CreateRestorePoint: () C:\Program Files\0ca45c95134d\cf3e08d747e4.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe C:\Program Files\Common Files\AVG Secure Search C:\Program Files\0ca45c95134d (YTDownloader) C:\Program Files\YTDownloader\YTDownloader.exe C:\Program Files\YTDownloader (PU-App) C:\Users\Sunet\AppData\Local\zlazvtatzek0bmn\znazbzbwzf80dwn.exe C:\Users\Sunet\AppData\Local\zlazvtatzek0bmn HKLM\...\Run: [] => [X] HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988456 2015-01-13] (YTDownloader) HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988456 2015-01-13] (YTDownloader) ShortcutTarget: bm.lnk -> C:\Users\Sunet\AppData\Local\zlazvtatzek0bmn\znazbzbwzf80dwn.exe (PU-App) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-346615330-1898244074-3437654769-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-346615330-1898244074-3437654769-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms} SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms} SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.trovi.com...rchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.c...q={searchTerms} SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms} SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms} BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-01-13] (Goobzo Ltd.) Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga...4XZXXXX5VM8T4XZ FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.8\\npsitesafety.dll No File FF Plugin: @FromDocToPDF_65.com/Plugin -> C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Sunet\AppData\Roaming\Mozilla\Firefox\Profiles\solb18ez.default\extensions\faststartff@gmail.com FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Sunet\AppData\Roaming\Mozilla\Firefox\Profiles\solb18ez.default\extensions\fftoolbar2014@etech.com CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files\mystarttb\chrome-newtab-search.crx [Not Found] S2 Orbiter; C:\Program Files\ORBTR\orbiter.dll [558544 2015-02-15] (Client Connect LTD) R2 PrivoxyService; C:\Program Files\Jelbrus Secure Web\privoxy.exe [371200 2015-02-17] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION R2 UniversalUpdater; C:\Program Files\0ca45c95134d\cf3e08d747e4.exe [646144 2014-10-30] () [File not signed] <==== ATTENTION R2 vToolbarUpdater18.1.8; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe [1813528 2014-07-15] (AVG Secure Search) R1 zmizmzb2zhm0bgn; C:\Windows\System32\drivers\zmizmzb2zhm0bgn.sys [42840 2015-06-25] (Windows ® Win 7 DDK provider) 2015-06-25 16:19 - 2015-06-25 16:19 - 00000000 ____D C:\Program Files\Szmyznta1zdi0zgn 2015-06-25 06:09 - 2015-06-25 06:09 - 00042840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\zmizmzb2zhm0bgn.sys 2015-06-14 15:33 - 2015-06-21 00:32 - 00000000 ____D C:\Users\Sunet\AppData\Local\zlazvtatzek0bmn 2015-06-10 15:24 - 2015-06-10 15:24 - 00001351 _____ C:\Windows\system32\Melt the 2 cups of coconut oil in a pot and a cup of date paste and 6 heaped up tbls of cocoa then put it in a square bowl put the nuts and berries in then put in the fridge then every 20 min sti.docx.lnk Task: {8306014E-4C1F-4F43-8C89-90289C55B442} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2015-01-13] (YTDownloader) <==== ATTENTION HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION! hosts: EmptyTemp: