start
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: Roaming Rate -> {8d0ea870-e492-4825-a734-a0ed7d65882a} -> C:\Program Files (x86)\Roaming Rate\Extensions\8d0ea870-e492-4825-a734-a0ed7d65882a.dll [2015-04-03] ()
FF Extension: Roaming Rate - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\4cpmbino.default\Extensions\{a148fb1a-1f74-44ac-9ae5-bb994f6418f5}.xpi [2015-04-04]
R2 Service Mgr RoamingRate; C:\ProgramData\92e92012-2ebd-4b2d-83ca-70807d1e20fa\plugincontainer.exe [639216 2015-04-05] ()
R2 Update Mgr RoamingRate; C:\Program Files (x86)\Common Files\92e92012-2ebd-4b2d-83ca-70807d1e20fa\updater.exe [559856 2015-04-05] ()
2015-04-04 06:14 - 2015-04-05 19:43 - 00000000 ____D () C:\ProgramData\92e92012-2ebd-4b2d-83ca-70807d1e20fa
2015-04-04 06:14 - 2015-04-04 06:14 - 00000000 ____D () C:\Program Files (x86)\Roaming Rate
2015-04-04 03:37 - 2015-04-05 16:37 - 00559856 _____ () C:\Program Files (x86)\Common Files\92e92012-2ebd-4b2d-83ca-70807d1e20fa\updater.exe
2015-04-04 03:36 - 2015-04-05 16:36 - 00639216 _____ () C:\ProgramData\92e92012-2ebd-4b2d-83ca-70807d1e20fa\plugincontainer.exe
2015-04-05 09:37 - 2015-04-05 09:37 - 00563440 _____ () C:\ProgramData\92e92012-2ebd-4b2d-83ca-70807d1e20fa\plugins\5\plugin.exe
2015-04-05 16:37 - 2015-04-05 16:37 - 01196272 _____ () C:\ProgramData\92e92012-2ebd-4b2d-83ca-70807d1e20fa\plugins\2\plugin.exe
2015-04-05 16:37 - 2015-04-05 16:37 - 00475888 _____ () C:\ProgramData\92e92012-2ebd-4b2d-83ca-70807d1e20fa\plugins\3\plugin.exe
SearchScopes: HKLM -> {112501FF-36A6-478B-A576-73572ADD15B5} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {112501FF-36A6-478B-A576-73572ADD15B5} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-558384115-14596755-3931373038-1001 -> {112501FF-36A6-478B-A576-73572ADD15B5} URL = http://www.amazon.co...s={searchTerms}
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpkgkilecnlickolnpmogjdifpgellcn
2015-03-29 19:02 - 2015-03-29 19:02 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\ProductData
2015-03-29 19:00 - 2015-04-01 09:51 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\IObit
2015-03-29 19:00 - 2015-03-31 20:26 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-29 19:00 - 2015-03-29 19:02 - 00000000 ____D () C:\ProgramData\IObit
2015-03-29 19:00 - 2015-03-29 19:00 - 00001298 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2015-03-29 19:00 - 2015-03-29 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-03-29 18:57 - 2015-03-29 19:00 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-29 18:56 - 2015-03-29 18:56 - 09335968 _____ (IObit ) C:\Users\Paul\Downloads\startmenu-setup.exe
2015-03-29 18:53 - 2015-03-29 18:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-29 18:41 - 2015-04-03 21:52 - 00000000 ____D () C:\Program Files (x86)\TweakNow PowerPack
2015-03-29 18:41 - 2015-03-29 18:41 - 00001097 _____ () C:\Users\Public\Desktop\TweakNow PowerPack.lnk
2015-03-29 18:41 - 2015-03-29 18:41 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TweakNow PowerPack 2012
2015-03-29 18:41 - 2015-03-29 18:41 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TweakNow PowerPack
2015-03-29 18:41 - 2015-03-29 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow PowerPack
2015-03-29 18:40 - 2015-03-29 18:40 - 10829304 _____ (TweakNow.com ) C:\Users\Paul\Downloads\PowerPack431.exe
C:\ProgramData\92e92012-2ebd-4b2d-83ca-70807d1e20fa
C:\Program Files (x86)\Common Files\92e92012-2ebd-4b2d-83ca-70807d1e20fa
Hosts:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
CMD: bitsadmin /reset /allusers
end