Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-10-2014 Ran by Samsung at 2014-10-02 21:47:14 Run:1 Running from C:\Users\Samsung\Downloads Loaded Profile: Samsung (Available profiles: Samsung) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-14] (APN LLC.) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-22] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-22] (BonanzaDeals) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-16] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-16] (globalUpdate) [File not signed] R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-16] (Fuyu LIMITED) [File not signed] Task: {1918ED80-B514-42D0-9C09-296DBD49B40E} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3.exe [2014-09-16] (home) <==== ATTENTION Task: {37B913C4-B89D-4300-8D14-0DE14F5CBD34} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-1 => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe [2014-09-16] (home) <==== ATTENTION Task: {44B759DF-578E-4C34-A4DA-6237FE9E7B79} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4.exe [2014-09-16] (home) <==== ATTENTION Task: {46359AF1-9F2D-4F7A-820E-F6EC31330ACD} - System32\Tasks\5f5c1887-7282-49a1-9f9a-421c8f6a508c => C:\Program Files (x86)\TheHDvid-Codec V10\5f5c1887-7282-49a1-9f9a-421c8f6a508c.exe [2014-09-16] () <==== ATTENTION Task: {50B546FA-3D3D-4B82-80FC-2D965F15BDD3} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5_user => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe [2014-09-16] (home) <==== ATTENTION Task: {5ECB2F44-CA5A-4E4C-B96E-A6BCA981433C} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION Task: {710ACE3C-6CD0-41EE-99A9-DA18680D11FE} - System32\Tasks\FTdownloader V4.0-updater => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-updater.exe [2013-10-18] (installdaddy) <==== ATTENTION Task: {7191534E-9094-40DC-978A-421E4C2B857F} - System32\Tasks\Update Bonanza => C:\Users\Samsung\AppData\Roaming\UpdateBonanza\UpdateProc\UpdateTask.exe <==== ATTENTION Task: {77D86B1B-E003-4CB7-BC94-23F8DB28D1F7} - System32\Tasks\Digital Sites => C:\Users\Samsung\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION Task: {8EE53436-0C5F-4544-99E9-3CFC5759ADF8} - System32\Tasks\DigitalSite => C:\Users\Samsung\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe <==== ATTENTION Task: {A025987E-000B-4B70-B1E7-7E1E9065E3FE} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-16] (globalUpdate) <==== ATTENTION Task: {A61AD63B-6C1D-4484-831C-5A5F07E90BEC} - System32\Tasks\Bonanza => C:\Users\Samsung\AppData\Roaming\Bonanza\UpdateProc\UpdateTask.exe <==== ATTENTION Task: {C1F8E1D9-51F2-4603-A725-A2DA7B9324B6} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2.exe [2014-09-16] (home) <==== ATTENTION Task: {C60E3E83-0968-4F87-8415-DBFD48A83D59} - System32\Tasks\FTdownloader V4.0-codedownloader => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe [2013-10-18] (installdaddy) <==== ATTENTION Task: {CD2FFC2B-FF74-472C-800F-F2252D395FDC} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe [2014-09-16] (home) <==== ATTENTION Task: {E1CEAD6D-9EB5-40A4-8770-1FEACCD9AA02} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7.exe [2014-09-16] (home) <==== ATTENTION Task: {E46B65D5-2D2D-423C-9611-28D3B88586DD} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-16] (globalUpdate) <==== ATTENTION Task: {E7148D0F-0F49-4164-80CF-CACF5363A4DB} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-22] (BonanzaDeals) <==== ATTENTION Task: {EEBDD3C0-7494-422B-8272-2DC2ACAE0127} - System32\Tasks\9ce26207-004f-4300-a331-6180bb5fcd46 => C:\Program Files (x86)\TheHDvid-Codec V10\9ce26207-004f-4300-a331-6180bb5fcd46.exe [2014-09-16] (home) <==== ATTENTION Task: {F4B549BD-2694-474E-8C75-41AD97022C97} - System32\Tasks\FTdownloader V4.0-enabler => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-enabler.exe <==== ATTENTION Task: {F890E564-F29F-44FD-ABC8-BDB5DB2F0882} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6.exe [2014-09-16] (home) <==== ATTENTION Task: {FEBE0BC0-775F-40D3-9D48-A079BC7ACC1B} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11.exe [2014-09-16] (home) <==== ATTENTION Task: {FEF2DCD2-3B10-4A68-9397-E399C9CB69AD} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-22] (BonanzaDeals) <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-1.job => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6.exe <==== ATTENTION Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7.exe <==== ATTENTION Task: C:\windows\Tasks\5f5c1887-7282-49a1-9f9a-421c8f6a508c.job => C:\Program Files (x86)\TheHDvid-Codec V10\5f5c1887-7282-49a1-9f9a-421c8f6a508c.exe <==== ATTENTION Task: C:\windows\Tasks\9ce26207-004f-4300-a331-6180bb5fcd46.job => C:\Program Files (x86)\TheHDvid-Codec V10\9ce26207-004f-4300-a331-6180bb5fcd46.exe <==== ATTENTION Task: C:\windows\Tasks\Bonanza.job => C:\Users\Samsung\AppData\Roaming\Bonanza\UpdateProc\UpdateTask.exe Task: C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Samsung\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION Task: C:\windows\Tasks\DigitalSite.job => C:\Users\Samsung\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe <==== ATTENTION Task: C:\windows\Tasks\FTdownloader V4.0-codedownloader.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe <==== ATTENTION Task: C:\windows\Tasks\FTdownloader V4.0-enabler.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-enabler.exe <==== ATTENTION Task: C:\windows\Tasks\FTdownloader V4.0-updater.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-updater.exe <==== ATTENTION Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\windows\Tasks\Update Bonanza.job => C:\Users\Samsung\AppData\Roaming\UpdateBonanza\UpdateProc\UpdateTask.exe HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744 2014-04-28] () HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-14] (APN) HKLM-x32\...\Run: [tuto4pc_pl_21] => C:\Program Files (x86)\tuto4pc_pl_21\tuto4pc_pl_21.exe [3991024 2013-10-11] () HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [738496 2013-10-22] () HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\...\Run: [NTRedirect] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Samsung\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Samsung\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 716fea90021047d39d23c92ef6bd8982-8ee9d026ff9168386cb81b9362f1b77a823ad294 --CMPID 0913b HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) AppInit_DLLs: c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll => c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll File Not Found AppInit_DLLs-x32: c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.dll => "c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.dll" File Not Found ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=98372089841E1D18&affID=119357&tsp=5011 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKLM - {3CD242FD-3221-4896-B3F0-1AB473ED083A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=98372089841E1D18&affID=119357&tsp=5011 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: FTdownloader V4.0 -> {11111111-1111-1111-1111-110311551174} -> C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-bho64.dll (installdaddy) BHO: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho64.dll (home) BHO-x32: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll (home) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\18.1.0.443 FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\tmh9kbtt.default\extensions\faststartff@gmail.com FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Samsung\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-17] CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-16] CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit16.crx [2013-08-08] C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\Gophoto.it C:\Program Files (x86)\mozilla firefox\plugins C:\ProgramData\DSearchLink C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTO4PC C:\Users\Samsung\daemonprocess.txt C:\Users\Samsung\AppData\Local\globalUpdate C:\Users\Samsung\AppData\Roaming\BabSolution C:\Users\Samsung\AppData\Roaming\Babylon C:\Users\Samsung\AppData\Roaming\WebExtend C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie C:\Users\Samsung\Desktop\FTDownloader.lnk C:\Users\Samsung\Desktop\Search.lnk DeleteKey: HKCU\Software\Microsoft\Internet Explorer\Search Folder: C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions CMD: type "C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Preferences" Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s ***************** Processes closed successfully. APNMCP => Service deleted successfully. bonanzadealslive => Service deleted successfully. bonanzadealslivem => Service deleted successfully. globalUpdate => Service deleted successfully. globalUpdatem => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1918ED80-B514-42D0-9C09-296DBD49B40E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1918ED80-B514-42D0-9C09-296DBD49B40E}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37B913C4-B89D-4300-8D14-0DE14F5CBD34}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37B913C4-B89D-4300-8D14-0DE14F5CBD34}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44B759DF-578E-4C34-A4DA-6237FE9E7B79}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44B759DF-578E-4C34-A4DA-6237FE9E7B79}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46359AF1-9F2D-4F7A-820E-F6EC31330ACD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46359AF1-9F2D-4F7A-820E-F6EC31330ACD}" => Key deleted successfully. C:\Windows\System32\Tasks\5f5c1887-7282-49a1-9f9a-421c8f6a508c => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5f5c1887-7282-49a1-9f9a-421c8f6a508c" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50B546FA-3D3D-4B82-80FC-2D965F15BDD3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50B546FA-3D3D-4B82-80FC-2D965F15BDD3}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5_user => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ECB2F44-CA5A-4E4C-B96E-A6BCA981433C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ECB2F44-CA5A-4E4C-B96E-A6BCA981433C}" => Key deleted successfully. C:\Windows\System32\Tasks\BonanzaDealsUpdate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{710ACE3C-6CD0-41EE-99A9-DA18680D11FE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{710ACE3C-6CD0-41EE-99A9-DA18680D11FE}" => Key