Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
Ran by Nancy (administrator) on SILENT-KNIGHT (01-05-2016 20:55:13)
Running from E:\Desktop
Loaded Profiles: Nancy (Available Profiles: Nancy & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2015-04-25] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [C:\Windows\system32\V0650Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0650Ext.ax
HKLM\...\Run: [Sound+] => C:\Program Files\Sound+\Sound+.exe [3486208 2016-02-03] (Sound+)
HKLM\...\Run: [IDSCCOM30I] => C:\Program Files\Sound+\idsccom_30I.exe [3962880 2016-05-01] ()
HKLM\...\Run: [WINCOMFKK] => C:\Program Files (x86)\sunnyday\wincom_FKK.exe [3962880 2016-05-01] ()
HKLM\...\Run: [autoauto] => notepad
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\dissertation\zest.exe [41512 2016-05-01] ()
HKLM\...\Run: [pollen.exeundependable.exe] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM\...\Run: [interpee] => C:\Program Files (x86)\herc\undependable.exe [9728 2016-05-01] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2015-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Rocket Live! Central 2] => F:\Live! Central\RFLVCentral2.exe [430247 2010-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0650Mon.exe] => C:\Windows\V0650Mon.exe
HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0650Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0650Ext.ax
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4048896 2016-04-28] ()
HKLM-x32\...\Run: [ic-0.1fcc3ebbfe2ffc.exe -start] => C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.1fcc3ebbfe2ffc.exe [1931264 2016-05-01] () <===== ATTENTION
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [641536 2016-03-24] ()
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1141760 2016-04-18] ()
HKLM-x32\...\Run: [ospd_us_014010315] => C:\Program Files (x86)\ospd_us_014010315\ospd_us_014010315.exe [3970560 2016-05-01] ()
HKLM-x32\...\Run: [autoauto] => notepad
HKLM-x32\...\Run: [cutoauto] => C:\Program Files (x86)\dissertation\zest.exe [41512 2016-05-01] ()
HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM-x32\...\Run: [interpee] => C:\Program Files (x86)\herc\undependable.exe [9728 2016-05-01] ()
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Sound+\idscservice.exe [665600 2016-05-01] (pZ)
HKLM\...\RunOnce: [OTUTPRODUCT_ZGGM2] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [666624 2016-05-01] (pZ)
HKLM-x32\...\RunOnce: [upospd_us_014010315.exe] => C:\Users\Nancy\AppData\Local\ospd_us_014010315\upospd_us_014010315.exe [3316224 2016-05-01] ()
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Nancy\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Dropbox Update] => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Reflector2] => [X]
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify Web Helper] => C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify] => C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Discord] => C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-22] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6971200 2016-04-28] (Kakao Corp. )
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Caster] => C:\Program Files\Caster\wizzcaster.exe [172032 2016-05-01] (JUASz)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [WindowsApplication] => C:\Program Files (x86)\SecuriDex\WindowsApplication.exe [22528 2016-01-20] ()
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Buzzing Dhol] => C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe [699392 2016-04-12] ()
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Buzzing Dhol.exe] => C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe [699392 2016-04-12] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-01-11]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711.lnk [2016-05-01]
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711tidied.lnk [2016-05-01]
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tidied.lnk [2016-05-01]
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E8CCB68E-BEC6-4D4C-8BA5-713CB8597C08}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
BHO: Oewapboable -> {57DA253B-A70A-4093-95E4-9E0AF6B9BFBE} -> C:\Program Files\Oewapboable\Fiqpoog64.dll [2016-05-01] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
BHO: Addon Class -> {79F768ED-0B12-42EF-8257-36751A0ECF3A} -> C:\Program Files\Faster Web\ShoppingOptimizerBHO.dll [2015-04-06] (Shopping Optimization Solutions LTD)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2016-03-29] (Compete, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)
BHO-x32: Oewapboable -> {57DA253B-A70A-4093-95E4-9E0AF6B9BFBE} -> C:\Program Files\Oewapboable\Fiqpoog.dll [2016-05-01] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
BHO-x32: Addon Class -> {79F768ED-0B12-42EF-8257-36751A0ECF3A} -> C:\Program Files (x86)\Faster Web\ShoppingOptimizerBHO.dll [2015-04-06] (Shopping Optimization Solutions LTD)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> E:\Downloads\Arc\Plugins\ArcPluginIE.dll [2015-06-11] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2016-03-29] (Compete, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> E:\Downloads\Arc\plugins\NPSWF32.dll [2015-05-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-04] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> E:\Downloads\Arc\Plugins\npArcPluginFF.dll [2015-06-11] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-1716612969-2344737603-4151003975-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi
FF Extension: Faster Web - Make Your Browser FAST! - C:\Program Files (x86)\Faster Web\faster-web.xpi [2015-03-25] [not signed]
FF HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi [2016-04-22]
Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch
CHR StartupUrls: Profile 1 -> "hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Profile 1 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,
CHR DefaultSearchKeyword: Profile 1 -> www-searching.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-11]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-11]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-11]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-11]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-11]
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-12]
CHR Extension: (BetterTTV) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-25]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-12]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 82BC71A2-A94C-4559-9C9F-E2D36BF7F6F7; C:\Program Files\Oewapboable\Telbepuc.exe [275808 2016-05-01] ()
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 AppVerifier; C:\ProgramData\App-verifier\AppVerifier.exe [38912 2016-04-25] (AppVerifier) [File not signed]
S3 ArcService; E:\Downloads\Arc\ArcService.exe [88400 2015-06-11] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2016-05-01] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2016-05-01] (ConsumerInput)
S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
S2 Fejku; C:\Users\Nancy\AppData\Roaming\Reuopreux\Reuopreux.exe [174944 2016-05-01] ()
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2015-04-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S2 LhfuwForm; C:\Program Files\Oewapboable\LhfuwForm.exe [536928 2016-05-01] ()
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-01] (DotC United Inc)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S2 Oewapboable Updater; C:\Program Files\Oewapboable\Puhmi.exe [268128 2016-05-01] ()
S2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Nancy\AppData\Local\Temp\20160502\ct.exe [852992 2016-03-21] (Google Inc.) [File not signed]
S2 WinDriveSvc; C:\Program Files (x86)\windriveuse\WinDriveSync.exe [140984 2016-03-31] (Slideway Inc.)
S2 WinDriveSvc2; C:\Program Files (x86)\windriveuse\WinDriveSync_.exe [140984 2016-03-31] (Slideway Inc.)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 Wyaqki; "C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms [X]
Ran by Nancy (administrator) on SILENT-KNIGHT (01-05-2016 20:55:13)
Running from E:\Desktop
Loaded Profiles: Nancy (Available Profiles: Nancy & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2015-04-25] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [C:\Windows\system32\V0650Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0650Ext.ax
HKLM\...\Run: [Sound+] => C:\Program Files\Sound+\Sound+.exe [3486208 2016-02-03] (Sound+)
HKLM\...\Run: [IDSCCOM30I] => C:\Program Files\Sound+\idsccom_30I.exe [3962880 2016-05-01] ()
HKLM\...\Run: [WINCOMFKK] => C:\Program Files (x86)\sunnyday\wincom_FKK.exe [3962880 2016-05-01] ()
HKLM\...\Run: [autoauto] => notepad
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\dissertation\zest.exe [41512 2016-05-01] ()
HKLM\...\Run: [pollen.exeundependable.exe] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM\...\Run: [interpee] => C:\Program Files (x86)\herc\undependable.exe [9728 2016-05-01] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2015-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Rocket Live! Central 2] => F:\Live! Central\RFLVCentral2.exe [430247 2010-02-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [V0650Mon.exe] => C:\Windows\V0650Mon.exe
HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0650Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0650Ext.ax
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4048896 2016-04-28] ()
HKLM-x32\...\Run: [ic-0.1fcc3ebbfe2ffc.exe -start] => C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.1fcc3ebbfe2ffc.exe [1931264 2016-05-01] () <===== ATTENTION
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [641536 2016-03-24] ()
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1141760 2016-04-18] ()
HKLM-x32\...\Run: [ospd_us_014010315] => C:\Program Files (x86)\ospd_us_014010315\ospd_us_014010315.exe [3970560 2016-05-01] ()
HKLM-x32\...\Run: [autoauto] => notepad
HKLM-x32\...\Run: [cutoauto] => C:\Program Files (x86)\dissertation\zest.exe [41512 2016-05-01] ()
HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
HKLM-x32\...\Run: [interpee] => C:\Program Files (x86)\herc\undependable.exe [9728 2016-05-01] ()
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Sound+\idscservice.exe [665600 2016-05-01] (pZ)
HKLM\...\RunOnce: [OTUTPRODUCT_ZGGM2] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [666624 2016-05-01] (pZ)
HKLM-x32\...\RunOnce: [upospd_us_014010315.exe] => C:\Users\Nancy\AppData\Local\ospd_us_014010315\upospd_us_014010315.exe [3316224 2016-05-01] ()
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Nancy\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Dropbox Update] => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Reflector2] => [X]
