-428F-B6E6-9BC2D7772E52} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3BFED4-5A6-4002-9017-867CB6430A3} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FC2B07E-6454-458A-94A6-82C4E9BB1C6D} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55FF5086-E9BE-458F-91BF-7ACC72FE6FE1} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58A3EE2D-CC7A-4E43-BCD3-2436D3A3C3AC} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58A616B5-1D32-4670-8C7E-9F18ED1A9360} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A4FB167-1754-4AC0-A4F2-24697672A782} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CB7454D-2B9D-47A9-BCDA-761475B2BCB} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E6F6DA-FCA5-4E7C-9A8F-A5B872E65442} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F804355-65C1-4FDD-9053-8AFE4E386CCE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AF0DDE5-4207-4F69-A91-E5EB679396E} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73A1AB18-236F-42F0-ADB-BB7C481A2E8} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73F2D278-2995-4D87-949F-3E133D14D66F} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7449963B-2739-4A31-997D-DA9FCCDB9BBC} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7581737F-C84C-4CF5-AC9B-DBF6BAA9A220} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{776C25AB-4322-4816-9D82-7EEE37EDC15} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7818EB92-7446-4EE2-8E53-11273A1ADAE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AAD2930-676D-41BA-ACAA-DF9023E7A8FF} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AF734F-7D4A-4C23-BA51-F77D70B13252} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C5D7661-FEA2-4A9A-9DB4-773675F9FAFB} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CA961D5-3FC2-4FC8-A6EA-DCD4E9BED35F} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D148CF9-EF13-42F3-9511-18757FC8089} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D26061D-997A-4EB3-9742-84AC7FD8A9B} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D71CCA2-1503-40A0-A34E-EB203E05DFC} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DC01235-94F8-4307-8730-37141C437AD7} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EAC42D9-21E2-48E7-B830-2E6EF4ECB2DE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82BB0790-BD9C-42AB-A134-A27D30295F20} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82C53F7D-5B96-42A0-A868-B05835D91423} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{836C3EE0-EC28-4B23-84F8-1F6C1B02D7} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{836C3EE0-EC28-4B23-84F8-1F6C1B02D7} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83AFB983-6457-4F2A-83A7-40B6D45ACE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83AFB983-6457-4F2A-83A7-40B6D45ACE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83FD788-505D-4B36-A5B8-FA12B0C8B682} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84acb84c-d0c7-4c1e-a216-0ffa24f46d46} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84D18BFF-30BD-4838-9A1C-95A9E1A2795} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8532072E-5172-46AE-AF6-9F92B9DD61B} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85651D5D-1A3D-46EA-B123-F4CF1E3FFAE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{867E448D-586-40BB-B66F-70CB67D89F7} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EA3DB05-AB46-48DC-AC60-324B3DB0C535} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{903EE15D-69F0-45C0-83E7-7F5BDD4EC03B} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90977FBA-21B7-49F7-9157-2D95BDE09EA4} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91136B78-1F31-41AB-A9F1-3FEBC4AE0} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92CCB7BB-FC38-453B-9ADA-CD4F6ED7E076} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{951769D9-3F17-42ED-8B58-3FD682168C7} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98B11BD-3D56-468E-AECD-5B708CC696B8} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F545701-B0F7-45AE-92E3-D73B14FB7DC5} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FE76DFF-9F47-4460-BF2-12BF78478FBE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2D4F445-E89-4E9B-BAC3-B7D978F19211} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A63126BB-4C54-4420-9C8E-C165A5A7BAA} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABD57266-3EBE-4BFB-8D5F-F8B05287322F} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{af1b172c-f5b8-4bb2-b196-0b96940880ce} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B020454C-A721-4CB3-ACD3-85E49B32488} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B374F9BA-C395-4F52-A975-A0B0539F4F2} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B374F9BA-C395-4F52-A975-A0B0539F4F2} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB368796-4E48-415C-8630-5F6E9032AE73} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCACB1D0-19C4-476A-BD34-9DA39963CFD5} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE603191-D4EF-4ED4-A63-E160F4DF5B34} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE6BE2FB-DD4E-408C-BB1-B5813320B61} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE6BE2FB-DD4E-408C-BB1-B5813320B61} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF133815-8819-4FE1-AA21-C611C5E48A68} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF133815-8819-4FE1-AA21-C611C5E48A68} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFE5B705-6CA1-465B-984D-CF43C8FBFC4} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C08BFE48-2FAC-4C4D-BE72-222F629BF352} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C08BFE48-2FAC-4C4D-BE72-222F629BF352} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c1e0e3c9-74a4-40d5-9b2b-972f352c5bd5} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3EA7CE9-FBB8-4540-B0C6-6E9052499FD6} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C47AFD62-3B31-463C-B5F3-729831DFF2E3} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C47AFD62-3B31-463C-B5F3-729831DFF2E3} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C61054F-D638-48CD-BFE1-E0C27ECE487E} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7239025-8D0B-43C2-984D-DBD0358D7B49} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C742C9C0-4A0A-4DED-8B51-6B442A1308A} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAEEEE61-EE54-4470-9817-5514340B183} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBC02A92-534D-47E6-AF7C-9D82E2473B57} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBC02A92-534D-47E6-AF7C-9D82E2473B57} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC008F07-64D2-43E7-BE69-6841833C57DA} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCE789A9-C506-4DE7-9351-BEF19310131C} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCE789A9-C506-4DE7-9351-BEF19310131C} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDA2DEEA-2B3B-4F22-93EE-AFE46A8FF737} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFB8C26C-356E-4F26-84D9-89C1CCD8CD5} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D20A9B7-3CF2-4CF4-8E72-1ABE784133C} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8548920-E5C5-417A-825F-6D27C6AEE5A1} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D984EAB6-89A1-46D0-BEBC-4FFA77F826EC} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D98941DE-9808-48A7-9091-2B4669369DBD} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DADC05A1-5145-4E65-905D-A571BF7BB80} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC71891-B44E-4460-B58C-8BD28C7877E} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDE79F7D-BAC2-4A14-BE72-25C1D4429983} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E02D0ECA-F2D9-4E93-93DF-91D57ACD5DA} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E140590C-65EA-4997-9834-A3F2F27212C0} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E140590C-65EA-4997-9834-A3F2F27212C0} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1EF0AD4-4AD8-488F-AB16-137DBE5AAE9E} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E470D065-5FCC-49D2-AC38-CBF1B261A0BC} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E613ECAF-7CD-4053-91A-E0154440903E} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA2EA80D-E787-4381-A0A6-9AFFFC1AE9EF} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB9350E0-A093-46C9-93DC-452FEB501CA5} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC61E115-5C39-4144-B68-AF8BB0FBA990} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED9F1217-B119-41DC-A420-F2BEBAD0CDFD} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDAE1523-EF3C-48D0-B6B0-D72468EA5526} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1D88A78-D2B8-4094-ABD0-9B48F48F669} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7D9135B-59B6-42D4-997E-62B99A9FA1B} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F87487F6-AC81-4F45-9C0-26BF66539AB} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8D7B05C-72F5-46BC-923-9A26B46CAFE8} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8D7B05C-72F5-46BC-923-9A26B46CAFE8} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F939CD97-68E0-4F95-8137-7CEA1F529F1C} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD366082-300A-4A6F-A43A-5FE122C52C50} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE63D1FF-3322-43A9-A4AD-C05F6C598235} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE63D1FF-3322-43A9-A4AD-C05F6C598235} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE6D905E-D5BF-4458-A21D-21C6A23E9E27} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE6D905E-D5BF-4458-A21D-21C6A23E9E27} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04734f44-4cfd-4491-816a-4831b9c15c3a} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84acb84c-d0c7-4c1e-a216-0ffa24f46d46} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{af1b172c-f5b8-4bb2-b196-0b96940880ce} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c1e0e3c9-74a4-40d5-9b2b-972f352c5bd5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{E87806B5-E908-45FD-AF5E-957D83E58E68} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{93DBF2BB-A2B3-4683-A92E-57E60751F346} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{70956a7e-af16-4c30-a0b2-a8530b9a4bf1} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{f3e96a3a-3ad9-4bdd-abcb-8f3f6756aba3} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{d901c848-d153-4f9a-a6df-40b9a471e688} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully
HKEY_USERS\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411821192} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\591fc86d deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\591fc86d deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BackupStack deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BackupStack deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default