deleted successfully. C:\Windows\System32\Tasks\FTdownloader V4.0-updater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-updater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7191534E-9094-40DC-978A-421E4C2B857F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7191534E-9094-40DC-978A-421E4C2B857F}" => Key deleted successfully. C:\Windows\System32\Tasks\Update Bonanza => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Bonanza" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77D86B1B-E003-4CB7-BC94-23F8DB28D1F7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77D86B1B-E003-4CB7-BC94-23F8DB28D1F7}" => Key deleted successfully. C:\Windows\System32\Tasks\Digital Sites => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EE53436-0C5F-4544-99E9-3CFC5759ADF8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EE53436-0C5F-4544-99E9-3CFC5759ADF8}" => Key deleted successfully. C:\Windows\System32\Tasks\DigitalSite => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A025987E-000B-4B70-B1E7-7E1E9065E3FE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A025987E-000B-4B70-B1E7-7E1E9065E3FE}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A61AD63B-6C1D-4484-831C-5A5F07E90BEC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61AD63B-6C1D-4484-831C-5A5F07E90BEC}" => Key deleted successfully. C:\Windows\System32\Tasks\Bonanza => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bonanza" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1F8E1D9-51F2-4603-A725-A2DA7B9324B6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1F8E1D9-51F2-4603-A725-A2DA7B9324B6}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C60E3E83-0968-4F87-8415-DBFD48A83D59}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C60E3E83-0968-4F87-8415-DBFD48A83D59}" => Key deleted successfully. C:\Windows\System32\Tasks\FTdownloader V4.0-codedownloader => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-codedownloader" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD2FFC2B-FF74-472C-800F-F2252D395FDC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD2FFC2B-FF74-472C-800F-F2252D395FDC}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1CEAD6D-9EB5-40A4-8770-1FEACCD9AA02}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1CEAD6D-9EB5-40A4-8770-1FEACCD9AA02}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E46B65D5-2D2D-423C-9611-28D3B88586DD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E46B65D5-2D2D-423C-9611-28D3B88586DD}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7148D0F-0F49-4164-80CF-CACF5363A4DB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7148D0F-0F49-4164-80CF-CACF5363A4DB}" => Key deleted successfully. C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEBDD3C0-7494-422B-8272-2DC2ACAE0127}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEBDD3C0-7494-422B-8272-2DC2ACAE0127}" => Key deleted successfully. C:\Windows\System32\Tasks\9ce26207-004f-4300-a331-6180bb5fcd46 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9ce26207-004f-4300-a331-6180bb5fcd46" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4B549BD-2694-474E-8C75-41AD97022C97}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4B549BD-2694-474E-8C75-41AD97022C97}" => Key deleted successfully. C:\Windows\System32\Tasks\FTdownloader V4.0-enabler => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FTdownloader V4.0-enabler" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F890E564-F29F-44FD-ABC8-BDB5DB2F0882}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F890E564-F29F-44FD-ABC8-BDB5DB2F0882}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEBE0BC0-775F-40D3-9D48-A079BC7ACC1B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEBE0BC0-775F-40D3-9D48-A079BC7ACC1B}" => Key deleted successfully. C:\Windows\System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEF2DCD2-3B10-4A68-9397-E399C9CB69AD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEF2DCD2-3B10-4A68-9397-E399C9CB69AD}" => Key deleted successfully. C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore" => Key deleted successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-1.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5_user.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6.job => Moved successfully. C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7.job => Moved successfully. C:\windows\Tasks\5f5c1887-7282-49a1-9f9a-421c8f6a508c.job => Moved successfully. C:\windows\Tasks\9ce26207-004f-4300-a331-6180bb5fcd46.job => Moved successfully. C:\windows\Tasks\Bonanza.job => Moved successfully. C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => Moved successfully. C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => Moved successfully. C:\windows\Tasks\Digital Sites.job => Moved successfully. C:\windows\Tasks\DigitalSite.job => Moved successfully. C:\windows\Tasks\FTdownloader V4.0-codedownloader.job => Moved successfully. C:\windows\Tasks\FTdownloader V4.0-enabler.job => Moved successfully. C:\windows\Tasks\FTdownloader V4.0-updater.job => Moved