Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 8 running slow [Closed]


  • This topic is locked This topic is locked

#1
Rico1234

Rico1234

    Member

  • Member
  • PipPip
  • 14 posts

Hello i may be affected with an virus of some sort my computer is running really slow fire fox is lagging really bad and other thing's are going on as well, it would be great if someone could help thank's.


  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.

    '32-bit'
    '64-bit'
    • Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
    • The program will initialize. Press Yes to accept the disclaimer.
    • Put a check on Addition.
    • Press the Scan button after.
    • It will produce FRST.txt and Addition.txt on your desktop once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • Addition.txt (Farbar Recovery Scan Tool)
    • FRST.txt (Farbar Recovery Scan Tool)

  • 0

#3
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Running a scan right now will post log's when done.


  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
No issues. Just post once ready. :thumbsup:
  • 0

#5
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay here are my log's

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by apksa_000 (administrator) on JADIN on 14-12-2014 00:26:51
Running from C:\Users\apksa_000\Downloads
Loaded Profile: apksa_000 (Available profiles: Shemica & apksa_000 & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
( ) C:\Windows\SysWOW64\lxebcoms.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.8\Lightshot.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(wyDay) C:\Program Files\CyberGhost 5\wyUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrobat_sl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015408 2013-03-05] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2014-11-20] (VMware, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\Run: [LightShot] => C:\Users\apksa_000\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\Run: [Skype] => C:\Users\apksa_000\Desktop\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\RunOnce: [Adobe Speed Launcher] => 1418538380
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\MountPoints2: E - "E:\setup.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=dcjb
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> {91BE4B2F-FDDC-4583-B135-C136B3D8F99E} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer64.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer32.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
Toolbar: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8CE174B3-88C6-4203-8755-44C8758ECDC2}: [NameServer] 89.41.60.38,95.169.183.219

