FRST
FRST
FRST
(If an entry is included in the fixlist, the process will be closed. The file will
not be moved.)
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
Internet Explorer:
==================
HKU\S-1-5-21-1305004467-2202425-649574984-1001\Software\Microsoft\Internet
Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?
LinkID=617910&ResetID=131420074102863608&GUID=662FB34E-17C7-4229-8F44-9C83800A16C8
SearchScopes: HKU\S-1-5-21-1305004467-2202425-649574984-1001 -> DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8}
-> E:\IDM62810\IDMIECC64.dll [2016-12-11] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->
C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22] (Microsoft
Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->
C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft
Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->
C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP
Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-
17B458C2A3A8} -> E:\IDM62810\IDMIECC.dll [2016-12-11] (Internet Download Manager,
Tonec Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ->
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-
10-22] (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} ->
C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-
16] (Adobe Systems Incorporated.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->
C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-22]
(Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-
0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16]
(Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->
C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe
Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -
C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-
16] (Adobe Systems Incorporated.)
FireFox:
========
FF HKU\S-1-5-21-1305004467-2202425-649574984-1001\...\SeaMonkey\Extensions:
[mozilla_cc@internetdownloadmanager.com] -
C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2017-06-18]
[not signed]
FF HKU\S-1-5-21-1305004467-2202425-649574984-1001\...\SeaMonkey\Extensions:
[mozilla_cc2@internetdownloadmanager.com] - E:\IDM62810\idmmzcc2.xpi
FF Extension: (IDM integration) - E:\IDM62810\idmmzcc2.xpi [2017-01-26]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->
C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files
(x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro
9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files
(x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files
(x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-18] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: staapycerockanerwacult
CHR HomePage: staapycerockanerwacult -> hxxp://www.initialpage123.com/?
z=29a03a60e831a55c6bd5233gezdtdqaw4c3z0b0e4q&from=amz&uid=ST1000LM035-
1RK172_WES3DGAK&type=hp
CHR NewTab: staapycerockanerwacult -> Not-active:"chrome-
extension://iinglghmhcgdgjjlafobajghjamdchik/newtab.html"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult [2017-06-24] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-
18]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-
19]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-
19]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-
19]
CHR Extension: (Cookies On-Off) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb [2017-06-
16]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-
18]
CHR Extension: (Tables) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-
04]
CHR Extension: (Google Docs Offline) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-
19]
CHR Extension: (Bitmotion - New Tab) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\iinglghmhcgdgjjlafobajghjamdchik [2017-06-
16]
CHR Extension: (IDM Integration Module) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-
24]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-
18]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-
19]
CHR Extension: (Chrome Media Router) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\staapycerockanerwacult\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-
18]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] -
E:\IDM62810\IDMGCExt.crx [2017-05-25]
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] -
hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] -
E:\IDM62810\IDMGCExt.crx [2017-05-25]
Opera:
=======
OPR Extension: (Tables) - C:\Users\user\AppData\Roaming\Opera Software\Opera
Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-06-04]
OPR Extension: (Fast search) - C:\Users\user\AppData\Roaming\Opera Software\Opera
Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-06-10]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)
(If an entry is included in the fixlist, it will be removed from the registry. The
file will not be moved unless listed separately.)