successfully. C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully. C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully. C:\windows\Tasks\Update Bonanza.job => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\tuto4pc_pl_21 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully. HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NTRedirect => value deleted successfully. HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913b => value deleted successfully. HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. "c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll" => Value Data removed successfully. "c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.dll" => Value Data removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument was removed successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument was removed successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument was removed successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CD242FD-3221-4896-B3F0-1AB473ED083A}" => Key deleted successfully. "HKCR\CLSID\{3CD242FD-3221-4896-B3F0-1AB473ED083A}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully. "HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. "HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. "HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551174}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110311551174}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110611331115}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611331115}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully. C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3" => Key deleted successfully. C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll => Moved successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9" => Key deleted successfully. C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll not found. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully. HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" => Key deleted successfully. C:\Users\Samsung\AppData\Roaming\BabSolution\CR\Delta.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgnbhdnimikkoodkogjlcllngimhlapp" => Key deleted successfully. C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => Key deleted successfully. C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk" => Key deleted successfully. C:\Program Files (x86)\Gophoto.it\gophotoit16.crx => Moved successfully. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\Program Files (x86)\Gophoto.it => Moved successfully. C:\Program Files (x86)\mozilla firefox\plugins => Moved successfully. C:\ProgramData\DSearchLink => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTO4PC => Moved successfully. C:\Users\Samsung\daemonprocess.txt => Moved successfully. C:\Users\Samsung\AppData\Local\globalUpdate => Moved successfully. C:\Users\Samsung\AppData\Roaming\BabSolution => Moved successfully. C:\Users\Samsung\AppData\Roaming\Babylon => Moved successfully. C:\Users\Samsung\AppData\Roaming\WebExtend => Moved successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals => Moved successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com => Moved successfully. C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie => Moved successfully. C:\Users\Samsung\Desktop\FTDownloader.lnk => Moved successfully. C:\Users\Samsung\Desktop\Search.lnk => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\Search => Key Deleted successfully. ========================= Folder: C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions ======================== 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0 2014-09-17 13:07 - 2014-09-17 13:07 - 0002183 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\background.html 2014-09-17 13:07 - 2014-09-17 13:07 - 0000812 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\chromeCoreFilesIndex.txt 2014-09-17 13:07 - 2014-09-17 13:07 - 0001338 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\manifest.json 2014-09-17 13:07 - 2014-09-17 13:07 - 0000139 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\popup.html 2014-09-17 13:07 - 2014-10-02 21:41 - 0000589 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\Settings.json 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData 2014-09-17 13:07 - 2014-09-17 13:07 - 0001763 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\manifest.xml 2014-09-17 13:07 - 2014-09-17 13:07 - 0010339 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins.json 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins 2014-09-17 13:07 - 2014-09-17 13:07 - 0009306 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\1.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0003829 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\1000020.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001296 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\1000025.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0093448 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\1000030.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001049 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\102.