FireFox:
========
FF ProfilePath: C:\Users\apksa_000\AppData\Roaming\Mozilla\Firefox\Profiles\264bal2f.default-1416485126634
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\apksa_000\AppData\Roaming\Mozilla\Firefox\Profiles\264bal2f.default-1416485126634\user.js
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\apksa_000\AppData\Roaming\Mozilla\Firefox\Profiles\264bal2f.default-1416485126634\Extensions\[email protected] [2014-12-07]
FF Extension: Adblock Plus - C:\Users\apksa_000\AppData\Roaming\Mozilla\Firefox\Profiles\264bal2f.default-1416485126634\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected] [2014-11-09]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - [email protected] [Not Found]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRbayHtNQUqMYjNiNBeY8DaNtLx64YszFA23QezQ5-3kW0KIRsSSCHphOLJcNSRDB0n8-XvbXnm_NN7bCLvaqJTZ43aFtk1MlZ2TwDRKF1gujB1tjzsWz-9fhlwkt0j0ZntoOw14PMYtuCpE2JutZTYxxrEYa2rA6K1_Z8sje4y9ghcZHqSr1ADRB5Rde
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> http://ss-sym.ask.co...pe=prefix&li=ff
CHR Profile: C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (reddit companion) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-11-17]
CHR Extension: (Google Docs) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-17]
CHR Extension: (Google Drive) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-17]
CHR Extension: (YouTube) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-17]
CHR Extension: (Google Search) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-17]
CHR Extension: (Kaspersky Protection) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-17]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-12-05]
CHR Extension: (Bookmark Manager) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-11-20]
CHR Extension: (Norton Identity Safe) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-05]
CHR Extension: (Skype Click to Call) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-07]
CHR Extension: (Beats By.Dr.Dre ) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmnpmgnojjhopfglajfmhclmlmpgclp [2014-11-17]
CHR Extension: (Norton Safe) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-11-17]
CHR Extension: (Google Wallet) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-17]
CHR Extension: (Gmail) - C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-17]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-29] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-18] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730560 2014-11-20] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros)
S2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [X]
S2 SEVPNSERVER; "C:\Program Files\SoftEther VPN Server\vpnserver_x64.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-11-20] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799944 2014-11-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-11-20] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-11-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-26] (Visicom Media Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-06] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-08-14] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
S3 pxwfp; C:\WINDOWS\system32\drivers\pxwfp.sys [22240 2014-11-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] %2u2u.dll
2014-11-19 04:58 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-18 05:35 - 2014-11-18 05:35 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\IObit
2014-11-18 02:42 - 2014-11-18 02:42 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\ESET
2014-11-18 02:38 - 2014-11-28 20:56 - 00000762 _____ () C:\Users\apksa_000\Desktop\Attack Tut.txt
2014-11-18 02:36 - 2014-11-18 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-11-18 02:36 - 2014-11-18 02:36 - 00000000 ____D () C:\ProgramData\ESET
2014-11-18 02:36 - 2014-11-18 02:36 - 00000000 ____D () C:\Program Files\ESET
2014-11-18 02:15 - 2014-12-06 05:39 - 00000000 ____D () C:\Users\apksa_000\Documents\Lightshot
2014-11-18 02:14 - 2014-12-07 04:06 - 00000600 _____ () C:\Users\apksa_000\AppData\Local\PUTTY.RND
2014-11-18 01:55 - 2014-11-18 01:56 - 01761992 _____ (ESET) C:\Users\apksa_000\Downloads\eset_nod32_antivirus_live_installer.exe
2014-11-18 01:30 - 2014-12-13 21:21 - 00000412 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job
2014-11-18 01:30 - 2014-12-13 13:48 - 00003268 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012
2014-11-18 01:30 - 2014-12-13 13:48 - 00000424 _____ () C:\Users\apksa_000\AppData\Local\UserProducts.xml
2014-11-18 01:30 - 2014-11-18 01:30 - 00000003 _____ () C:\Users\apksa_000\AppData\Local\updater.log
2014-11-18 01:29 - 2014-11-18 01:29 - 02378664 _____ (Skillbrains ) C:\Users\apksa_000\Downloads\setup-lightshot.exe
2014-11-17 23:29 - 2014-11-17 23:29 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-17 23:28 - 2014-11-17 23:28 - 02347384 _____ (ESET) C:\Users\apksa_000\Downloads\esetsmartinstaller_enu.exe
2014-11-17 22:57 - 2014-12-13 23:31 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\Skype
2014-11-17 22:57 - 2014-11-17 22:57 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\Skype
2014-11-17 22:31 - 2014-11-17 22:31 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\Macromedia
2014-11-17 22:30 - 2014-11-20 04:07 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\Google
2014-11-17 22:29 - 2014-11-17 22:29 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\Mozilla
2014-11-17 22:29 - 2014-11-17 22:29 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\Mozilla
2014-11-17 22:24 - 2014-11-17 22:30 - 00001816 _____ () C:\Users\apksa_000\Desktop\Chrome.lnk
2014-11-17 22:22 - 2014-12-13 19:23 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1358638018-242750385-2534989196-1012
2014-11-17 22:20 - 2014-12-14 00:25 - 00000000 ___RD () C:\Users\apksa_000\OneDrive
2014-11-17 22:19 - 2014-11-17 22:19 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\Intel Corporation
2014-11-17 22:18 - 2014-11-17 22:28 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\Adobe
2014-11-17 22:18 - 2014-11-17 22:18 - 00000000 ____D () C:\Users\apksa_000\Documents\Bluetooth Folder
2014-11-17 22:18 - 2014-11-17 22:18 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\Atheros
2014-11-17 22:18 - 2014-11-17 22:18 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\BMExplorer
2014-11-17 22:17 - 2014-11-17 22:17 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\Power2Go8
2014-11-17 22:16 - 2014-12-11 02:25 - 00000000 ____D () C:\Users\apksa_000
2014-11-17 22:16 - 2014-12-07 04:48 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\Packages
2014-11-17 22:16 - 2014-11-22 23:25 - 00000000 ____D () C:\Users\apksa_000\AppData\Local\VirtualStore
2014-11-17 22:16 - 2014-11-17 22:28 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\Adobe
2014-11-17 22:16 - 2014-11-17 22:16 - 00001444 _____ () C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 22:16 - 2014-11-17 22:16 - 00000020 ___SH () C:\Users\apksa_000\ntuser.ini
2014-11-17 22:16 - 2014-11-13 10:05 - 00000000 ___RD () C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-17 22:16 - 2014-11-04 19:29 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\Macromedia
2014-11-17 22:16 - 2014-09-24 03:50 - 00000000 ___RD () C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-17 22:16 - 2014-09-24 01:23 - 00000369 _____ () C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-11-17 22:16 - 2014-09-24 01:23 - 00000369 _____ () C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-11-17 22:16 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-17 22:16 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-17 22:15 - 2014-11-17 22:15 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Roaming\Atheros
2014-11-17 22:15 - 2014-11-17 22:15 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Local\Adobe
2014-11-17 22:14 - 2014-11-17 22:14 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Local\Power2Go8
2014-11-17 22:11 - 2014-11-17 22:15 - 00000000 ____D () C:\Users\Guest.shemica
2014-11-17 22:11 - 2014-11-17 22:14 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Local\Packages
2014-11-17 22:11 - 2014-11-17 22:11 - 00001444 _____ () C:\Users\Guest.shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 22:11 - 2014-11-17 22:11 - 00000020 ___SH () C:\Users\Guest.shemica\ntuser.ini
2014-11-17 22:11 - 2014-11-17 22:11 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Roaming\Adobe
2014-11-17 22:11 - 2014-11-17 22:11 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Local\VirtualStore
2014-11-17 22:11 - 2014-11-13 10:05 - 00000000 ___RD () C:\Users\Guest.shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-17 22:11 - 2014-11-04 19:29 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Roaming\Macromedia
2014-11-17 22:11 - 2014-09-24 03:50 - 00000000 ___RD () C:\Users\Guest.shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-17 22:11 - 2014-09-24 01:23 - 00000369 _____ () C:\Users\Guest.shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-11-17 22:11 - 2014-09-24 01:23 - 00000369 _____ () C:\Users\Guest.shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-11-17 22:11 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Guest.shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-17 22:11 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\Guest.shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-17 17:38 - 2014-11-17 17:38 - 00085584 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmci.sys
2014-11-17 07:51 - 2014-11-17 07:51 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{71E7FD2D-0BE0-42CC-B89E-753DCA1C717B}
2014-11-16 20:24 - 2014-12-13 23:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-16 20:24 - 2014-12-12 16:50 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-14 16:09 - 2014-11-14 16:09 - 00000000 __SHD () C:\Users\Shemica\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 00:27 - 2014-11-04 23:37 - 01396405 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-14 00:25 - 2014-11-04 23:44 - 00016704 _____ () C:\ProgramData\lxeb.log
2014-12-14 00:25 - 2014-05-05 08:56 - 00027318 _____ () C:\ProgramData\lxebscan.log
2014-12-14 00:25 - 2014-02-17 05:58 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-12-14 00:24 - 2014-11-12 23:13 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 00:23 - 2014-11-09 19:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-14 00:23 - 2014-09-23 08:40 - 00001362 _____ () C:\WINDOWS\Tasks\BUBIOM.job
2014-12-14 00:23 - 2014-08-16 06:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-14 00:22 - 2014-11-09 19:39 - 00000000 ____D () C:\ProgramData\VMware
2014-12-14 00:21 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-14 00:21 - 2013-08-22 07:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-14 00:18 - 2014-11-03 00:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-14 00:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-14 00:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-14 00:18 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-14 00:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-13 23:18 - 2014-11-12 23:13 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-13 21:22 - 2014-11-02 04:14 - 00000412 _____ () C:\WINDOWS\Tasks\update-sys.job
2014-12-13 20:51 - 2014-11-02 04:14 - 00000412 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job
2014-12-13 18:12 - 2014-10-22 14:28 - 00002168 _____ () C:\WINDOWS\Sandboxie.ini
2014-12-13 17:55 - 2014-11-06 22:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-13 13:48 - 2014-11-02 04:14 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-12-13 13:21 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-13 13:20 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-13 13:15 - 2014-05-05 08:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 13:06 - 2014-05-05 08:57 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 23:46 - 2014-09-23 12:58 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-10 21:40 - 2014-02-27 08:05 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1358638018-242750385-2534989196-1001
2014-12-10 21:32 - 2014-11-11 11:38 - 00000000 ____D () C:\Users\Shemica\OneDrive
2014-12-08 17:26 - 2014-03-03 18:49 - 00000000 ____D () C:\Users\Shemica\AppData\Local\CrashDumps
2014-12-08 17:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-08 17:06 - 2014-08-12 07:07 - 00000000 ____D () C:\Users\Shemica\AppData\Roaming\Skype
2014-12-08 17:05 - 2014-11-11 11:37 - 00000000 ____D () C:\Users\Shemica\AppData\Local\Deployment
2014-12-08 17:03 - 2014-02-27 07:52 - 00000000 ____D () C:\Users\Shemica\AppData\Local\Packages
2014-12-08 03:30 - 2014-09-24 01:03 - 01006106 _____ () C:\WINDOWS\PFRO.log
2014-12-07 23:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-12-07 22:27 - 2014-09-29 16:23 - 00000000 ____D () C:\BigFishCache
2014-12-06 23:53 - 2014-08-05 03:20 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 22:45 - 2014-02-17 05:53 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-06 01:37 - 2014-02-17 05:45 - 00883630 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-12-05 23:05 - 2014-08-12 07:07 - 00000000 ____D () C:\ProgramData\Skype
2014-12-05 12:59 - 2014-07-02 13:20 - 00000000 ____D () C:\ProgramData\Norton
2014-12-05 12:56 - 2014-08-15 01:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-02 22:01 - 2013-08-22 08:44 - 00381280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-28 15:39 - 2014-02-27 09:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-28 13:11 - 2014-11-04 19:18 - 00000000 ____D () C:\Users\Shemica
2014-11-27 18:04 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-11-25 09:32 - 2014-02-27 07:55 - 00000000 ____D () C:\ProgramData\Atheros
2014-11-23 01:30 - 2014-08-14 19:57 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2014-11-23 01:30 - 2014-08-14 19:57 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\Drivers\see.sys
2014-11-22 19:25 - 2014-09-24 01:15 - 00869556 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-22 16:13 - 2014-02-27 10:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-18 02:10 - 2014-08-15 09:41 - 00000000 ____D () C:\ProgramData\Nimoru
2014-11-17 22:09 - 2014-11-11 11:39 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{353BEAA3-9247-4808-9BAE-C0C1E59C0A0D}
2014-11-17 11:49 - 2014-05-05 09:01 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-11-17 11:40 - 2014-05-05 09:46 - 00036970 _____ () C:\ProgramData\lxebJSW.log
2014-11-17 11:29 - 2013-08-22 08:46 - 00327577 _____ () C:\WINDOWS\setupact.log
2014-11-17 07:30 - 2014-10-05 22:18 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1358638018-242750385-2534989196-1008
2014-11-17 04:28 - 2014-11-02 04:14 - 00003268 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008
2014-11-16 01:33 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\apksa_000\AppData\Local\Temp\i4jdel0.exe
C:\Users\apksa_000\AppData\Local\Temp\InstHelper.exe
C:\Users\apksa_000\AppData\Local\Temp\JExplorer32.2.7.1.dll
C:\Users\apksa_000\AppData\Local\Temp\JExplorer64.2.7.1.dll
C:\Users\apksa_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\apksa_000\AppData\Local\Temp\StartIsBack_update.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-13 12:58