user.js not found
---- Lines aRNEOMVW50611856ZKVKQ22976610com61908 removed from prefs.js ----
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.InstallationThankYouPage", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.InstallationTime", 1406463645);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comaRNEOMVW50611856ZKVKQ22976610com61908_dbWasSet", tr
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comaRNEOMVW50611856ZKVKQ22976610com61908_dbWasSet_FF25
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncdb_dbWasSet", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.active", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.addressbar", "NA");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.addressbarenhanced", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.asyncdb.was_copied", "true");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.asyncinternaldb.was_copied", "true");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.backgroundver", 1);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.certdomaininstaller", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.changeprevious", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallationTime.value", "%221406463645%22");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%22%3A%
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.description", "Just Save");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.domain", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.enablesearch", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.homepage", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.iframe", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%224D72F5F429AE49A
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%22
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%224D72F5
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_appVer.value", "8");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_nextCheck.expiration", "Mon Jul 28 2014 21:09:27 GMT+0200");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.__defualt_browser__.value", "%22opera%22");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67108872%2C-2147483
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.lastDailyReport", "1406552954217");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.lastUpdate", "1406552953216");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.manifesturl", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.name", "SavePass");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.newtab", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.opensearch", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.pluginsurl", "http://js.infodatacloud.com/plugin/apps/61908/plugins/na/ff/plugins.js
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.pluginsversion", 3);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.publisher", "OutBrowse");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.searchstatus", 0);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.setnewtab", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.thankyou", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.updateinterval", 360);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.ver", 8);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.apps", "61908");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.bic", "1477d16a9e32c7d7ebd69f5741fe79ac");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.cid", 61908);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.firstrun", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.hadappinstalled", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.installationdate", 1406552943);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.installerAdditionalInfo", "{\"asw\":[67108872, -2147483579, 16777216]}");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.modetype", "production");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.reportInstall", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.statsDailyCounter", 1);
---- Lines ac1b9d30675ba43908a8b76b504015572gmailcom61764 removed from prefs.js ----
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.active", true);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.addressbar", "NA");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.addressbarenhanced", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.asyncdb.was_copied", "true");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.asyncinternaldb.was_copied", "true");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.backgroundver", 1);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comac1b9d30675ba43908a8b76b50401
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comac1b9d30675ba43908a8b76b50401
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncdb_dbWasSet", true);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncdb_dbWasSet_FF25_FIX", t
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncinternaldb_dbWasSet", tr
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.c1b9d306-75ba-4390-8a8b-76b504015572@gmail.comasyncinternaldb_dbWasSet_FF25
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.certdomaininstaller", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.changeprevious", false);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallationTime.value", "%221406463701%22");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001902%22%2C%22sub_
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.description", "Turn YouTube videos to High Definition by default");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.domain", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.enablesearch", false);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.homepage", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.iframe", false);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.InstallationThankYouPage", true);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.InstallationTime", 1406463701);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.__defualt_browser__.value", "%22opera%22");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67108872%2
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22install
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%224D72F5
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001902%22%2C%22
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001902%22%
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 203
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_appVer.value", "20");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_nextCheck.expiration", "Mon Jul 28 2014 21:09:29 GMT+0
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.lastDailyReport", "1406552968075");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.lastUpdate", "1406552968001");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.manifesturl", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.name", "P-HD-V1.4");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.newtab", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.opensearch", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.pluginsurl", "http://js.infodatacloud.com/plugin/apps/61764/plugins/na/ff/p
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.pluginsversion", 14);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.publisher", "P-HD");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.searchstatus", 0);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.setnewtab", false);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.thankyou", "");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.updateinterval", 360);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.61764.ver", 20);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.apps", "61764");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.bic", "1477d16a9e32c7d7ebd69f5741fe79ac");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.cid", 61764);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.firstrun", false);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.hadappinstalled", true);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.installationdate", 1406552943);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.installerAdditionalInfo", "{\"asw\":[67108872, -2139094971, 16777216]}");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.modetype", "production");
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.reportInstall", true);
user_pref("extensions.ac1b9d30675ba43908a8b76b504015572gmailcom61764.statsDailyCounter", 1);
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q=
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.startup.homepage", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84");
user_pref("keyword.URL", "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84&l=1&q=");
---- Lines offers removed from prefs.js ----
user_pref("extensions.speedtest4354@BestOffers.id", "\"1d6d209e-4e70-7ef5-ca5b-e4a6e66532f3\"");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- Lines extensions.0JKVdFj removed from prefs.js ----
user_pref("extensions.0JKVdFj.epoch", "1407530933");
user_pref("extensions.0JKVdFj.url", "http://fastgroupchinayour.net/sync2/?q=hfZ9ofDSBShEAen0rHsErihTB6lKDzt4oltjtNtVh7n0rjnEqHs5rTsEqds9tMFHhd9Fqda5rd
---- Lines extensions.1S_9FL9 removed from prefs.js ----
user_pref("extensions.1S_9FL9.epoch", "1407530932");
user_pref("extensions.1S_9FL9.url", "http://guardsetstarr.info/sync2/?q=hfZ9ofbTAy1MCyVUojrGrdwMg708BNmGWj8ikGhGheDUojw9rdCGpdsGrdwGpchIC7n0rjnEpda6rT
---- Lines extensions.OK2_ removed from prefs.js ----
user_pref("extensions.OK2_.epoch", "1407530933");
---- Lines extensions.Ywo removed from prefs.js ----
user_pref("extensions.Ywo.epoch", "1407530934");
---- Lines extensions.iEQF1GpIf removed from prefs.js ----
user_pref("extensions.iEQF1GpIf.epoch", "1407530934");
---- Lines extensions.xuVHVAY removed from prefs.js ----
user_pref("extensions.xuVHVAY.epoch", "1407530932");
user_pref("extensions.xuVHVAY.url", "http://simpleguardcompletesun.in/sync2/?q=hfZ9ofbTAy1MCyVUojCFqchTB6lKDzt4oltjtNtVh7n0rjnEqHw4rjYFrHk4tMFHhd9Fqda
---- FireFox user.js and prefs.js backups ----

prefs_25.02.2015_1925_.backup

ProfilePath: C:\Users\prle\AppData\Roaming\Thunderbird\Profiles\9ih8p39i.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_25.02.2015_1925_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoSystemTray]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GenieoUpdaterService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\se]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPDriver]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^prle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== Deleting Files \ Folders ======================

C:\Program Files\Alwil Software not found
C:\Program Files\Glarysoft not found
C:\Program Files\KONAMI not found
C:\Program Files\LibraryApps not found
C:\Program Files\Malwarebytes' Anti-Malware not found
C:\Program Files\PragmaFunc not found
C:\Program Files\R.G. Mechanics not found
C:\Program Files\Samsung not found
C:\Program Files\SecurityXploded not found
C:\Program Files\Sony Ericsson not found
C:\Program Files\Sony Mobile not found
C:\Program Files\SystemAugment not found
C:\Program Files\Utherverse Digital Inc not found
C:\Program Files\Voznja not found
C:\Program Files\LibraryApps not found
C:\Program Files\SystemAugment not found
C:\Users\\prle\AppData\Roaming\Genieo not found
C:\Users\prle\AppData\Roaming\SkypEmoticons not found
C:\Program Files\ShopperPro not found
C:\Program Files\AVG Secure Search not found
C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found
C:\Program Files\Temp deleted
C:\Program Files\UenniDeaLsa deleted
C:\Program Files\UniDeals deleted
C:\Program Files\UniiDealse deleted
C:\Program Files\BocaFunc deleted
C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter deleted
C:\Program Files\UniDueaaolsoa deleted
C:\Program Files\MyPC Backup deleted
C:\ProgramData\mklmbnpkafihmmhjhkdielpafiioicaj deleted
C:\ProgramData\fjccnbdbhediagolgafkefkgaiicffgh deleted
C:\ProgramData\ognmjdhiemmlmcohmbfpmfiofigblfle deleted
C:\ProgramData\{d781939f-3188-0949-d781-1939f3184e7c} deleted
C:\ProgramData\{05592932-1ad3-9d7b-0559-929321ada4c8} deleted
C:\ProgramData\2727273379398511586 deleted
C:\ProgramData\npkgecfgpbaioddpbgopdbfllmlgiofi deleted
C:\ProgramData\{eddcd3fd-fc19-725b-eddc-cd3fdfc14ff7} deleted
C:\Windows\pss\MyPC Backup.lnk.Startup deleted
C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\KMSpico v9 3 2.lnk deleted
C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.lnk deleted
C:\Users\prle\AppData\LocalLow\{00A23F44-9F69-E1E5-0A50-6F5043E3933C} deleted
C:\Users\prle\AppData\LocalLow\{099ECB26-E9C5-443A-2CDE-5DC332DF755C} deleted
C:\Users\prle\AppData\LocalLow\{14669796-CB3C-9319-34CA-35BBB8D245CB} deleted
C:\Users\prle\AppData\LocalLow\{3FEAEC20-746B-0718-E9CF-36BE3447B908} deleted
C:\Users\prle\AppData\LocalLow\{453FA534-9E32-9505-97D9-08904D3E50E6} deleted
C:\Users\prle\AppData\LocalLow\{FEB569F1-BAF6-0E26-D327-ABA8F275D30A} deleted
C:\PROGRA~2\SummerSoft deleted
C:\Users\prle\.android deleted
C:\Users\prle\AppData\Roaming\PLGComp.ini deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\prle\AppData\Local\updater.log deleted
C:\Users\prle\AppData\Local\Skillbrains deleted
C:\Users\prle\AppData\Local\Installer deleted
C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup deleted
C:\Users\prle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot deleted
C:\Users\prle\AppData\LocalLow\{160BEE9D-7658-C4F5-F4D4-D1B72CDA0E7B} deleted
C:\Users\prle\AppData\LocalLow\{3858F4D9-B62E-B792-D721-2F8A9D4ACFFB} deleted
C:\Users\prle\AppData\LocalLow\{BE682707-07C5-DB3D-C25D-B7D72987BFD0} deleted
C:\Users\prle\AppData\LocalLow\{EF33DFE3-410A-DA77-323E-31083972CF43} deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\System32\AniGIF.ocx deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\searchplugins\WebSearch.xml deleted
C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\staged deleted
"C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not deleted
"C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not deleted
"C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.exe" deleted
"C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not deleted
"C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not deleted
"C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\KMSpico v9 3 2.exe" deleted
"C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not deleted
"C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not deleted
"C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\Windows 7 Genuine Activation RemoveWAT 2 2 6 0 NLT Release.exe" deleted
"C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not deleted
"C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not deleted
"C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\KMSpico v9 3 2.exe" deleted
"C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not deleted
"C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not deleted
"C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not deleted
"C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
- LavaFox V2 - %ProfilePath%\extensions\info@djzig.com
- Undetermined - %ProfilePath%\extensions\lwthemes-manager@loucypher.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\prle\AppData\Roaming\Thunderbird\Profiles\9ih8p39i.default
- Test Pilot for Thunderbird - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
9759358F96AD19A9BC6E7314FB99D830 - C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
5E4595C16426E695B0D2049FFF71F77C - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\prle\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\prle\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 40.0.2214.115)


==== Chromium Startpages ======================

C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84",
"startup_urls": [ "http://websearch.swellsearch.info/?pid=21849&r=2015/02/24&hid=13649677362648961605&lg=EN&cc=RS&unqvl=84" ],


==== Chromium Fix ======================

C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.swellsearch.info_0.localstorage deleted successfully
C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.swellsearch.info_0.localstorage-journal deleted successfully
C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpejaigcnihfpkghmgbkldlhpmoodlic_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0E90424D-0616-420E-8E5C-6B6FD05CD6D7} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07af7647-0fef-460a-a4be-1fc23e009b1e} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{07af7647-0fef-460a-a4be-1fc23e009b1e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07af7647-0fef-460a-a4be-1fc23e009b1e} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0e1e61cb-381d-4b03-9bc3-7652bb48f3a2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0e1e61cb-381d-4b03-9bc3-7652bb48f3a2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e1e61cb-381d-4b03-9bc3-7652bb48f3a2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ef03c57-4ce2-4e45-80b5-52e780433ce5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6ef03c57-4ce2-4e45-80b5-52e780433ce5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ef03c57-4ce2-4e45-80b5-52e780433ce5} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3RVX deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chatango deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Ultra Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f.lux deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fences deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Password Door deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite deleted successfully

==== Empty IE Cache ======================

C:\Users\prle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\prle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\prle\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\prle\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\prle\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=254 folders=88 48558226 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\prle\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\prle\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not found
"C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not found
"C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not found
"C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not found
"C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\6725f7966a30d02a" not found
"C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}\aad851c34de437fe" not found
"C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\67082849fc23c2ae" not found
"C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}\aaf58e1cdbf7257a" not found
"C:\ProgramData\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not found
"C:\ProgramData\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not found
"C:\PROGRA~2\{2b1133ff-80bc-8917-2b11-133ff80bcffe}" not found
"C:\PROGRA~2\{9de6a595-1ded-33fa-9de6-6a5951de9654}" not found

==== EOF on sre 25.02.2015 at 19:31:28,18 ======================

Dopuna: 25 Feb 2015 19:39

DOPUNA


Sada FRST program radi, bez problema.
Skeniranje uspešno.

-------> Izvoli

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by prle (administrator) on PRLE-PC on 25-02-2015 19:34:31
Running from C:\Users\prle\Downloads
Loaded Profiles: prle & UpdatusUser (Available profiles: prle & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: engleski (SAD)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Stardock\WindowBlinds\WBSrv.exe
(Stardock Software, Inc) C:\Program Files\Stardock\WindowBlinds\WBCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [] => [X]
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\Run: [uTorrent] => C:\Users\prle\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-25] (BitTorrent Inc.)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\MountPoints2: {cd0294e6-8447-11e4-8c81-6c626d450386} - F:\setup.exe
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [Password Door] => C:\PROGRA~1\PASSWO~1\TLPD.EXE
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\...\Run: [LightShot] => C:\Users\UpdatusUser\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&.....M%3DIE8SRC
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1606030900-3430388029-1771253369-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&.....M%3DIE11SR
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1606030900-3430388029-1771253369-1003 -> {0E90424D-0616-420E-8E5C-6B6FD05CD6D7} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 178.217.8.10 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606030900-3430388029-1771253369-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\prle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1606030900-3430388029-1771253369-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pogodakyu.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\vokabular.xml
FF Extension: LavaFox V2 - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\info@djzig.com [2014-10-09]
FF Extension: Lightweight Themes Manager - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\lwthemes-manager@loucypher.xpi [2014-03-17]
FF Extension: Stylish - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-03-17]
FF Extension: YouTube High Definition - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-03-17]
FF Extension: Adblock Plus - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-17]
FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 1640B246F3DB79A353AB140EE3CB6DCE9B62BCD2EB9A9E49494D758371FC538B
CHR DefaultSearchURL: Default -> 3A2F1F4279D4EE6E909A16034EA11F7E6BAF3BFC874330CAD8AA80186C5B4188
CHR Profile: C:\Users\prle\AppData\Local\Google\Chrome\User Data\Default

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WindowBlinds; C:\Program Files\Stardock\WindowBlinds\wbsrv.exe [84592 2014-03-10] (Stardock Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1570304 2012-10-18] (Atheros Communications, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems)
S3 gggen; C:\Windows\System32\DRIVERS\gggen.sys [11648 2006-09-28] (Sony Ericsson Mobile Communications) [File not signed]
S3 ggsemc; C:\Windows\System32\DRIVERS\ggsemc.sys [11648 2006-09-28] (Sony Ericsson Mobile Communications) [File not signed]
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-08-03] (Sony Mobile Communications)
S3 hcdriver; C:\Windows\System32\DRIVERS\hcdriver.sys [55208 2013-08-21] (Intel Corporation)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [22688 2014-07-20] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125mgmt; C:\Windows\System32\DRIVERS\s125mgmt.sys [100488 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2014-01-18] (Duplex Secure Ltd.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 cpuz134; \??\C:\Users\prle\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 19:34 - 2015-02-25 19:34 - 00015049 _____ () C:\Users\prle\Downloads\FRST.txt
2015-02-25 19:34 - 2015-02-25 19:34 - 00000000 ____D () C:\FRST
2015-02-25 19:33 - 2015-02-25 19:33 - 01127424 _____ (Farbar) C:\Users\prle\Downloads\FRST.exe
2015-02-25 19:30 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-25 19:07 - 2015-02-25 19:27 - 00000000 ____D () C:\zoek_backup
2015-02-25 14:02 - 2015-02-25 19:30 - 00001388 _____ () C:\Windows\PFRO.log
2015-02-25 13:57 - 2015-02-25 13:57 - 00000000 ____D () C:\Genuine Activator for Windows XP Vista and Win 7
2015-02-25 13:56 - 2015-02-25 13:56 - 00003533 _____ () C:\Users\prle\Downloads\[kickass.to]genuine.activator.for.windows.xp.vista.and.win.7.honest.torrent
2015-02-25 13:48 - 2015-02-25 19:31 - 00072679 _____ () C:\zoek-results.log
2015-02-25 13:47 - 2015-02-13 00:50 - 01440116 _____ () C:\Users\prle\Downloads\zoek.scr
2015-02-25 13:47 - 2015-02-13 00:50 - 01440116 _____ () C:\Users\prle\Downloads\zoek.pif
2015-02-25 13:47 - 2015-02-13 00:50 - 01440116 _____ () C:\Users\prle\Downloads\zoek.com
2015-02-25 13:46 - 2015-02-25 13:47 - 04311354 _____ () C:\Users\prle\Downloads\zoek.rar
2015-02-24 14:34 - 2015-02-25 19:31 - 00001426 _____ () C:\Windows\setupact.log
2015-02-24 14:34 - 2015-02-24 14:34 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 09:18 - 2015-02-21 09:18 - 00000000 __SHD () C:\Users\prle\AppData\Local\EmieUserList
2015-02-21 09:18 - 2015-02-21 09:18 - 00000000 __SHD () C:\Users\prle\AppData\Local\EmieSiteList
2015-02-21 09:18 - 2015-02-21 09:18 - 00000000 __SHD () C:\Users\prle\AppData\Local\EmieBrowserModeList
2015-02-18 18:20 - 2015-02-18 18:20 - 00002687 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-02-18 18:20 - 2015-02-18 18:20 - 00000000 ___RD () C:\Program Files\Skype
2015-02-18 18:20 - 2015-02-18 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-18 18:20 - 2015-02-18 18:20 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-02-13 17:43 - 2015-02-13 17:43 - 00002652 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk
2015-02-13 17:43 - 2015-02-13 17:43 - 00002552 _____ () C:\Users\Public\Desktop\Nero Home.lnk
2015-02-13 17:42 - 2015-02-13 17:43 - 20434858 _____ () C:\Users\prle\Downloads\hdsentinel_trial_setup.zip
2015-02-13 17:39 - 2015-02-13 17:39 - 00000000 ____D () C:\ProgramData\Nero
2015-02-13 17:39 - 2015-02-13 17:39 - 00000000 ____D () C:\Program Files\Nero
2015-02-13 17:22 - 2015-02-13 17:24 - 00000000 ____D () C:\Nero 7.10.1.0 By M3ZKAL
2015-02-13 17:17 - 2015-02-13 17:19 - 00000000 ____D () C:\z
2015-02-12 23:12 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 23:12 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 05:52 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 05:52 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 05:52 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 05:52 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 05:52 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 05:52 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 05:52 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 05:52 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 05:52 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 05:52 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 05:52 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 05:52 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 05:52 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 05:51 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 05:51 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 05:51 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 05:51 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 05:51 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 05:51 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 05:51 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 05:51 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 05:51 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 05:51 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 05:51 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 05:51 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 05:51 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 05:51 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 05:51 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 05:51 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 05:51 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 05:51 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 05:50 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 05:50 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 05:50 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 05:50 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 05:50 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 05:50 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 05:50 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 05:50 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 05:50 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 05:50 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 05:50 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 05:50 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 05:50 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 05:50 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 05:50 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 05:50 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 05:50 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 