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000921 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\104.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001017 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\123.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0006993 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\13.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0020752 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\14.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0079864 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\17.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0031088 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\177.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000869 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\178.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000873 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\179.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001385 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\180.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0014227 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\182.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0002739 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\183.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0007326 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\19.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001537 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\207.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0003560 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\21.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0008958 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\22.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000825 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\223.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0008477 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\246.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001029 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\262.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001029 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\263.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000493 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\267.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001049 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\273.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000825 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\275.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000536 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\28.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000485 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\281.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0094781 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\4.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0007806 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\47.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0002200 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\64.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0046365 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\72.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0003187 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\78.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000062 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\80.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0181856 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\91.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000953 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\93.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0003157 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\plugins\97.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\userCode 2014-09-17 13:07 - 2014-09-17 13:07 - 0000463 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\userCode\background.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000538 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\extensionData\userCode\extension.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\icons 2014-09-17 13:07 - 2014-09-17 13:07 - 0013750 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\icons\icon128.png 2014-09-17 13:07 - 2014-09-17 13:07 - 0001267 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\icons\icon16.png 2014-09-17 13:07 - 2014-09-17 13:07 - 0003940 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\icons\icon48.png 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\icons\actions 2014-09-17 13:07 - 2014-09-17 13:07 - 0001223 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\icons\actions\1.png 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000409 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\25562e210eba8e102e90ed20511d63f2.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0034496 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\c1b4d1f25f6fee3db1148bb008b55f54.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0008491 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\main.