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by apksa_000 at 2014-12-14 00:29:49
Running from C:\Users\apksa_000\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.08 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alienware Evolution Update 1.00 (HKLM-x32\...\Alienware Evolution Update 1.00) (Version: 1.00 - Mr Blade Design's)
Amazon 1Button App for Windows Taskbar (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.2 - Amazon)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.13.5 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{7F39EB28-B9B7-41B8-8564-DB33284A010D}) (Version: 8.0.304.0 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
Hitman: Blood Money Demo (HKLM-x32\...\Steam App 6950) (Version: - Io Interactive)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
join.me (HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\JoinMe) (Version: 1.18.0.189 - LogMeIn, Inc.)
Just Cause 2 Demo (HKLM-x32\...\Steam App 35110) (Version: - Avalanche)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
KLTRH 2.0 (HKLM-x32\...\{AC5F52AB-C916-4E7D-9552-9C3207753EAC}) (Version: 1.0.0 - Temp)
Laplink SafeErase Professional (HKLM\...\{12DA3057-6836-4C8B-A44D-A447474E302B}) (Version: 6.0.275 - Laplink Software Inc.)
Laplink Sync (HKLM-x32\...\{F2C3907A-63FD-46A4-AC73-CD2902748DC5}) (Version: 7.0.100 - Laplink Software, Inc.)
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version: - Lexmark International, Inc.)
Lightshot-5.2.0.8 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.0.8 - Skillbrains)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
mSecure (HKLM-x32\...\{A39AA730-67A5-496D-A543-C959B9339CCF}) (Version: 3.114 - mSeven Software LLC)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NeXtCoup (HKLM-x32\...\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}) (Version: 1.0.0.1839 - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.2 - PC Utilities Software Limited) <==== ATTENTION
Oracle VM VirtualBox 4.3.18 (HKLM\...\{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}) (Version: 4.3.18 - Oracle Corporation)
PCmover (HKLM-x32\...\{918AEB5B-C364-4938-8B35-7618B71D4616}) (Version: 8.20.635 - Laplink Software, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoRecoveryPro 2.5.5 (HKLM-x32\...\{FB7F4D68-7C98-4D7D-9CBA-407D6B12776F}_is1) (Version: 2.5.5 - LionSea SoftWare)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
PSPPContent (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.2.3 - Client Connect LTD) <==== ATTENTION
Setup (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Sleeping Dogs™ Demo (HKLM-x32\...\Steam App 215220) (Version: - United Front Games)
StartIsBack+ (HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\StartIsBack) (Version: 1.6.2 - startisback.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.0.0 - VMware, Inc)
VMware Workstation (Version: 11.0.0 - VMware, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
Wireshark 1.12.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.1 - The Wireshark developer community, http://www.wireshark.org)
Wondershare Dr.Fone for iOS(Build 4.7.0.20) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.7.0.20 - Wondershare Software Co.,Ltd.)
Wondershare Photo Recovery (build 3.1.0) (HKLM-x32\...\Wondershare Photo Recovery_is1) (Version: - Wondershare Co., Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1358638018-242750385-2534989196-1012_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\apksa_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1358638018-242750385-2534989196-1012_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\apksa_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1358638018-242750385-2534989196-1012_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\apksa_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1358638018-242750385-2534989196-1012_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\apksa_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