05:50 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 05:50 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 05:50 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 05:50 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 05:50 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 05:50 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 05:50 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 05:50 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 05:50 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 05:50 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 05:50 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 05:49 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 05:49 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 05:49 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 05:49 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 05:49 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 09:54 - 2015-02-10 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-02-10 09:54 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2015-02-10 09:51 - 2015-02-10 09:51 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-02-10 09:50 - 2015-02-10 09:50 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-02-10 09:50 - 2015-02-10 09:50 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-10 09:48 - 2015-02-10 09:48 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2015-02-10 09:45 - 2015-02-10 09:45 - 00000000 __RHD () C:\MSOCache
2015-02-09 16:24 - 2015-02-09 16:24 - 00000071 _____ () C:\Users\prle\Downloads\listen (2).pls
2015-02-07 16:02 - 2015-02-07 16:02 - 00000071 _____ () C:\Users\prle\Downloads\listen.pls
2015-02-07 16:02 - 2015-02-07 16:02 - 00000071 _____ () C:\Users\prle\Downloads\listen (1).pls
2015-02-07 07:43 - 2015-02-07 07:43 - 00000000 ____D () C:\Users\prle\AppData\Roaming\addpcs
2015-02-07 07:34 - 2015-02-02 19:13 - 01388274 _____ (Thisisu) C:\Users\prle\Desktop\JRT_NEW.exe
2015-02-07 07:32 - 2015-02-07 07:33 - 00000000 ____D () C:\Users\prle\Desktop\Sve i svasta
2015-02-05 06:08 - 2015-02-05 06:08 - 00000000 ____D () C:\Program Files\Common Files\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 19:32 - 2013-08-28 16:39 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 19:31 - 2013-08-28 16:39 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 19:31 - 2013-06-28 11:51 - 00000000 ____D () C:\Users\prle\AppData\Roaming\uTorrent
2015-02-25 19:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 19:30 - 2014-07-27 21:37 - 01442603 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 19:30 - 2013-06-28 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 19:30 - 2009-07-14 05:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 19:30 - 2009-07-14 05:34 - 00020512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\prle\AppData\Local\Comodo
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-02-25 19:27 - 2014-07-19 19:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2015-02-25 19:27 - 2013-06-28 11:59 - 00000000 ____D () C:\Users\prle\AppData\Local\Google
2015-02-25 19:26 - 2014-07-07 01:49 - 00000000 ____D () C:\Windows\pss
2015-02-25 19:26 - 2013-06-28 11:10 - 00000000 ____D () C:\Users\prle
2015-02-25 19:26 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-25 18:49 - 2015-01-01 21:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 13:44 - 2014-07-27 00:56 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Skype
2015-02-24 20:08 - 2013-06-28 11:15 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-24 19:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-24 18:03 - 2014-05-26 23:00 - 00233472 ___SH () C:\Users\prle\Downloads\Thumbs.db
2015-02-24 15:57 - 2013-08-20 20:26 - 03070464 ___SH () C:\Users\prle\Desktop\Thumbs.db
2015-02-24 14:43 - 2013-06-28 11:48 - 00000000 ____D () C:\Program Files\Opera
2015-02-24 12:21 - 2013-06-28 12:11 - 00000000 ____D () C:\Users\prle\AppData\Roaming\Winamp
2015-02-23 21:59 - 2013-06-28 12:03 - 00000000 ____D () C:\Users\prle\AppData\Local\Adobe
2015-02-23 21:57 - 2013-06-28 12:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-23 21:57 - 2013-06-28 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-18 18:20 - 2013-06-28 12:09 - 00000000 ____D () C:\ProgramData\Skype
2015-02-15 03:57 - 2009-07-14 08:49 - 00000000 ____D () C:\Windows\ShellNew
2015-02-13 17:49 - 2014-08-06 04:06 - 00000000 ____D () C:\Program Files\Hard Disk Sentinel
2015-02-13 17:41 - 2013-07-04 05:52 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2015-02-13 11:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 05:15 - 2009-07-14 05:33 - 03831880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 05:13 - 2014-12-14 15:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 05:13 - 2014-12-14 15:10 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 05:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-12 04:02 - 2014-12-10 14:27 - 00000000 ____D () C:\Windows 7 Ultimate SP1 (32 Bit)
2015-02-12 03:30 - 2013-07-14 18:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:12 - 2013-07-02 21:03 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 03:11 - 2014-12-10 16:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 03:05 - 2013-07-03 08:28 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-12 03:05 - 2013-07-03 08:27 - 00002155 _____ () C:\Windows\epplauncher.mif
2015-02-12 03:05 - 2013-06-29 21:06 - 00111520 _____ () C:\Users\prle\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-12 03:04 - 2013-07-03 08:28 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-10 09:51 - 2014-06-09 14:14 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-10 09:51 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-10 09:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-10 09:50 - 2013-07-14 18:57 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-02-10 09:47 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-02-05 08:46 - 2013-09-11 08:19 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-02-05 06:07 - 2014-08-29 04:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-05 06:07 - 2014-01-05 01:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-05 06:07 - 2013-07-06 16:01 - 00000000 ____D () C:\Program Files\Java
2015-01-28 10:54 - 2014-03-12 20:52 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-27 20:29 - 2014-03-12 20:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-27 20:28 - 2013-06-28 11:40 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-27 20:26 - 2014-11-16 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-01-27 20:26 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET

==================== Files in the root of some directories =======

2015-01-30 01:13 - 2015-01-30 01:14 - 0000115 _____ () C:\Users\prle\AppData\Roaming\LogFile.txt
2013-08-08 12:44 - 2013-08-10 14:09 - 0000018 _____ () C:\Users\prle\AppData\Roaming\uid.dat
2012-05-03 12:12 - 2012-05-03 12:12 - 0000532 _____ () C:\Users\prle\AppData\Local\datos.txt
2014-08-06 04:16 - 2014-08-06 04:16 - 0000001 _____ () C:\Users\prle\AppData\Local\llftool.4.40.agreement
2013-07-07 05:30 - 2014-08-29 04:52 - 0007598 _____ () C:\Users\prle\AppData\Local\Resmon.ResmonCfg
2013-07-27 02:03 - 2014-10-09 00:44 - 0000435 _____ () C:\Users\prle\AppData\Local\UserProducts.xml

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 04:17

==================== End Of Log ============================


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Odlično.


Arrow Korak 1

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt



Arrow Korak 2

Ponovo skini FRST i probaj opet da postaviš izvještaje koji se traže u uputstvu za otvaranje teme.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Napisano: 25 Feb 2015 19:42

FRST je okačen, poruka iznad, sa Addition fajlom.

Dopuna: 25 Feb 2015 19:48

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10621
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

OK. Idemo dalje.


Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

KingfisherAggregator
TechFuser



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\prle\AppData\Roaming\Mozilla\Firefox\Profiles\jama4nzo.default\extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com [Not Found]
HKU\S-1-5-21-1606030900-3430388029-1771253369-1000\...\MountPoints2: {cd0294e6-8447-11e4-8c81-6c626d450386} - F:\setup.exe
Task: {238B553A-A6D7-4C17-8675-FE8779651066} - System32\Tasks\{B3522109-C991-4D67-AAF7-5995B150AB7C} => pcalua.exe -a "C:\Program Files\Password Door\uninst.exe"
Task: {54261CDB-EC34-41A8-9399-F103EC1E7CFE} - System32\Tasks\{229C8E19-A50F-4CFF-AD5C-CAD2217874EF} => pcalua.exe -a "C:\Program Files\ShopperPro\SPremove.exe" <==== ATTENTION
Task: {74A23698-2B0A-406F-8F3E-9ABC53E1E97B} - System32\Tasks\{BF56B925-1165-496E-BFC1-B7B1FC14A39C} => pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe"
Task: {8FF13D53-DE5A-4345-9BE2-106F9C37E69E} - System32\Tasks\{34C64026-428E-4F88-9270-A349D7F801C5} => pcalua.exe -a "C:\Program Files\KONAMI\Pro Evolution Soccer 2009\Uninstall.exe"
Task: {90C71143-D045-4845-872F-FC66445B1FA0} - System32\Tasks\{AFAAEA38-A906-4343-BD86-FC174C2C6646} => pcalua.exe -a "D:\Prle\Prle Fajlovi\Memory\Make Bootable USB Pen Drive For Windows XP,Windows 7,And Windows 8\Windows XP\WinSetupFromUSB_0-2-3.exe" -d "D:\Prle\Prle Fajlovi\Memory\Make Bootable USB Pen Drive For Windows XP,Windows 7,And Windows 8\Windows XP"


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Ko je trenutno na forumu
 

Ukupno su 749 korisnika na forumu :: 22 registrovanih, 4 sakrivenih i 723 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., BSD, Dorcolac, Drug pukovnik, helen1, janezek67, kybonacci, Lieutenant, Marko Marković, Mlav, Najax, nebkv, ObelixSRB, RecA, S-lash, sabros, Singidunumac, Srki98, Vlad000, Vlada1389, vlvl