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\api 2014-09-17 13:07 - 2014-09-17 13:07 - 0011743 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\api\07605f22b4dc9a1ebeb3b4547a430632.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0007965 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\api\0d47c86b5a157aee3eca998b25de5e09.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0002744 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\api\0f783b78535bd7731c45cb83d6b92508.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0011499 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\api\686c631b4d0445e4ca0fb2804e6db7e7.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0002519 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\api\f377a8567e2aefd073493e49891b7250.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0001737 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\api\pageAction.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib 2014-09-17 13:07 - 2014-09-17 13:07 - 0000944 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\07f7c8317f838c3a1cfbe947ca2ea94d.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0005122 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\10c7dea29007c5939c53d490f24bf39f.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0005905 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\16bac514d15ee954274aba267dd2441b.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0002002 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\1a56290faebfac0be1a96cd212db41b9.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000765 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\1c3ebc75c0d31ac7caa0ff24c72b1624.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0006817 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\3662f343277494c6775f4a05127be61a.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000903 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\4814fb853bda482b10d744bf1e074084.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0008403 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\4d011e08c32ac6bb4e72102369102500.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000429 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\7571245074dfe2ae402afda4aff96a56.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0002699 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\7f5bbce1ded4b53b44854e198bf22797.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000480 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\a2b8fc579e592f04ddf1b280b5784c2e.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0006697 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\app_api.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0004729 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\b6c1622cd52e4ff323bc12738d74e5c9.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0005757 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\bd6611cd9f94f86272f74f0a6971446e.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0005092 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\f474e61424f7c4d0ec07c8c6fe5441c4.js 2014-09-17 13:07 - 2014-10-02 21:41 - 0001480 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\installer.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\popupResource 2014-09-17 13:07 - 2014-09-17 13:07 - 0000040 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\popupResource\newPopup.js 2014-09-17 13:07 - 2014-09-17 13:07 - 0000045 _____ () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang\1.26.47_0\js\lib\popupResource\popup.js ====== End of Folder: ====== ========= type "C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Preferences" ========= { "browser" : { "window_placement" : { "height" : 576, "left" : 173, "maximized" : false, "top" : 28, "width" : 1024 } }, "dns_prefetching" : { "host_referral_list" : [ 2 ], "startup_list" : [ 1 ] }, "download" : { "directory_upgrade" : true }, "extensions" : { "alerts" : { "initialized" : true }, "autoupdate" : { "next_check" : "13055364275104739" }, "install_signature" : { "ids" : null }, "known_disabled" : [], "last_opera_version" : "24.0.1558.53", "settings" : { "bcibcaaakpeekhbnddgnajbmjdcemfkf" : { "active_permissions" : { "api" : [ "addonsPrivate", "management" ], "manifest_permissions" : [] }, "app_launcher_ordinal" : "t", "commands" : {}, "content_settings" : [], "creation_flags" : 1, "ephemeral_app" : false, "events" : [], "from_bookmark" : false, "from_webstore" : false, "incognito_content_settings" : [], "incognito_preferences" : {}, "install_time" : "13055363964787739", "is_pending_third_party_install" : false, "location" : 5, "manifest" : { "app" : { "launch" : { "web_url" : "https://addons.opera.com/" }, "urls" : [ "https://addons.opera.com/" ] }, "description" : "Opera Addons Portal", "key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAbTKr4g11sfL12IByl8cC1NThF3SIMBhYJlyF4vYe0RhuAztV06xdKladCVB3msDBaKfZwPF/+tgBIly76R/X4XiFyNeD01Tb4XYy8iBohVh8/ZP8c93OVTZ+0pTGE10UUjqtBPtcs6q2kz5z9eZ4LLCl2RX6/Kf8h6vsjuigUQIDAQAB", "manifest_version" : 2, "name" : "Opera Addons