start
CreateRestorePoint:
HKU\S-1-5-21-1436761735-1199832809-3279726234-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1436761735-1199832809-3279726234-1000\...\MountPoints2: E - E:\LaunchU3.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50066;https=127.0.0.1:50066
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1436761735-1199832809-3279726234-1000 -> {D4AACCAE-0C60-4B81-80B8-5770EE69383A} URL = http://search.yahoo....21,17118,0,18,0
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-1436761735-1199832809-3279726234-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1436761735-1199832809-3279726234-1000 -> g Search.us.com Toolbar - {CFD755D9-13EC-4C13-B029-2A82A24F518B} - C:\Users\OCaptnMyCaptn\AppData\Local\TNT2\Profiles\10254\passport64.dll No File
Toolbar: HKU\S-1-5-21-1436761735-1199832809-3279726234-1000 -> No Name - {5853442D-5637-006A-76A7-7A786E7484D7} -  No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-1436761735-1199832809-3279726234-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Seearch-NeiwTab) - C:\Users\OCaptnMyCaptn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdkhidfonjacdojfmnfmpncgaaohgie [2014-05-04]
CHR Extension: (YoutubeAdblocker) - C:\Users\OCaptnMyCaptn\AppData\Local\Google\Chrome\User Data\Default\Extensions\geigdhlbkgndkmgohldgcifegcbmkedj [2014-05-04]
CHR Extension: (saeve net) - C:\Users\OCaptnMyCaptn\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkenlglgomidpfphopddjihcjeicoip [2014-05-04]
S3 GameConsoleService; "C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe" [X]
2015-04-27 18:37 - 2014-05-14 21:27 - 00000000 ____D () C:\Users\OCaptnMyCaptn\AppData\Roaming\uTorrent
Task: {1706F2BF-030E-49D5-9AC4-A42507A66F15} - System32\Tasks\{9AA460A6-5B2C-40C1-BC94-DE062E6EE08B} => pcalua.exe -a "C:\Users\OCaptnMyCaptn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0P8TD2E\fileviewer.exe" -d C:\Users\OCaptnMyCaptn\Desktop
Task: {1BAF70B6-74BC-447B-8EFA-BDA23DD9EFB6} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {25BECAFA-EB79-47E7-B826-6ECB99C7782B} - \GPUP No Task File <==== ATTENTION
Task: {EAADE7B1-7A6E-44A9-BF27-208AA4EEC0F0} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
FirewallRules: [TCP Query User{B651C705-EE5B-4965-BC22-FC322250DCBA}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{DCAAA160-D426-4FEF-A605-C00C821FFAC9}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{972A17FF-8DBA-477A-A077-25D384B59F90}] => (Allow) C:\Users\OCaptnMyCaptn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RIE1LOW\CodecPerformerSetup.exe
FirewallRules: [{CBEFFF60-91F3-41D0-9FA0-811998E376A1}] => (Allow) C:\Users\OCaptnMyCaptn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RIE1LOW\CodecPerformerSetup.exe
FirewallRules: [TCP Query User{9AB5F834-DADA-4988-BE71-BF21B0B01891}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_34944.exe] => (Allow) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_34944.exe
FirewallRules: [UDP Query User{5DE13C7A-0710-4DC7-BE5C-5B6B5B23D38C}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_34944.exe] => (Allow) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_34944.exe
FirewallRules: [{39AB7CA5-E541-4B74-BBE1-A7F2B12A47FC}] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_34944.exe
FirewallRules: [{7833C75D-06DB-421A-89EA-786A4CB2C5DA}] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_34944.exe
FirewallRules: [TCP Query User{14E524A4-279F-473F-9CF8-70A05BF35F3A}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe
FirewallRules: [UDP Query User{D2ECAD12-EED2-4648-9803-281F1C1D1C85}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe
FirewallRules: [TCP Query User{1FCD7F39-C8C5-4700-8D95-1727B5CD466A}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe
FirewallRules: [UDP Query User{8BCD8500-2FB9-412D-A0BB-FDF60292DE7F}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_35702.exe
FirewallRules: [TCP Query User{127A0340-FF6F-4FD6-BAD3-7F920B4C6447}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe
FirewallRules: [UDP Query User{6A7619FB-C742-41FE-A323-A41544E737B1}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe
FirewallRules: [TCP Query User{FCF96A0D-6456-41D6-91BB-DF63B73B4B01}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe
FirewallRules: [UDP Query User{B0A77960-36D2-4DEF-AE13-EEDD92A13F30}C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe] => (Block) C:\users\ocaptnmycaptn\appdata\roaming\utorrent\updates\3.4.2_36802.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Reboot: