start
createrestorepoint:
Task: {41527004-342D-42DD-BE1B-A0ACD53E665D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_cmi_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&ir=
CHR StartupUrls: Default -> "hxxp://Vosteran.com/?f=7&a=vst_cmi_15_01_ch&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0E0F0F0A0D0AyC0C0BtAtN0D0Tzu0StCtDzyyBtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEyEyD0BtD0A0DtG0DtA0C0BtGzy0EtByCtG0AyByC0DtGyEyEyE0D0EyDtC0BtCtCtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0D0A0FyE0B0DtG0C0FtCzztGyEtByBtBtGzz0FtBtCtG0Czz0ByDyDyB0BzyyC0B0CtC2Q&cr=1104406108&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] 
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
2015-01-03 02:14 - 2013-07-14 09:58 - 00058264 ____N (Exent Technologies Ltd.) C:\Windows\ExentInfo.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
end