==================== Restore Points =========================

28-11-2014 19:18:02 Microsoft Visual Studio Community 2013 with Update 4
03-12-2014 00:15:42 Removed KLTRH 2.0
05-12-2014 18:55:00 Removed Google Earth.
06-12-2014 23:23:51 Removed Java™ 7 (64-bit)
13-12-2014 18:59:49 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05457341-FB17-4329-B676-8B17E6C4C092} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {1A5F714B-5CDD-45D9-89C5-949A42CD43CD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {27A36078-9AA8-4112-ADA4-0F7A25E60777} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {2CB242FC-2F6B-4E1C-A7E3-F0D50D407A5B} - \SPDriver No Task File <==== ATTENTION
Task: {2ECF36B9-B6F6-479B-9A42-BC6849C767A2} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {2FAB0955-889C-4640-BBFF-1E189F0B7146} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {34012DD9-ADBA-457A-85BB-00647F4F32AC} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {4C76645E-CD87-4E15-9552-A06E8FF5AE25} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {4E9224E9-C483-486C-A760-7F68632E66F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5CF2B05A-1B01-496C-A7EA-6A6ABF1E8E06} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {62017AF5-93E8-4128-88F4-8C52F0AA7D0C} - System32\Tasks\BUBIOM => C:\Users\Shemica\AppData\Roaming\BUBIOM.exe <==== ATTENTION
Task: {6B558DD7-AC95-4AB9-9682-CA0DDCBEBA9B} - System32\Tasks\UDP Monitor Task => C:\Program Files\UDP Monitor\udpmon.exe
Task: {6C95C211-06AF-4320-AFDB-20D999D19656} - System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {79F53B66-309E-478D-B67C-75F68B5DBBA1} - \SMW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {7F1363CB-B236-41FE-8E2A-211F2B99FFD1} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {8617EE40-A682-4537-90B3-67DBEB703309} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {8BDD2CF1-872D-43EF-9548-72DC3957C140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {8CE85B3E-174B-4BD0-BB60-28A50FF19CEB} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {9D033840-D485-4653-B9FA-F7AD321CEF84} - System32\Tasks\PocketCloud => C:\Program
Task: {9D7B62C4-0593-4AB4-802A-6769B76EDD99} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {9F377B05-BB18-4DF2-A038-A428FA4F76B3} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {A54CFC04-7DA0-4B39-A55A-D6779E7FC415} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {A73F7793-0520-4545-AC9D-63D457104CB8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B0BBD741-30EB-4148-BFF6-EFD468F067B7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {B4234B90-1FA7-479E-9397-0FB95968D62D} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {B6FEB54F-B4FB-4369-8E66-D366E1F96A00} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BA4965CE-5EF5-4DEA-9B22-482752609D2F} - System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {C306594F-C0E7-49ED-8DFB-7E5BFB260543} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation)
Task: {C3F3AF93-E74F-4A4A-8FDA-AA5C5294A2A3} - System32\Tasks\UDP Monitor => C:\Users\Guest_2\Downloads\x86\test.exe
Task: {CE91280A-DD55-46B0-ACAB-4EF6001FDCA2} - System32\Tasks\{EE9B7FD8-8015-43D8-BFC4-6F38664B1CC0} => Chrome.exe http://ui.skype.com/...all?page=tsMain
Task: {D49874B6-26CC-48C5-8E93-2F340B8D0309} - System32\Tasks\{AFC523D0-F00B-4A0B-A532-C3DE34E260AF} => pcalua.exe -a C:\Users\apksa_000\Downloads\avast_premier_antivirus_setup_online.exe -d C:\Users\apksa_000\Downloads
Task: {D988F491-D22C-4F80-862A-07160037F3A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E3E0DD56-81DF-447B-B723-5414EDD7CB60} - \YTDownloaderUpd No Task File <==== ATTENTION
Task: {EB6E8B1A-E580-4200-9F26-B8D1BF532179} - \SPBIW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {F0A5A2D7-0037-44B7-8C3E-FFC29E9547A4} - \ShopperPro No Task File <==== ATTENTION
Task: {F31B84EE-1966-457F-B21F-2912BD2ED4AF} - \YTDownloader No Task File <==== ATTENTION
Task: {F8169C2D-FAAF-4FB7-959A-37E75F30520F} - System32\Tasks\{71E7FD2D-0BE0-42CC-B89E-753DCA1C717B} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {FC54F6A4-93AC-4ED0-96EC-BC8C7A5F9E37} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-05] (Synaptics Incorporated)
Task: {FF808115-7EFC-4A30-BC80-55CF078C0136} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC7U_SkipUac_Shemica.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe
Task: C:\WINDOWS\Tasks\BUBIOM.job => C:\Users\Shemica\AppData\Roaming\BUBIOM.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PC HealthFix Desktop Warning .job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
Task: C:\WINDOWS\Tasks\PC HealthFix Desktop Warning 2.job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
Task: C:\WINDOWS\Tasks\PC HealthFix Scan Results Alert.job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Idle.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job => C:\StartApps.exe
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-04-25 10:48 - 2012-04-25 10:48 - 00146432 _____ () C:\WINDOWS\System32\corelcreatorpm.dll
2014-11-17 11:26 - 2009-11-04 12:18 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxebdrpp.dll
2014-11-22 15:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-17 05:57 - 2012-04-24 20:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-21 19:46 - 2013-06-21 19:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-06-21 19:35 - 2013-06-21 19:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-06-21 19:31 - 2013-06-21 19:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-11-22 16:10 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-02-28 21:14 - 2013-02-28 21:14 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 21:11 - 2013-02-28 21:11 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 21:15 - 2013-02-28 21:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-05-05 09:17 - 2013-01-23 12:29 - 00772712 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
2014-05-05 09:17 - 2013-01-23 12:29 - 00150264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
2014-02-17 06:00 - 2014-04-30 09:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-11-20 18:44 - 2014-11-20 18:44 - 01299136 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-02-17 05:54 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-05-05 09:17 - 2010-04-01 11:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2014-05-05 09:17 - 2009-05-27 06:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2014-05-05 09:17 - 2010-04-01 11:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2014-05-05 09:17 - 2009-03-09 23:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2009-02-20 07:48 - 2009-02-20 07:48 - 00381440 _____ () C:\WINDOWS\SYSTEM32\lxebsm.dll
2009-02-20 07:48 - 2009-02-20 07:48 - 00023552 _____ () C:\WINDOWS\system32\lxebsmr.dll
2014-05-05 09:17 - 2010-04-05 04:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
2014-05-05 09:17 - 2010-04-05 04:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
2014-05-05 09:17 - 2010-04-05 04:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
2014-05-05 09:17 - 2010-04-05 04:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
2014-05-05 09:17 - 2010-04-05 04:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
2014-05-05 09:17 - 2010-04-05 04:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
2014-05-05 09:17 - 2010-04-05 04:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
2014-05-05 09:17 - 2010-04-05 04:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
2014-05-05 09:17 - 2009-04-07 13:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
2014-05-05 09:17 - 2009-03-02 08:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
2014-06-01 11:21 - 2013-12-10 23:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-02 09:44 - 2013-12-17 16:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-02-17 06:00 - 2012-11-26 01:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-02-17 06:00 - 2012-11-26 01:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-12-13 17:55 - 2014-12-13 17:55 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-20 05:51 - 2014-11-20 05:48 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]\npcontentblocker.dll
2014-11-20 05:51 - 2014-11-20 05:48 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\[email protected]\npvkplugin.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\apksa_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Shemica\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "DuckDnsUpdater.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "ChromeHelper"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\...\StartupApproved\Run: => "Skype"