Portal", "permissions" : [ "addonsPrivate", "management" ], "version" : "1" }, "page_ordinal" : "n", "path" : "C:\\Program Files (x86)\\Opera\\24.0.1558.53\\resources\\opera_addons", "preferences" : {}, "regular_only_preferences" : {}, "was_installed_by_default" : false, "was_installed_by_oem" : false }, "fmjgglhlikhebkngohcpcmhiooigdmki" : { "active_permissions" : { "api" : [ "syncPrivate" ], "manifest_permissions" : [] }, "app_launcher_ordinal" : "w", "commands" : {}, "content_settings" : [], "creation_flags" : 1, "ephemeral_app" : false, "events" : [], "from_bookmark" : false, "from_webstore" : false, "incognito_content_settings" : [], "incognito_preferences" : {}, "install_time" : "13055363964807739", "is_pending_third_party_install" : false, "location" : 5, "manifest" : { "app" : { "launch" : { "web_url" : "https://auth.opera.com/account/login/result" }, "urls" : [ "https://auth.opera.com/account/access-token", "https://auth-test.opera.com/account/access-token" ] }, "description" : "Give special permissions to Sync login return URL", "key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQlD4x9NgYIjng4LxpWdiMPGBpyzKoEZkjfotGhxRnO9VX++GW1TLtJmndB4Z399RQo0f2mGqOQXb6SPtwmfPNj2k1ia9d6BjyDsy6ygBBxWmrNk+dtLNEmLtnYR+MeXsYyBSRV0TqizmTj8UaoKFGk6ozXETyAM6YaVnOK+64TQIDAQAB", "manifest_version" : 2, "name" : "Sync Login Flow", "permissions" : [ "syncPrivate" ], "version" : "1" }, "page_ordinal" : "n", "path" : "C:\\Program Files (x86)\\Opera\\24.0.1558.53\\resources\\sync_login", "preferences" : {}, "regular_only_preferences" : {}, "was_installed_by_default" : false, "was_installed_by_oem" : false }, "lkdanligledioimheahflbepecbceang" : { "creation_flags" : 9, "from_webstore" : true, "granted_permissions" : { "api" : [ "tabs", "cookies", "notifications", "contextMenus", "webNavigation", "webRequest", "webRequestBlocking", "unlimitedStorage", "storage", "proxy", "webRequestInternal" ], "explicit_host" : [ "http://*/*", "https://*/*" ], "scriptable_host" : [ "http://*/*", "https://*/*" ] }, "location" : 1, "manifest" : { "background" : { "page" : "background.html" }, "content_scripts" : [ { "all_frames" : true, "js" : [ "js/25562e210eba8e102e90ed20511d63f2.js", "js/lib/7571245074dfe2ae402afda4aff96a56.js", "js/lib/07f7c8317f838c3a1cfbe947ca2ea94d.js", "js/lib/10c7dea29007c5939c53d490f24bf39f.js", "js/lib/7f5bbce1ded4b53b44854e198bf22797.js", "js/api/07605f22b4dc9a1ebeb3b4547a430632.js", "js/api/0d47c86b5a157aee3eca998b25de5e09.js", "js/api/pageAction.js", "js/lib/installer.js", "js/lib/app_api.js" ], "matches" : [ "http://*/*", "https://*/*" ], "run_at" : "document_start" } ], "content_security_policy" : "script-src 'self' 'unsafe-eval'; object-src 'self'", "description" : "HDVid Codec - Enjoy the future of internet video with High Definition", "icons" : { "128" : "icons/icon128.png", "16" : "icons/icon16.png", "48" : "icons/icon48.png" }, "key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/scrjPMvAHwhhfJGYAE51y7Xm2hYsttwUzCpwQhNR9EeDhq/GAdSY92OkALP/0/J9QIQn2mDfXqLRXUSrC+Qy3RuJNA8qAR1jWazQnMCpaejbAeZaueav7ZDPECblQhQ2ulJZ8fQjV6tW3tfifLZ4nfr19ROuPyKaCSYIv9gNGwIDAQAB", "manifest_version" : 2, "name" : "TheHDvid-Codec V10", "permissions" : [ "http://*/*", "https://*/*", "tabs", "cookies", "notifications", "contextMenus", "webNavigation", "webRequest", "webRequestBlocking", "unlimitedStorage", "storage", "proxy" ], "update_url" : "https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/63315.xml", "version" : "1.26.47", "web_accessible_resources" : [ "Settings.json" ] }, "path" : "lkdanligledioimheahflbepecbceang\\1.26.47_0", "state" : 1 } } }, "net" : { "http_server_properties" : { "servers" : { "googleads.g.doubleclick.net:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "s.ytimg.com:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "stats.g.doubleclick.net:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "twitter.com:443" : { "supports_spdy" : true }, "www.facebook.com:443" : { "supports_spdy" : true }, "www.google-analytics.com:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "www.google.com:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "www.google.pl:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "www.googleadservices.com:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "www.googletagmanager.com:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } }, "www.twitter.com:443" : { "supports_spdy" : true }, "www.youtube.com:80" : { "alternate_protocol" : { "port" : 80, "protocol_str" : "quic" } } }, "version" : 3 } }, "plugins" : { "plugins_list" : [] }, "profile" : { "content_settings" : { "clear_on_exit_migrated" : true, "pattern_pairs" : {}, "pref_version" : 1 }, "created_by_version" : "24.0.1558.53", "creation_timestamp" : "13055363964753739", "per_host_zoom_levels" : {} }, "sync" : { "login_screen_reminder" : 1 }, "turbo" : { "client_id" : "9f8c3d29174de2b0c97043f9448b06111a5d6af724a43f7bf1f4786373ea403b" } } ========= End of CMD: ========= ========= reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command (Default) REG_SZ "C:\Program Files (x86)\Opera\Launcher.exe" ========= End of Reg: ========= The system needed a reboot. ==== End of Fixlog ====