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify Web Helper] => C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify] => C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Discord] => C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-22] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6971200 2016-04-28] (Kakao Corp. )
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Caster] => C:\Program Files\Caster\wizzcaster.exe [172032 2016-05-01] (JUASz)
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [WindowsApplication] => C:\Program Files (x86)\SecuriDex\WindowsApplication.exe [22528 2016-01-20] ()
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Buzzing Dhol] => C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe [699392 2016-04-12] ()
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Buzzing Dhol.exe] => C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe [699392 2016-04-12] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-01-11]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711.lnk [2016-05-01]
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711tidied.lnk [2016-05-01]
Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tidied.lnk [2016-05-01]
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E8CCB68E-BEC6-4D4C-8BA5-713CB8597C08}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT
HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
BHO: Oewapboable -> {57DA253B-A70A-4093-95E4-9E0AF6B9BFBE} -> C:\Program Files\Oewapboable\Fiqpoog64.dll [2016-05-01] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
BHO: Addon Class -> {79F768ED-0B12-42EF-8257-36751A0ECF3A} -> C:\Program Files\Faster Web\ShoppingOptimizerBHO.dll [2015-04-06] (Shopping Optimization Solutions LTD)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2016-03-29] (Compete, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)
BHO-x32: Oewapboable -> {57DA253B-A70A-4093-95E4-9E0AF6B9BFBE} -> C:\Program Files\Oewapboable\Fiqpoog.dll [2016-05-01] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
BHO-x32: Addon Class -> {79F768ED-0B12-42EF-8257-36751A0ECF3A} -> C:\Program Files (x86)\Faster Web\ShoppingOptimizerBHO.dll [2015-04-06] (Shopping Optimization Solutions LTD)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> E:\Downloads\Arc\Plugins\ArcPluginIE.dll [2015-06-11] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2016-03-29] (Compete, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> E:\Downloads\Arc\plugins\NPSWF32.dll [2015-05-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-04] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> E:\Downloads\Arc\Plugins\npArcPluginFF.dll [2015-06-11] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-1716612969-2344737603-4151003975-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi
FF Extension: Faster Web - Make Your Browser FAST! - C:\Program Files (x86)\Faster Web\faster-web.xpi [2015-03-25] [not signed]
FF HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi [2016-04-22]
Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch
CHR StartupUrls: Profile 1 -> "hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Profile 1 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,
CHR DefaultSearchKeyword: Profile 1 -> www-searching.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-11]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-11]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-11]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-11]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-11]
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-12]
CHR Extension: (BetterTTV) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-25]
CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-12]
CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-15]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 82BC71A2-A94C-4559-9C9F-E2D36BF7F6F7; C:\Program Files\Oewapboable\Telbepuc.exe [275808 2016-05-01] ()
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 AppVerifier; C:\ProgramData\App-verifier\AppVerifier.exe [38912 2016-04-25] (AppVerifier) [File not signed]
S3 ArcService; E:\Downloads\Arc\ArcService.exe [88400 2015-06-11] (Perfect World Entertainment Inc)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2016-05-01] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2016-05-01] (ConsumerInput)
S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
S2 Fejku; C:\Users\Nancy\AppData\Roaming\Reuopreux\Reuopreux.exe [174944 2016-05-01] ()
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2015-04-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S2 LhfuwForm; C:\Program Files\Oewapboable\LhfuwForm.exe [536928 2016-05-01] ()
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-01] (DotC United Inc)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S2 Oewapboable Updater; C:\Program Files\Oewapboable\Puhmi.exe [268128 2016-05-01] ()
S2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 windowsmanagementservice; C:\Users\Nancy\AppData\Local\Temp\20160502\ct.exe [852992 2016-03-21] (Google Inc.) [File not signed]
S2 WinDriveSvc; C:\Program Files (x86)\windriveuse\WinDriveSync.exe [140984 2016-03-31] (Slideway Inc.)
S2 WinDriveSvc2; C:\Program Files (x86)\windriveuse\WinDriveSync_.exe [140984 2016-03-31] (Slideway Inc.)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 Wyaqki; "C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms [X]
) (Fixed) (Total:931.51 GB) (Free:781.85 GB) NTFS