========================= Accounts: ==========================

Administrator (S-1-5-21-1358638018-242750385-2534989196-500 - Administrator - Disabled)
apksa_000 (S-1-5-21-1358638018-242750385-2534989196-1012 - Administrator - Enabled) => C:\Users\apksa_000
Guest (S-1-5-21-1358638018-242750385-2534989196-501 - Limited - Enabled) => C:\Users\Guest.shemica
Shemica (S-1-5-21-1358638018-242750385-2534989196-1001 - Administrator - Enabled) => C:\Users\Shemica

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2014 00:27:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2014 00:27:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2014 00:25:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2014 00:24:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2014 00:24:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2014 00:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2014 00:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/14/2014 00:00:00 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1612) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {D10CA2FE-6FCF-4F6D-848E-B2E99266FA86} is corrupted (0).

Error: (12/13/2014 11:38:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2014 11:38:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/14/2014 00:31:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: JADIN)
Description: There was an error while attempting to read the local hosts file.

Error: (12/14/2014 00:27:22 AM) (Source: DCOM) (EventID: 10010) (User: JADIN)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (12/14/2014 00:27:21 AM) (Source: DCOM) (EventID: 10010) (User: JADIN)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (12/14/2014 00:25:07 AM) (Source: DCOM) (EventID: 10010) (User: JADIN)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (12/14/2014 00:24:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (12/14/2014 00:24:41 AM) (Source: DCOM) (EventID: 10010) (User: JADIN)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (12/14/2014 00:24:39 AM) (Source: DCOM) (EventID: 10010) (User: JADIN)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (12/14/2014 00:22:34 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/14/2014 00:21:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SoftEther VPN Server service failed to start due to the following error:
%%2

Error: (12/14/2014 00:21:54 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (12/14/2014 00:27:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/14/2014 00:27:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/14/2014 00:25:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/14/2014 00:24:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/14/2014 00:24:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/14/2014 00:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/14/2014 00:08:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/14/2014 00:00:00 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost1612SRUJet: AppIdTimeStamp{D10CA2FE-6FCF-4F6D-848E-B2E99266FA86}C:\WINDOWS\system32\SRU\SRUDB.dat0

Error: (12/13/2014 11:38:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (12/13/2014 11:38:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JADIN)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141


==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 27%
Total physical RAM: 8072.96 MB
Available physical RAM: 5835.48 MB
Total Pagefile: 9352.96 MB
Available Pagefile: 6969.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.54 GB) (Free:758.97 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
Drive x: () (Fixed) (Total:0.44 GB) (Free:0.14 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:12.4 GB) (Free:0.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F0C6CFBD)

Partition: GPT Partition Type.

==================== End Of Log ============================
  • 0

#6
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
  • Step 1

    You seem to have too many anti-virus programs running in your system. While it is normal to think that "the more the merrier" in certain occasions, it does not apply when choosing an anti-virus. Having multiple ones of the same kind installed (e.g. more than one anti-virus program) will make your system run slower, and they will go against one another thereby making them inefficient.

    I advise you to uninstall all but one of the following programs through Control Panel > Add or Remove Programs (Windows XP) or Control Panel > Programs and Features > Uninstall a Program (Windows Vista & Windows 7):
    • ESET NOD32 Antivirus
    • Kaspersky Anti-Virus
    If you are having difficulties, please tell me. Note that if you do not have a subscription for either, uninstall the both of them. I will recommend free alternatives instead.
  • Step 2

    Upon careful inspection, your log indicates that the program(s) listed below is installed on your computer. I would like to request for the removal of the program(s) as it is associated with malware, adware or spyware. Please proceed to uninstalling by going to Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7). If Windows says it cannot locate the program(s) and that it prompts for it to be removed from the list instead, do so by allowing it.
    • HitmanPro 3.7
    • NeXtCoup
    • Optimizer Pro v3.2
    • Search Protect
    • Surfing Protection
    Inform me if you encounter problems in the removal process.
  • Step 3

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    EmptyTemp:
    CloseProcesses:
    
    Task: C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\WINDOWS\Tasks\PC HealthFix Desktop Warning .job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
    Task: C:\WINDOWS\Tasks\PC HealthFix Desktop Warning 2.job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
    Task: C:\WINDOWS\Tasks\PC HealthFix Scan Results Alert.job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
    Task: C:\WINDOWS\Tasks\PC Optimizer Pro Idle.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job => C:\StartApps.exe
    Task: C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\ASC7U_SkipUac_Shemica.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe
    Task: C:\WINDOWS\Tasks\BUBIOM.job => C:\Users\Shemica\AppData\Roaming\BUBIOM.exe <==== ATTENTION
    Task: {E3E0DD56-81DF-447B-B723-5414EDD7CB60} - \YTDownloaderUpd No Task File <==== ATTENTION
    Task: {EB6E8B1A-E580-4200-9F26-B8D1BF532179} - \SPBIW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41 No Task File <==== ATTENTION
    Task: {F0A5A2D7-0037-44B7-8C3E-FFC29E9547A4} - \ShopperPro No Task File <==== ATTENTION
    Task: {F31B84EE-1966-457F-B21F-2912BD2ED4AF} - \YTDownloader No Task File <==== ATTENTION
    Task: {D49874B6-26CC-48C5-8E93-2F340B8D0309} - System32\Tasks\{AFC523D0-F00B-4A0B-A532-C3DE34E260AF} => pcalua.exe -a C:\Users\apksa_000\Downloads\avast_premier_antivirus_setup_online.exe -d C:\Users\apksa_000\Downloads
    Task: {C3F3AF93-E74F-4A4A-8FDA-AA5C5294A2A3} - System32\Tasks\UDP Monitor => C:\Users\Guest_2\Downloads\x86\test.exe
    Task: {B4234B90-1FA7-479E-9397-0FB95968D62D} - System32\Tasks\PocketCloudUpdater => C:\Program
    Task: {B6FEB54F-B4FB-4369-8E66-D366E1F96A00} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {BA4965CE-5EF5-4DEA-9B22-482752609D2F} - System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
    Task: {6C95C211-06AF-4320-AFDB-20D999D19656} - System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
    Task: {79F53B66-309E-478D-B67C-75F68B5DBBA1} - \SMW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41 No Task File <==== ATTENTION
    Task: {7F1363CB-B236-41FE-8E2A-211F2B99FFD1} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {8617EE40-A682-4537-90B3-67DBEB703309} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {5CF2B05A-1B01-496C-A7EA-6A6ABF1E8E06} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
    Task: {62017AF5-93E8-4128-88F4-8C52F0AA7D0C} - System32\Tasks\BUBIOM => C:\Users\Shemica\AppData\Roaming\BUBIOM.exe <==== ATTENTION
    Task: {2CB242FC-2F6B-4E1C-A7E3-F0D50D407A5B} - \SPDriver No Task File <==== ATTENTION
    Task: {2ECF36B9-B6F6-479B-9A42-BC6849C767A2} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
    Task: {2FAB0955-889C-4640-BBFF-1E189F0B7146} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
    Task: {1A5F714B-5CDD-45D9-89C5-949A42CD43CD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    2014-11-17 04:28 - 2014-11-02 04:14 - 00003268 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008
    2014-12-13 21:22 - 2014-11-02 04:14 - 00000412 _____ () C:\WINDOWS\Tasks\update-sys.job
    2014-12-13 20:51 - 2014-11-02 04:14 - 00000412 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job
    2014-12-14 00:23 - 2014-09-23 08:40 - 00001362 _____ () C:\WINDOWS\Tasks\BUBIOM.job
    2014-11-18 01:30 - 2014-12-13 21:21 - 00000412 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job
    2014-11-18 01:30 - 2014-12-13 13:48 - 00003268 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012
    2014-11-18 05:35 - 2014-11-18 05:35 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\IObit
    CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] 
    CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] 
    CHR HomePage: Default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRbayHtNQUqMYjNiNBeY8DaNtLx64YszFA23QezQ5-3kW0KIRsSSCHphOLJcNSRDB0n8-XvbXnm_NN7bCLvaqJTZ43aFtk1MlZ2TwDRKF1gujB1tjzsWz-9fhlwkt0j0ZntoOw14PMYtuCpE2JutZTYxxrEYa2rA6K1_Z8sje4y9ghcZHqSr1ADRB5Rde
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSuggestURL: Default -> http://ss-sym.ask.co...pe=prefix&li=ff
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    Toolbar: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
    BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer32.dll No File
    BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
    BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer64.dll No File
    C:\Program Files (x86)\Object Browser
    SearchScopes: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> {91BE4B2F-FDDC-4583-B135-C136B3D8F99E} URL =
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)

  • 0

#7
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Im still removing program's but i couldn't find next coup or search project.
  • 0

#8
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

NeXtCoup
Search Protect


You mean those two? Skip the entries that you cannot find. :)
  • 0

#9
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Do you want me to post the log or the txt?


  • 0

#10
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

My txt file is gone?


  • 0

Advertisements


#11
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Lol nvm im stupid here is my log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014
Ran by apksa_000 at 2014-12-14 02:09:04 Run:2
Running from C:\Users\apksa_000\Desktop
Loaded Profiles: Shemica & apksa_000 & Guest (Available profiles: Shemica & apksa_000 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:
CloseProcesses:

Task: C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\PC HealthFix Desktop Warning .job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
Task: C:\WINDOWS\Tasks\PC HealthFix Desktop Warning 2.job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
Task: C:\WINDOWS\Tasks\PC HealthFix Scan Results Alert.job => C:\ProgramData\PC HealthFix\PCHealthFix.exe
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Idle.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job => C:\StartApps.exe
Task: C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ASC7U_SkipUac_Shemica.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe
Task: C:\WINDOWS\Tasks\BUBIOM.job => C:\Users\Shemica\AppData\Roaming\BUBIOM.exe <==== ATTENTION
Task: {E3E0DD56-81DF-447B-B723-5414EDD7CB60} - \YTDownloaderUpd No Task File <==== ATTENTION
Task: {EB6E8B1A-E580-4200-9F26-B8D1BF532179} - \SPBIW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {F0A5A2D7-0037-44B7-8C3E-FFC29E9547A4} - \ShopperPro No Task File <==== ATTENTION
Task: {F31B84EE-1966-457F-B21F-2912BD2ED4AF} - \YTDownloader No Task File <==== ATTENTION
Task: {D49874B6-26CC-48C5-8E93-2F340B8D0309} - System32\Tasks\{AFC523D0-F00B-4A0B-A532-C3DE34E260AF} => pcalua.exe -a C:\Users\apksa_000\Downloads\avast_premier_antivirus_setup_online.exe -d C:\Users\apksa_000\Downloads
Task: {C3F3AF93-E74F-4A4A-8FDA-AA5C5294A2A3} - System32\Tasks\UDP Monitor => C:\Users\Guest_2\Downloads\x86\test.exe
Task: {B4234B90-1FA7-479E-9397-0FB95968D62D} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {B6FEB54F-B4FB-4369-8E66-D366E1F96A00} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BA4965CE-5EF5-4DEA-9B22-482752609D2F} - System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {6C95C211-06AF-4320-AFDB-20D999D19656} - System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {79F53B66-309E-478D-B67C-75F68B5DBBA1} - \SMW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {7F1363CB-B236-41FE-8E2A-211F2B99FFD1} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {8617EE40-A682-4537-90B3-67DBEB703309} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {5CF2B05A-1B01-496C-A7EA-6A6ABF1E8E06} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {62017AF5-93E8-4128-88F4-8C52F0AA7D0C} - System32\Tasks\BUBIOM => C:\Users\Shemica\AppData\Roaming\BUBIOM.exe <==== ATTENTION
Task: {2CB242FC-2F6B-4E1C-A7E3-F0D50D407A5B} - \SPDriver No Task File <==== ATTENTION
Task: {2ECF36B9-B6F6-479B-9A42-BC6849C767A2} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {2FAB0955-889C-4640-BBFF-1E189F0B7146} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {1A5F714B-5CDD-45D9-89C5-949A42CD43CD} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
2014-11-17 04:28 - 2014-11-02 04:14 - 00003268 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008
2014-12-13 21:22 - 2014-11-02 04:14 - 00000412 _____ () C:\WINDOWS\Tasks\update-sys.job
2014-12-13 20:51 - 2014-11-02 04:14 - 00000412 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job
2014-12-14 00:23 - 2014-09-23 08:40 - 00001362 _____ () C:\WINDOWS\Tasks\BUBIOM.job
2014-11-18 01:30 - 2014-12-13 21:21 - 00000412 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job
2014-11-18 01:30 - 2014-12-13 13:48 - 00003268 _____ () C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012
2014-11-18 05:35 - 2014-11-18 05:35 - 00000000 ____D () C:\Users\apksa_000\AppData\Roaming\IObit
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HomePage: Default -> hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRbayHtNQUqMYjNiNBeY8DaNtLx64YszFA23QezQ5-3kW0KIRsSSCHphOLJcNSRDB0n8-XvbXnm_NN7bCLvaqJTZ43aFtk1MlZ2TwDRKF1gujB1tjzsWz-9fhlwkt0j0ZntoOw14PMYtuCpE2JutZTYxxrEYa2rA6K1_Z8sje4y9ghcZHqSr1ADRB5Rde
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> http://ss-sym.ask.co...pe=prefix&li=ff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
Toolbar: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer32.dll No File
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Users\apksa_000\AppData\Local\Temp\Rar$EXa0.078\OldNewExplorer64.dll No File
C:\Program Files (x86)\Object Browser
SearchScopes: HKU\S-1-5-21-1358638018-242750385-2534989196-1012 -> {91BE4B2F-FDDC-4583-B135-C136B3D8F99E} URL =
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

Processes closed successfully.
C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job not found.
C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job not found.
C:\WINDOWS\Tasks\update-sys.job not found.
C:\WINDOWS\Tasks\PC HealthFix Desktop Warning .job not found.
C:\WINDOWS\Tasks\PC HealthFix Desktop Warning 2.job not found.
C:\WINDOWS\Tasks\PC HealthFix Scan Results Alert.job not found.
C:\WINDOWS\Tasks\PC Optimizer Pro Idle.job not found.
C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job not found.
C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job not found.
C:\WINDOWS\Tasks\ASC7U_SkipUac_Shemica.job not found.
C:\WINDOWS\Tasks\BUBIOM.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3E0DD56-81DF-447B-B723-5414EDD7CB60}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB6E8B1A-E580-4200-9F26-B8D1BF532179}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0A5A2D7-0037-44B7-8C3E-FFC29E9547A4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F31B84EE-1966-457F-B21F-2912BD2ED4AF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D49874B6-26CC-48C5-8E93-2F340B8D0309}" => Key not found.
C:\Windows\System32\Tasks\{AFC523D0-F00B-4A0B-A532-C3DE34E260AF} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AFC523D0-F00B-4A0B-A532-C3DE34E260AF}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3F3AF93-E74F-4A4A-8FDA-AA5C5294A2A3}" => Key not found.
C:\Windows\System32\Tasks\UDP Monitor not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UDP Monitor" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4234B90-1FA7-479E-9397-0FB95968D62D}" => Key not found.
C:\Windows\System32\Tasks\PocketCloudUpdater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PocketCloudUpdater" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FEB54F-B4FB-4369-8E66-D366E1F96A00}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA4965CE-5EF5-4DEA-9B22-482752609D2F}" => Key not found.
C:\Windows\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-1358638018-242750385-2534989196-1012" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C95C211-06AF-4320-AFDB-20D999D19656}" => Key not found.
C:\Windows\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-1358638018-242750385-2534989196-1008" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F53B66-309E-478D-B67C-75F68B5DBBA1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323531383535333536322d3437415a556c2a3223346c41" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F1363CB-B236-41FE-8E2A-211F2B99FFD1}" => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8617EE40-A682-4537-90B3-67DBEB703309}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CF2B05A-1B01-496C-A7EA-6A6ABF1E8E06}" => Key not found.
C:\Windows\System32\Tasks\SMWUpd not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62017AF5-93E8-4128-88F4-8C52F0AA7D0C}" => Key not found.
C:\Windows\System32\Tasks\BUBIOM not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BUBIOM" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CB242FC-2F6B-4E1C-A7E3-F0D50D407A5B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ECF36B9-B6F6-479B-9A42-BC6849C767A2}" => Key not found.
C:\Windows\System32\Tasks\SMupdate1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FAB0955-889C-4640-BBFF-1E189F0B7146}" => Key not found.
C:\Windows\System32\Tasks\update-sys not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A5F714B-5CDD-45D9-89C5-949A42CD43CD}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008" => File/Directory not found.
"C:\WINDOWS\Tasks\update-sys.job" => File/Directory not found.
"C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1008.job" => File/Directory not found.
"C:\WINDOWS\Tasks\BUBIOM.job" => File/Directory not found.
"C:\WINDOWS\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012.job" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\update-S-1-5-21-1358638018-242750385-2534989196-1012" => File/Directory not found.
"C:\Users\apksa_000\AppData\Roaming\IObit" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key not found.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSuggestURL not detected.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => Value not found.
HKU\S-1-5-21-1358638018-242750385-2534989196-1012\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => Value not found.
"HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key not found.
"HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}" => Key not found.
"HKCR\Wow6432Node\CLSID\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}" => Key not found.
"HKCR\CLSID\{11111111-1111-1111-1111-110311281150}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}" => Key not found.
"HKCR\CLSID\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}" => Key not found.
"C:\Program Files (x86)\Object Browser" => File/Directory not found.
"HKU\S-1-5-21-1358638018-242750385-2534989196-1012\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91BE4B2F-FDDC-4583-B135-C136B3D8F99E}" => Key not found.
"HKCR\CLSID\{91BE4B2F-FDDC-4583-B135-C136B3D8F99E}" => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
EmptyTemp: => Removed 2.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Edited by Rico1234, 14 December 2014 - 02:22 AM.

  • 0

#12
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Lol nvm im stupid here is my log


Nah, the entire process is just a matter of getting used to. ;) Anyway, a few questions:
  • Which anti-virus did you retain?
  • Did you knowingly install a developer version of Google Chrome?
Good results thus far, but we still have quite a lot of work to do.
  • Step 1

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'SecurityCheck by screen317' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up after once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    Note: If you get an error about an unsupported operating system, please reboot your computer and try again.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • AdwCleaner[S*].txt (AdwCleaner)
    • checkup.txt (SecurityCheck)
    • JRT.txt (Junkware Removal Tool)

  • 0

#13
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Don't really really know whitch google i have installed lol.
  • 0

#14
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
And the anit virus that i kept was ESET NOD32 Antivirus.
  • 0

#15
Rico1234

Rico1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is my log for the first clean up.

# AdwCleaner v4.105 - Report created 14/12/2014 at 12:35:32
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : apksa_000 - JADIN
# Running from : C:\Users\apksa_000\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : c2cautoupdatesvc
Service Deleted : c2cpnrsvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\eee5f171aa299f47
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\DeltaFix
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Shemica\AppData\Local\Astromenda
Folder Deleted : C:\Users\Shemica\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Shemica\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Shemica\AppData\Local\torch
Folder Deleted : C:\Users\Shemica\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Shemica\AppData\LocalLow\Object Browser
Folder Deleted : C:\Users\Shemica\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Shemica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpkapnakkhiaablfmekfdjfnmbjghig
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpkapnakkhiaablfmekfdjfnmbjghig
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlaplikkahjgjkgbidfogjjjfpngogjf
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlaplikkahjgjkgbidfogjjjfpngogjf
Folder Deleted : C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlaplikkahjgjkgbidfogjjjfpngogjf
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnanoflhahihemaiggibfkcjblkfbnoo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnanoflhahihemaiggibfkcjblkfbnoo
File Deleted : C:\Users\apksa_000\AppData\Roaming\Mozilla\Firefox\Profiles\264bal2f.default-1416485126634\user.js
File Deleted : C:\Users\Shemica\AppData\Roaming\Mozilla\Firefox\Profiles\nmu17tad.default\user.js
File Deleted : C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\iWebar-nv
Key Deleted : HKLM\SOFTWARE\PC_Booster
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\GS_Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRbayHtNQUqMYjNiNBeY8DaNtLx64YszFA23QezQ5-3kW0KIRsSSCHphOLJcNSRDB0n8-XvbXnm_NN7bCLvaqJTZ43aFtk1MlZ2TwDRKJh5-F8mKv8W7oo3Nsm8X3IEsCAgo6ECey9x0TAzwzOUhPicU7LAipqYv_2WdG9FCJTKPq_3wzPkk07xe1jxEH&q={searchTerms}
[C:\Users\apksa_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRbayHtNQUqMYjNiNBeY8DaNtLx64YszFA23QezQ5-3kW0KIRsSSCHphOLJcNSRDB0n8-XvbXnm_NN7bCLvaqJTZ43aFtk1MlZ2TwDRKJh5-F8mKv8W7oo3Nsm8X3IEsCAgo6ECey9x0TAzwzOUhPicU7LAipqYv_2WdG9FCJTKPq_3wzPkk07xe1jxEH&q={searchTerms}
[C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_38_ie&cd=2XzuyEtN2Y1L1Qzu0E0C0FyE0B0ByB0EtD0B0FzzzyyD0E0EtN0D0Tzu0SzyzytBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0BtByC0DyB0E0BtGyDyE0EyCtG0EyE0E0AtGtAtC0EtBtGyD0AtC0EtB0AyEtDyD0C0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0CyEyDyB0B0FtG0E0ByBzytGyE0BtByCtG0AtCtCtDtGyB0F0FtBtCyDtByD0BtD0FtC2Q&cr=2136787681&ir=
[C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325155&octid=EB_ORIGINAL_CTID&ISID=MA10DAE6E-2D19-4290-B873-D901CDBDAE0F&SearchSource=58&CUI=&UM=6&UP=SP1BE6E8D6-B183-4956-A5DB-B739ADC648F5&q={searchTerms}&SSPV=
[C:\Users\Shemica\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325155&octid=EB_ORIGINAL_CTID&ISID=MA10DAE6E-2D19-4290-B873-D901CDBDAE0F&SearchSource=58&CUI=&UM=6&UP=SP1BE6E8D6-B183-4956-A5DB-B739ADC648F5&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [11423 octets] - [02/06/2014 10:40:08]
AdwCleaner[R1].txt - [2538 octets] - [05/08/2014 03:48:48]
AdwCleaner[R2].txt - [12936 octets] - [14/12/2014 12:33:06]
AdwCleaner[S0].txt - [9466 octets] - [02/06/2014 10:41:04]
AdwCleaner[S1].txt - [2555 octets] - [05/08/2014 03:49:32]
AdwCleaner[S2].txt - [12959 octets] - [14/12/2014 12:35:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [13020 octets] ##########
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP