Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus [Solved]

Started by peejaygee , Jan 12 2015 11:48 AM

This topic is locked

#1
peejaygee

Posted 12 January 2015 - 11:48 AM

Member

Member
39 posts

Hi. My system is running very slow. I am getting various pop-ups and and also my homepage in firefox has changed several times.

OTL logfile created on: 12/01/2015 17:25:58 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paulj_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 67.56% Memory free
4.59 Gb Paging File | 3.25 Gb Available in Paging File | 70.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.79 Gb Total Space | 747.99 Gb Free Space | 81.77% Space Free | Partition Type: NTFS
Drive D: | 15.94 Gb Total Space | 1.58 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: paulj_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/12 17:25:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paulj_000\Downloads\OTL.exe
PRC - [2015/01/12 16:42:46 | 000,402,024 | ---- | M] (RaMMicHaeL) -- C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
PRC - [2015/01/12 16:42:46 | 000,111,208 | ---- | M] (RaMMicHaeL) -- C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
PRC - [2015/01/07 19:04:30 | 000,277,584 | ---- | M] (ClickCaption) -- C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe
PRC - [2014/12/29 01:29:00 | 000,158,864 | ---- | M] (XTab system) -- C:\Program Files (x86)\XTab\ProtectService.exe
PRC - [2014/12/29 01:28:58 | 000,673,936 | ---- | M] (XTab system) -- C:\Program Files (x86)\XTab\HPNotify.exe
PRC - [2014/12/29 01:28:58 | 000,048,272 | ---- | M] (SearchProtect) -- C:\Program Files (x86)\XTab\CmdShell.exe
PRC - [2014/12/10 10:48:59 | 000,360,416 | ---- | M] (smart-saverplus) -- C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe
PRC - [2014/12/09 18:23:20 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
PRC - [2014/12/02 10:57:18 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/08/17 09:01:42 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/04 15:53:59 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/08 11:41:36 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/10/08 11:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/08/05 07:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/09 18:23:19 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
MOD - [2014/12/02 10:57:17 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/04 15:54:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/05 15:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 07:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/10/31 04:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/07 01:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/22 03:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 03:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 00:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 00:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 07:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/05/04 15:53:59 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/14 06:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 05:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 07:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 15:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 09:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 09:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 09:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 09:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/12/10 07:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/10/14 11:29:40 | 000,087,552 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe -- (omniserv)
SRV:64bit: - [2013/10/14 11:23:20 | 000,109,568 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe -- (Cachedrv server)
SRV:64bit: - [2013/08/26 06:13:24 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/08/23 06:47:14 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/08/22 11:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 11:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 11:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 11:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 11:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 10:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 10:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 10:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 09:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 09:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 09:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 09:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 09:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 09:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 09:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 09:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/07/01 20:08:48 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/01 20:08:32 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 11:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2015/01/12 16:42:46 | 000,111,208 | ---- | M] (RaMMicHaeL) [Auto | Running] -- C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe -- (Unchecky)
SRV - [2015/01/12 16:32:30 | 000,473,088 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2015/01/07 19:04:30 | 000,277,584 | ---- | M] (ClickCaption) [Auto | Running] -- C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe -- (ccsvc_1.10.0.6)
SRV - [2014/12/29 01:29:00 | 000,158,864 | ---- | M] (XTab system) [Auto | Running] -- C:\Program Files (x86)\XTab\ProtectService.exe -- (IHProtect Service)
SRV - [2014/12/10 10:47:11 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/12/10 10:47:11 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/12/09 18:23:20 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/02 10:57:17 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/16 03:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 06:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/11/04 17:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/25 19:49:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/08 11:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/08/26 06:13:24 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/08/26 06:13:24 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/08/26 06:13:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/08/22 03:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 02:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/07 01:34:24 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/01/11 20:28:46 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys -- ({11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64)
DRV:64bit: - [2015/01/07 19:04:22 | 000,058,232 | ---- | M] (ClickCaption) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ccnfd_1_10_0_6.sys -- (ccnfd_1_10_0_6)
DRV:64bit: - [2014/12/10 00:39:26 | 000,048,824 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{7b92ebda-59e4-4459-a904-440931a40b95}Gw64.sys -- ({7b92ebda-59e4-4459-a904-440931a40b95}Gw64)
DRV:64bit: - [2014/10/13 02:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/13 02:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/13 02:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/10 01:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/22 03:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 03:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 02:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 15:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 15:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 11:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/05/19 15:58:07 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/19 15:58:06 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/19 15:58:06 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/04 15:54:22 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/04 15:54:22 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/04 15:54:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/04 15:54:22 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/04 15:54:20 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/01 13:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/04/28 05:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2014/03/20 03:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 12:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 20:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 15:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 15:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 15:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 15:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 12:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/04 18:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/13 00:54:52 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/10/26 01:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/25 19:49:08 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/25 19:49:02 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/10/17 01:46:02 | 003,858,944 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/10/05 15:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/20 05:10:18 | 000,533,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/09/20 05:10:18 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/09/20 05:10:18 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/08/26 22:54:36 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/08/22 22:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 22:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 19:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 11:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 11:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 11:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 22:28:42 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/22 16:45:58 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013/07/01 20:10:20 | 000,087,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TXEIx64.sys -- (TXEIx64)
DRV:64bit: - [2013/03/05 12:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/05 06:22:20 | 000,041,408 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://vosteran.com/...=1345008057&ir=
IE:64bit: - HKLM\..\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}: "URL" = http://isearch.omiga...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://Taplika.com/r...=1391740327&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://isearch.omiga...q={searchTerms}
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://uk.search.ya...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...ast&type=agc511
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKCU\..\SearchScopes\{317BA602-FAC3-4CFF-A620-41084D43A3CF}: "URL" = https://uk.search.ya...p={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://vosteran.com/...=1345008057&ir=
IE - HKCU\..\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}: "URL" = http://isearch.omiga...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://uk.search.ya...p={searchTerms}
IE - HKCU\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://isearch.omiga...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "omiga-plus"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...ogle Search&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.searchengine.alias: "omiga-plus"
FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine"
FF - prefs.js..browser.search.searchengine.iconURL: "http://isearch.omiga...om/favicon.ico"
FF - prefs.js..browser.search.searchengine.name: "omiga-plus"
FF - prefs.js..browser.search.searchengine.ptid: "ild"
FF - prefs.js..browser.search.searchengine.uid: "HGSTXHTS541010A9E680_JA1000102TK3LP2TK3LPX"
FF - prefs.js..browser.search.searchengine.url: "http://isearch.omiga...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "omiga-plus"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: fftoolbar2014%40etech.com:1.0.0.1025
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/04 15:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected] [2015/01/12 16:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/05/06 13:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Extensions
[2015/01/12 16:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Firefox\Profiles\f7t4qr94.default\extensions
[2015/01/12 16:32:05 | 000,000,000 | ---D | M] (FF Toolbar) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
[2015/01/12 17:17:48 | 000,002,090 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
[2015/01/12 16:32:44 | 000,002,826 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\searchplugins\Taplika.xml
[2014/12/10 10:28:06 | 000,000,900 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\searchplugins\trovi-search.xml
[2015/01/12 16:49:32 | 000,002,821 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\searchplugins\Vosteran.xml
[2014/07/18 15:48:01 | 000,008,080 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\searchplugins\yahoo_ff.xml
[2014/11/08 12:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/02 10:57:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: omiga-plus (Enabled)
CHR - default_search_provider: search_url = http://isearch.omiga...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://vosteran.com/...=1345008057&ir=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2015/01/12 17:16:03 | 000,001,993 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 10 more lines...
O2:64bit: - BHO: (SmartSaver+ 3) - {11111111-1111-1111-1111-110611181106} - C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (SmartSaver+ 3) - {11111111-1111-1111-1111-110611181106} - C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe ()
O4 - HKCU..\Run: [TornTv Downloader] C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup File not found
O4 - HKCU..\Run: [uTorrent] C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [WindApp] "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk = C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}\The Bourne Supremacy.exe ()
O4 - Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A232F6-C67F-4E3C-9B63-1AE6C41AB7DE}: DhcpNameServer = 192.168.56.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50D9F5F1-5C9A-4177-9E45-6A62B8A3BE8B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{47ae0b73-7caf-11e3-8259-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{47ae0b73-7caf-11e3-8259-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\start.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:29428ccb /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/12 16:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
[2015/01/12 16:49:43 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Google
[2015/01/12 16:46:10 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
[2015/01/12 16:45:49 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Vosteran
[2015/01/12 16:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClickCaption_1.10.0.6
[2015/01/12 16:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
[2015/01/12 16:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Unchecky
[2015/01/12 16:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unchecky
[2015/01/12 16:38:04 | 000,048,792 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
[2015/01/12 16:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\IHProtectUpDate
[2015/01/12 16:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XTab
[2015/01/12 16:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect
[2015/01/07 19:04:22 | 000,058,232 | ---- | C] (ClickCaption) -- C:\Windows\SysNative\drivers\ccnfd_1_10_0_6.sys

========== Files - Modified Within 30 Days ==========

[2015/01/12 17:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/12 17:22:10 | 000,005,516 | ---- | M] () -- C:\Windows\tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
[2015/01/12 17:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/12 17:19:19 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/12 17:17:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/12 17:17:08 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2015/01/12 17:16:59 | 000,001,428 | ---- | M] () -- C:\Windows\tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
[2015/01/12 17:16:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/12 17:16:59 | 000,000,630 | ---- | M] () -- C:\Windows\tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
[2015/01/12 17:15:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/01/12 17:15:44 | 3349,221,376 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/12 16:55:40 | 000,002,027 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk
[2015/01/12 16:55:40 | 000,001,666 | ---- | M] () -- C:\Users\paulj_000\Desktop\The Bourne Supremacy.lnk
[2015/01/12 16:52:02 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2015/01/12 16:46:10 | 000,002,308 | ---- | M] () -- C:\Users\paulj_000\Desktop\Vosteran.lnk
[2015/01/12 16:44:15 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/01/12 01:47:09 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpaulj_000.job
[2015/01/11 20:28:46 | 000,048,792 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
[2015/01/11 09:25:16 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2015/01/07 19:04:22 | 000,058,232 | ---- | M] (ClickCaption) -- C:\Windows\SysNative\drivers\ccnfd_1_10_0_6.sys
[2014/12/28 14:05:47 | 000,956,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/28 14:05:47 | 000,800,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/28 14:05:47 | 000,165,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/28 12:25:26 | 000,000,354 | ---- | M] () -- C:\Users\paulj_000\Desktop\All Control Panel Items - Shortcut.lnk

========== Files Created - No Company Name ==========

[2015/01/12 16:55:40 | 000,002,027 | ---- | C] () -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk
[2015/01/12 16:55:40 | 000,001,666 | ---- | C] () -- C:\Users\paulj_000\Desktop\The Bourne Supremacy.lnk
[2015/01/12 16:46:10 | 000,002,308 | ---- | C] () -- C:\Users\paulj_000\Desktop\Vosteran.lnk
[2014/12/28 12:25:26 | 000,000,354 | ---- | C] () -- C:\Users\paulj_000\Desktop\All Control Panel Items - Shortcut.lnk
[2014/12/10 11:13:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/09/01 08:18:44 | 000,002,086 | ---- | C] () -- C:\Users\paulj_000\AppData\Roaming\ZKYZ
[2014/09/01 08:18:44 | 000,002,086 | ---- | C] () -- C:\Users\paulj_000\AppData\Roaming\BQXRVKM
[2014/09/01 08:18:44 | 000,001,248 | ---- | C] () -- C:\Users\paulj_000\AppData\Roaming\ZXAUFGTM
[2014/09/01 08:18:44 | 000,001,248 | ---- | C] () -- C:\Users\paulj_000\AppData\Roaming\SCPP
[2014/06/11 17:12:52 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/05/18 07:54:14 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/05/06 16:12:48 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/05/05 07:29:09 | 000,000,536 | ---- | C] () -- C:\Windows\SysWow64\schtasks.bin
[2013/10/25 19:49:08 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/10/25 19:49:04 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/25 19:49:04 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/26 06:13:37 | 000,931,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 03:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/07/01 19:44:46 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/11/12 18:34:14 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 00:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 22:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 09:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 02:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 09:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/06 12:59:42 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\AVAST Software
[2015/01/12 17:15:02 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\ClassicShell
[2014/12/10 08:58:57 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\Store
[2014/05/06 12:56:14 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\Synaptics
[2015/01/12 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\paulj_000\SkyDrive:ms-properties

< End of report >

#2
Essexboy

Posted 12 January 2015 - 04:11 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi as you are running windows 8 I will need to use a different programme

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please post both logs generated.

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG

On completion of the scan click save log, save it to your desktop and post in your next reply

#3
peejaygee

Posted 13 January 2015 - 01:05 PM

Member

Topic Starter
Member
39 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by paulj_000 at 2015-01-13 18:49:31
Running from C:\Users\paulj_000\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Click Caption 1.10.0.6 (HKLM-x32\...\ClickCaption_1.10.0.6) (Version: 1.10.0.6 - ClickCaption) <==== ATTENTION
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-GB)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
SmartSaver+ 3 (HKLM-x32\...\SmartSaver+ 3) (Version: 1.35.11.26 - smart-saverplus) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.0 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vosteran (HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Vosteran) (Version: 31.0.1650.23 - Vosteran) <==== ATTENTION!
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
WinCheck (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
WindApp (HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\WindApp) (Version: - Store) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

10-12-2014 09:06:11 Windows Update
28-12-2014 15:31:50 Scheduled Checkpoint
09-01-2015 22:56:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2015-01-12 22:52 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-3 No Task File <==== ATTENTION
Task: {268F112E-9845-463C-8B57-FADC29CAA40D} - \temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} - System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {320F3221-60C5-4884-A293-8C73885263EE} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {339C6966-42E1-4548-88C6-2643A3FCDAA2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {46489D21-9C22-45B4-BB77-9B72F66D1517} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} - System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {65E03043-362E-4CF3-BF06-972809C6F23D} - System32\Tasks\HPCeeScheduleForpaulj_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {7ED67540-BE36-4B4D-AE8D-68FB81748101} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {82FE9116-8346-435E-9025-8F1C62F4C5BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {846B4A26-6B5F-4608-B508-22B0AFE1A359} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-4 No Task File <==== ATTENTION
Task: {86F0C95D-D292-4252-B6A1-2CE66DEE8F73} - System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe [2014-12-10] () <==== ATTENTION
Task: {8C6AA687-9C8C-4475-8236-BD5E795C663D} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-6 No Task File <==== ATTENTION
Task: {90D8E7B8-5C59-4F6A-83FD-582A4B9881BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {93522A0E-EF35-481F-AC7D-93A7A6CD74FA} - System32\Tasks\HPCeeScheduleForSarah => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {9930B428-1660-4B05-8D9D-B9AF5D2D2950} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {AAE5B805-69AF-4A0B-BE0F-88EF84C3A7BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {AC448E35-F49E-467C-9673-142DEEB800AB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {BA6D1F50-96D8-4D77-AAEF-6F91E020C0C7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-20] (Synaptics Incorporated)
Task: {C290C1D1-8027-4164-9389-68D8229967D9} - \temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {C6298105-6910-4407-B430-D8B0B1E0A381} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {C9E73C16-3D6D-4142-AAAC-E185D4D8D26D} - System32\Tasks\WindApp Update => C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp Update.exe [2014-11-28] (Nosibay) <==== ATTENTION
Task: {CD947758-E405-4E1B-87FA-307997F86FA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-3 No Task File <==== ATTENTION
Task: {D6736007-D034-4C1F-99EF-CAF4EA6B501B} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-4 No Task File <==== ATTENTION
Task: {D741A10E-E986-488E-915E-C2F80853D899} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {DB24EB34-7116-4151-95F3-5D5C17F8BBEF} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-6 No Task File <==== ATTENTION
Task: {DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {E28A2191-A53A-431D-880F-C8BC0675AC1E} - System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => pcalua.exe -a C:\Users\paulj_000\Downloads\RA2_Yuri\CnC.exe -d C:\Users\paulj_000\Downloads\RA2_Yuri
Task: {E9BE54FB-6619-4A0B-8835-C9E5B76BF7E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {EF917C69-6FCB-486D-BC35-41032B9B0682} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {F82BD733-EC80-496E-BCA3-8D06F0EF095F} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe <==== ATTENTION
Task: C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForpaulj_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSarah.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-12-10 10:47 - 2014-12-10 10:47 - 00032736 _____ () C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-01-13 18:40 - 2015-01-13 18:40 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011302\algo.dll
2014-11-08 12:55 - 2014-12-02 10:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-04 15:54 - 2014-05-04 15:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-13 22:54 - 2013-08-05 07:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\paulj_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Sarah\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\StartupApproved\Run: => "uTorrent"

========================= Accounts: ==========================

Administrator (S-1-5-21-3242301468-3912853311-3031073808-500 - Administrator - Disabled)
Guest (S-1-5-21-3242301468-3912853311-3031073808-501 - Limited - Enabled) => C:\Users\Guest
paulj_000 (S-1-5-21-3242301468-3912853311-3031073808-1003 - Administrator - Enabled) => C:\Users\paulj_000
Sarah (S-1-5-21-3242301468-3912853311-3031073808-1001 - Administrator - Enabled) => C:\Users\Sarah

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 06:46:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 12.1.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e5c

Start Time: 01d02f60ee3a46b9

Termination Time: 4294967295

Application Path: C:\Users\paulj_000\Downloads\FRST64.exe

Report Id: 6c23423c-9b54-11e4-82b3-fc15b402f146

Faulting package full name:

Faulting package-relative application ID:

Error: (01/12/2015 10:39:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/12/2015 04:56:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.0.5442, time stamp: 0x54754d35
Faulting module name: mozalloc.dll, version: 34.0.0.5442, time stamp: 0x54754649
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0x16a8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (01/12/2015 04:43:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.2.36802 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 954

Start Time: 01d02d82f068c3c6

Termination Time: 4294967295

Application Path: C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 2fae4183-9a7a-11e4-82b1-fc15b402f146

Faulting package full name:

Faulting package-relative application ID:

Error: (01/12/2015 04:43:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nsa652.tmp version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16b8

Start Time: 01d02e86bbca08de

Termination Time: 4294967295

Application Path: C:\Users\PAULJ_~1\AppData\Local\Temp\nsa652.tmp

Report Id: 2cdaf0f1-9a7a-11e4-82b1-fc15b402f146

Faulting package full name:

Faulting package-relative application ID:

Error: (01/12/2015 04:40:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 152c

Start Time: 01d02e8663849b06

Termination Time: 62

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a8248218-9a79-11e4-82b1-fc15b402f146

Faulting package full name:

Faulting package-relative application ID:

Error: (01/12/2015 04:36:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.0.5442, time stamp: 0x54754d35
Faulting module name: mozalloc.dll, version: 34.0.0.5442, time stamp: 0x54754649
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0xfd8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (01/12/2015 04:36:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.0.5442, time stamp: 0x54754d35
Faulting module name: mozalloc.dll, version: 34.0.0.5442, time stamp: 0x54754649
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process ID: 0x1090
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (01/11/2015 09:13:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29538125

Error: (01/11/2015 09:13:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29538125

System errors:
=============
Error: (01/13/2015 06:40:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:40:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:39:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:39:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:39:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:39:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:39:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (01/13/2015 06:38:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Microsoft Office Sessions:
=========================
Error: (01/13/2015 06:46:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe12.1.2015.0e5c01d02f60ee3a46b94294967295C:\Users\paulj_000\Downloads\FRST64.exe6c23423c-9b54-11e4-82b3-fc15b402f146

Error: (01/12/2015 10:39:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (01/12/2015 04:56:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.0.544254754d35mozalloc.dll34.0.0.544254754649800000030000142516a801d02e87ef93860bC:\PROGRA~2\MOZILL~1\plugin-container.exeC:\PROGRA~2\MOZILL~1\mozalloc.dlle598bd22-9a7b-11e4-82b1-fc15b402f146

Error: (01/12/2015 04:43:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: uTorrent.exe3.4.2.3680295401d02d82f068c3c64294967295C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe2fae4183-9a7a-11e4-82b1-fc15b402f146

Error: (01/12/2015 04:43:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsa652.tmp0.0.0.016b801d02e86bbca08de4294967295C:\Users\PAULJ_~1\AppData\Local\Temp\nsa652.tmp2cdaf0f1-9a7a-11e4-82b1-fc15b402f146

Error: (01/12/2015 04:40:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416152c01d02e8663849b0662C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa8248218-9a79-11e4-82b1-fc15b402f146

Error: (01/12/2015 04:36:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.0.544254754d35mozalloc.dll34.0.0.5442547546498000000300001425fd801d02e8579913458C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll30d89587-9a79-11e4-82b1-fc15b402f146

Error: (01/12/2015 04:36:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.0.544254754d35mozalloc.dll34.0.0.5442547546498000000300001425109001d02e857d106342C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2f7a1684-9a79-11e4-82b1-fc15b402f146

Error: (01/11/2015 09:13:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29538125

Error: (01/11/2015 09:13:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29538125

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2810 @ 2.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3992.59 MB
Available physical RAM: 2522.3 MB
Total Pagefile: 4696.59 MB
Available Pagefile: 3194.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.79 GB) (Free:747.52 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.94 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 20F5551E)

Partition: GPT Partition Type.

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by paulj_000 (administrator) on PC on 13-01-2015 18:47:41
Running from C:\Users\paulj_000\Downloads
Loaded Profile: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ClickCaption) C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(smart-saverplus) C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-17] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [uTorrent] => C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-23] (BitTorrent Inc.)
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [TornTv Downloader] => C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [WindApp] => "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] => C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\MountPoints2: {47ae0b73-7caf-11e3-8259-806e6f6e6963} - "E:\start.exe"
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Bourne Supremacy.lnk
ShortcutTarget: The Bourne Supremacy.lnk -> C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}\The Bourne Supremacy.exe ()
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com...ast&type=agc511
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/r...=1391740327&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {317BA602-FAC3-4CFF-A620-41084D43A3CF} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga...q={searchTerms}
BHO: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default
FF DefaultSearchEngine: omiga-plus
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: omiga-plus
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF user.js: detected! => C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\user.js
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-10]
CHR Extension: (YouTube) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-10]
CHR Extension: (Google Search) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-10]
CHR Extension: (Google Wallet) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-10]
CHR Extension: (Gmail) - C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-10]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ccsvc_1.10.0.6; C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe [277584 2015-01-07] (ClickCaption)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2015-01-12] (RaMMicHaeL)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-12] () [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 Update innoApp; "C:\Program Files (x86)\innoApp\updateinnoApp.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-04] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccnfd_1_10_0_6; C:\Windows\System32\drivers\ccnfd_1_10_0_6.sys [58232 2015-01-07] (ClickCaption)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64; C:\Windows\System32\drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys [48792 2015-01-11] (StdLib)
R1 {7b92ebda-59e4-4459-a904-440931a40b95}Gw64; C:\Windows\System32\drivers\{7b92ebda-59e4-4459-a904-440931a40b95}Gw64.sys [48824 2014-12-10] (StdLib)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:47 - 2015-01-13 18:48 - 00028455 _____ () C:\Users\paulj_000\Downloads\FRST.txt
2015-01-13 18:44 - 2015-01-13 18:47 - 00000000 ____D () C:\FRST
2015-01-13 18:44 - 2015-01-13 18:44 - 02124288 _____ (Farbar) C:\Users\paulj_000\Downloads\FRST64.exe
2015-01-13 18:44 - 2015-01-13 18:44 - 00001149 _____ () C:\Users\paulj_000\Desktop\FRST64 - Shortcut.lnk
2015-01-12 22:01 - 2015-01-12 22:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-12 17:45 - 2015-01-12 17:45 - 00137762 _____ () C:\Users\paulj_000\Downloads\OTL.Txt
2015-01-12 17:45 - 2015-01-12 17:45 - 00137762 _____ () C:\Users\paulj_000\Desktop\OTL.Txt
2015-01-12 17:25 - 2015-01-12 17:25 - 00602112 _____ (OldTimer Tools) C:\Users\paulj_000\Downloads\OTL.exe
2015-01-12 16:59 - 2015-01-12 18:16 - 00000000 ____D () C:\Users\paulj_000\Downloads\The Bourne Supremacy (2004) [1080p]
2015-01-12 16:55 - 2015-01-12 16:55 - 00001666 _____ () C:\Users\paulj_000\Desktop\The Bourne Supremacy.lnk
2015-01-12 16:55 - 2015-01-12 16:55 - 00000000 ____D () C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
2015-01-12 16:49 - 2015-01-12 16:49 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Google
2015-01-12 16:46 - 2015-01-12 16:46 - 00002308 _____ () C:\Users\paulj_000\Desktop\Vosteran.lnk
2015-01-12 16:46 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-12 16:45 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Vosteran
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.6
2015-01-12 16:42 - 2015-01-12 16:42 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-12 16:42 - 2015-01-12 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-01-12 16:42 - 2015-01-12 16:42 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-01-12 16:38 - 2015-01-11 20:28 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-12 16:32 - 2015-01-12 16:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-11 09:43 - 2015-01-11 09:43 - 00000000 ____D () C:\Users\paulj_000\Downloads\The Hobbit Battle Of The Five Armies (2014) DVDScr x264 AAC [Mafia]
2015-01-07 19:04 - 2015-01-07 19:04 - 00058232 _____ (ClickCaption) C:\Windows\system32\Drivers\ccnfd_1_10_0_6.sys
2015-01-07 07:55 - 2015-01-07 07:56 - 00000000 ____D () C:\Users\paulj_000\Downloads\The.Drop.2014.WEB-DL.x264-RARBG
2014-12-28 14:05 - 2014-12-28 14:58 - 00000000 ____D () C:\Users\Sarah\Desktop\New folder
2014-12-28 12:25 - 2014-12-28 12:25 - 00000354 _____ () C:\Users\paulj_000\Desktop\All Control Panel Items - Shortcut.lnk
2014-12-23 13:15 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-23 13:14 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 18:48 - 2014-12-10 10:48 - 00005516 _____ () C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
2015-01-13 18:43 - 2014-11-26 08:10 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForpaulj_000.job
2015-01-13 18:43 - 2014-09-18 16:29 - 00003176 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForpaulj_000
2015-01-13 18:43 - 2014-05-06 13:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3242301468-3912853311-3031073808-1003
2015-01-13 18:42 - 2014-05-06 12:56 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{02818842-BFB5-4559-BA7D-2FE689C8B86C}
2015-01-13 18:42 - 2014-05-04 15:32 - 01164105 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 18:40 - 2014-12-10 10:25 - 00000000 ____D () C:\ProgramData\600440862
2015-01-13 18:40 - 2014-05-06 12:55 - 00000000 ____D () C:\Users\paulj_000
2015-01-13 18:38 - 2014-12-10 10:48 - 00001428 _____ () C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
2015-01-13 18:38 - 2014-12-10 10:47 - 00000630 _____ () C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
2015-01-13 18:38 - 2014-12-10 10:33 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-13 18:38 - 2014-05-06 13:04 - 00000000 __RDO () C:\Users\paulj_000\SkyDrive
2015-01-13 18:38 - 2014-05-04 15:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 18:38 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-13 00:01 - 2014-05-06 16:06 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\ClassicShell
2015-01-12 23:23 - 2014-05-05 09:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 23:20 - 2014-05-04 15:56 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-12 22:54 - 2014-05-04 15:57 - 00002268 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-12 22:52 - 2014-12-10 10:33 - 00000976 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-12 22:51 - 2014-11-15 08:11 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForSarah.job
2015-01-12 22:51 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 22:39 - 2014-05-04 16:19 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\ClassicShell
2015-01-12 22:39 - 2014-05-04 16:04 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\uTorrent
2015-01-12 22:39 - 2013-08-22 13:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-12 22:06 - 2014-05-04 15:41 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3242301468-3912853311-3031073808-1001
2015-01-12 22:01 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-12 22:01 - 2013-08-22 14:46 - 00025858 _____ () C:\Windows\setupact.log
2015-01-12 21:55 - 2014-11-15 08:11 - 00003152 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSarah
2015-01-12 21:49 - 2014-05-04 15:39 - 00000000 ___DO () C:\Users\Sarah\SkyDrive
2015-01-12 19:47 - 2014-05-10 07:39 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\uTorrent
2015-01-12 19:46 - 2014-05-06 16:04 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\vlc
2015-01-12 17:19 - 2014-12-10 10:50 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\wincheck
2015-01-12 17:15 - 2013-08-26 06:01 - 00032900 _____ () C:\Windows\PFRO.log
2015-01-12 16:49 - 2014-05-10 17:23 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Google
2015-01-12 16:44 - 2014-06-01 20:49 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-12 16:38 - 2013-08-22 13:25 - 00000226 _____ () C:\Windows\win.ini
2015-01-12 16:32 - 2014-06-01 20:49 - 00001400 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-12 16:32 - 2014-05-06 12:56 - 00001683 _____ () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 12:29 - 2014-05-05 18:40 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-12 12:29 - 2014-05-05 11:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-09 23:02 - 2014-05-04 15:36 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F986E634-3E42-4B80-80BA-BBC8DF9E2D1E}
2015-01-09 23:02 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-07 10:48 - 2014-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\SmartSaver+ 3
2014-12-28 14:23 - 2014-05-04 15:35 - 00000000 ____D () C:\Users\Sarah
2014-12-28 14:05 - 2013-08-26 06:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\paulj_000\AppData\Local\Temp\Runner2.exe
C:\Users\paulj_000\AppData\Local\Temp\Runner4.exe
C:\Users\paulj_000\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\paulj_000\AppData\Local\Temp\ttv.exe
C:\Users\paulj_000\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Sarah\AppData\Local\Temp\Extract.exe
C:\Users\Sarah\AppData\Local\Temp\Runner2.exe
C:\Users\Sarah\AppData\Local\Temp\Runner4.exe
C:\Users\Sarah\AppData\Local\Temp\SP64854.exe
C:\Users\Sarah\AppData\Local\Temp\SP65048.exe
C:\Users\Sarah\AppData\Local\Temp\SP65796.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-28 15:06

==================== End Of Log ============================

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-01-13 18:53:03
-----------------------------
18:53:03.198    OS Version: Windows x64 6.2.9200
18:53:03.198    Number of processors: 2 586 0x3703
18:53:03.201    ComputerName: PC UserName:
18:53:06.613    Initialize success
18:53:06.644    VM: initialized successfully
18:53:06.645    VM: outdated driver version !
18:53:09.832    AVAST engine defs: 15011302
18:54:08.870    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000027
18:54:08.875    Disk 0 Vendor: HGST_HTS541010A9E680 JA0OA590 Size: 953869MB BusType: 11
18:54:09.017    Disk 0 MBR read successfully
18:54:09.028    Disk 0 MBR scan
18:54:09.043    Disk 0 unknown MBR code
18:54:09.054    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
18:54:09.234    Disk 0 scanning C:\Windows\system32\drivers
18:54:20.611    Service scanning
18:54:50.658    Modules scanning
18:54:50.689    Disk 0 trace - called modules:
18:54:50.736    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
18:54:50.752    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00160dbd060]
18:54:50.768    3 CLASSPNP.SYS[fffff8018f4f127b] -> nt!IofCallDriver -> \Device\00000027[0xffffe0016093c3d0]
18:54:52.861    AVAST engine scan C:\Windows
18:54:59.674    AVAST engine scan C:\Windows\system32
18:57:33.254    AVAST engine scan C:\Windows\system32\drivers
18:57:54.369    AVAST engine scan C:\Users\paulj_000
18:58:15.311    File: C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5\dl[1].htm **INFECTED** Win32:Malware-gen
18:58:37.521    File: C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR\Setup[1].exe **INFECTED** Win32:Malware-gen
18:58:52.184    File: C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S\offerBLVD[1].exe **INFECTED** Win32:Evo-gen [Susp]
18:58:54.028    File: C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S\VOPackage[1].exe **INFECTED** Win32:Dropper-gen [Drp]
19:01:54.829    Disk 0 MBR has been saved successfully to "C:\Users\paulj_000\Desktop\MBR.dat"
19:01:54.844    The log file has been saved successfully to "C:\Users\paulj_000\Desktop\aswMBR.txt"

#4
Essexboy

Posted 13 January 2015 - 01:57 PM

GeekU Moderator

Retired Staff
69,964 posts

I am surprised that you got so much with unchecky installed

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [TornTv Downloader] => C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [WindApp] => "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] => C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/r...=1391740327&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {317BA602-FAC3-4CFF-A620-41084D43A3CF} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga...q={searchTerms}
BHO: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
BHO-x32: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
R2 ccsvc_1.10.0.6; C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe [277584 2015-01-07] (ClickCaption)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-12] () [File not signed]
S2 Update innoApp; "C:\Program Files (x86)\innoApp\updateinnoApp.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-01-12 16:55 - 2015-01-12 16:55 - 00000000 ____D () C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
2015-01-12 16:46 - 2015-01-12 16:46 - 00002308 _____ () C:\Users\paulj_000\Desktop\Vosteran.lnk
2015-01-12 16:46 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-12 16:45 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Vosteran
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.6
2015-01-12 16:38 - 2015-01-11 20:28 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-12 16:32 - 2015-01-12 16:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-13 18:48 - 2014-12-10 10:48 - 00005516 _____ () C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
2015-01-13 18:40 - 2014-12-10 10:25 - 00000000 ____D () C:\ProgramData\600440862
2015-01-13 18:38 - 2014-12-10 10:48 - 00001428 _____ () C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
2015-01-13 18:38 - 2014-12-10 10:47 - 00000630 _____ () C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
2015-01-13 18:38 - 2014-12-10 10:33 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-12 17:19 - 2014-12-10 10:50 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\wincheck
2015-01-07 10:48 - 2014-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\SmartSaver+ 3
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
Task: {1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-3 No Task File <==== ATTENTION
Task: {268F112E-9845-463C-8B57-FADC29CAA40D} - \temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} - System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {320F3221-60C5-4884-A293-8C73885263EE} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {46489D21-9C22-45B4-BB77-9B72F66D1517} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} - System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {846B4A26-6B5F-4608-B508-22B0AFE1A359} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-4 No Task File <==== ATTENTION
Task: {86F0C95D-D292-4252-B6A1-2CE66DEE8F73} - System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe [2014-12-10] () <==== ATTENTION
Task: {8C6AA687-9C8C-4475-8236-BD5E795C663D} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-6 No Task File <==== ATTENTION
Task: {B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {C290C1D1-8027-4164-9389-68D8229967D9} - \temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-3 No Task File <==== ATTENTION
Task: {D6736007-D034-4C1F-99EF-CAF4EA6B501B} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-4 No Task File <==== ATTENTION
Task: {DB24EB34-7116-4151-95F3-5D5C17F8BBEF} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-6 No Task File <==== ATTENTION
Task: {DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {E28A2191-A53A-431D-880F-C8BC0675AC1E} - System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => pcalua.exe -a C:\Users\paulj_000\Downloads\RA2_Yuri\CnC.exe -d C:\Users\paulj_000\Downloads\RA2_Yuri
Task: {F82BD733-EC80-496E-BCA3-8D06F0EF095F} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe <==== ATTENTION
Task: C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Users\paulj_000\AppData\Roaming\TornTV.com
C:\Users\paulj_000\AppData\Roaming\Store\WindApp
C:\Users\paulj_000\AppData\Local\Vosteran
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\ClickCaption_1.10.0.6
C:\Program Files (x86)\XTab
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\innoApp
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

#5
peejaygee

Posted 14 January 2015 - 05:41 PM

Member

Topic Starter
Member
39 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by paulj_000 at 2015-01-14 21:33:05 Run:1
Running from C:\Users\paulj_000\Downloads\FRST-OlderVersion
Loaded Profiles: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [TornTv Downloader] => C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [WindApp] => "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] => C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/r...=1391740327&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www. trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {317BA602-FAC3-4CFF-A620-41084D43A3CF} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga...q={searchTerms}
BHO: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
BHO-x32: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
R2 ccsvc_1.10.0.6; C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe [277584 2015-01-07] (ClickCaption)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-12] () [File not signed]
S2 Update innoApp; "C:\Program Files (x86)\innoApp\updateinnoApp.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-01-12 16:55 - 2015-01-12 16:55 - 00000000 ____D () C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
2015-01-12 16:46 - 2015-01-12 16:46 - 00002308 _____ () C:\Users\paulj_000\Desktop\Vosteran.lnk
2015-01-12 16:46 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-12 16:45 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Vosteran
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.6
2015-01-12 16:38 - 2015-01-11 20:28 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-12 16:32 - 2015-01-12 16:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-13 18:48 - 2014-12-10 10:48 - 00005516 _____ () C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
2015-01-13 18:40 - 2014-12-10 10:25 - 00000000 ____D () C:\ProgramData\600440862
2015-01-13 18:38 - 2014-12-10 10:48 - 00001428 _____ () C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
2015-01-13 18:38 - 2014-12-10 10:47 - 00000630 _____ () C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
2015-01-13 18:38 - 2014-12-10 10:33 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-12 17:19 - 2014-12-10 10:50 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\wincheck
2015-01-07 10:48 - 2014-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\SmartSaver+ 3
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
Task: {1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-3 No Task File <==== ATTENTION
Task: {268F112E-9845-463C-8B57-FADC29CAA40D} - \temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} - System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {320F3221-60C5-4884-A293-8C73885263EE} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {46489D21-9C22-45B4-BB77-9B72F66D1517} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} - System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {846B4A26-6B5F-4608-B508-22B0AFE1A359} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-4 No Task File <==== ATTENTION
Task: {86F0C95D-D292-4252-B6A1-2CE66DEE8F73} - System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe [2014-12-10] () <==== ATTENTION
Task: {8C6AA687-9C8C-4475-8236-BD5E795C663D} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-6 No Task File <==== ATTENTION
Task: {B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {C290C1D1-8027-4164-9389-68D8229967D9} - \temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-3 No Task File <==== ATTENTION
Task: {D6736007-D034-4C1F-99EF-CAF4EA6B501B} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-4 No Task File <==== ATTENTION
Task: {DB24EB34-7116-4151-95F3-5D5C17F8BBEF} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-6 No Task File <==== ATTENTION
Task: {DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {E28A2191-A53A-431D-880F-C8BC0675AC1E} - System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => pcalua.exe -a C:\Users\paulj_000\Downloads\RA2_Yuri\CnC.exe -d C:\Users\paulj_000\Downloads\RA2_Yuri
Task: {F82BD733-EC80-496E-BCA3-8D06F0EF095F} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe <==== ATTENTION
Task: C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Users\paulj_000\AppData\Roaming\TornTV.com
C:\Users\paulj_000\AppData\Roaming\Store\WindApp
C:\Users\paulj_000\AppData\Local\Vosteran
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\ClickCaption_1.10.0.6
C:\Program Files (x86)\XTab
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\innoApp
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\TornTv Downloader => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E => value deleted successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe => Moved successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{317BA602-FAC3-4CFF-A620-41084D43A3CF}" => Key deleted successfully.
HKCR\CLSID\{317BA602-FAC3-4CFF-A620-41084D43A3CF} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
ccsvc_1.10.0.6 => Unable to stop service
ccsvc_1.10.0.6 => Service deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
IHProtect Service => Unable to stop service
IHProtect Service => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
Update innoApp => Service deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
McProxy => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6} => Moved successfully.
C:\Users\paulj_000\Desktop\Vosteran.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran => Moved successfully.
C:\Users\paulj_000\AppData\Local\Vosteran => Moved successfully.
C:\Program Files (x86)\ClickCaption_1.10.0.6 => Moved successfully.
C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys => Moved successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => Moved successfully.
C:\ProgramData\600440862 => Moved successfully.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => Moved successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Users\paulj_000\AppData\Local\wincheck => Moved successfully.

"C:\Program Files (x86)\SmartSaver+ 3" directory move:

C:\Program Files (x86)\SmartSaver+ 3\1293297481.mxaddon => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\297b2f53-3c27-43e0-99e0-a1213b80b13a.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-64.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.xpi => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\background.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\bgNova.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\df54c2ac-cd3a-4222-ad89-60b41bc90e65.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Newtonsoft.Json.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bg.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3.ico => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Common.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Core.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Protocol.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Uninstall.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\utils.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\WebSocket4Net.dll => Moved successfully.
Could not move "C:\Program Files (x86)\SmartSaver+ 3" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5 => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
C:\Windows\System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9d6e54f1-3713-4659-ad7b-4bb73a34b094" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b940f593-482d-4fcc-b33f-4b8740b6572f-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
C:\Windows\System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8919c8e0-a140-4382-9e90-cdcd0849f7dd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance" => Key deleted successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job not found.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job not found.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.

"C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory move:

C:\Users\paulj_000\AppData\Roaming\TornTV.com\CMUtils.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\config.dat => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\fastresume.data => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.Dht.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\nodes.dht => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe.config => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTVSvc.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTvUpdater.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\uninst.exe => Moved successfully.
Could not move "C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Roaming\Store\WindApp => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Vosteran" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
"C:\Program Files (x86)\ClickCaption_1.10.0.6" => File/Directory not found.
"C:\Program Files (x86)\XTab" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Program Files (x86)\innoApp" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{5A34E2C8-C070-43DA-9C43-04A126F63AB7} canceled.
{48D47477-F130-4EF8-8771-6355A6606142} canceled.
{6945EF36-EDB2-4855-80AF-AC499B0CDFAC} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 14 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-14 21:39:17)<=

C:\Program Files (x86)\SmartSaver+ 3 => Is moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com => Is moved successfully.

==== End of Fixlog 21:39:17 ====

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by paulj_000 at 2015-01-14 21:33:05 Run:1
Running from C:\Users\paulj_000\Downloads\FRST-OlderVersion
Loaded Profiles: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [TornTv Downloader] => C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [WindApp] => "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] => C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/r...=1391740327&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {317BA602-FAC3-4CFF-A620-41084D43A3CF} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga...q={searchTerms}
BHO: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
BHO-x32: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
R2 ccsvc_1.10.0.6; C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe [277584 2015-01-07] (ClickCaption)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-12] () [File not signed]
S2 Update innoApp; "C:\Program Files (x86)\innoApp\updateinnoApp.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-01-12 16:55 - 2015-01-12 16:55 - 00000000 ____D () C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
2015-01-12 16:46 - 2015-01-12 16:46 - 00002308 _____ () C:\Users\paulj_000\Desktop\Vosteran.lnk
2015-01-12 16:46 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-12 16:45 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Vosteran
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.6
2015-01-12 16:38 - 2015-01-11 20:28 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-12 16:32 - 2015-01-12 16:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-13 18:48 - 2014-12-10 10:48 - 00005516 _____ () C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
2015-01-13 18:40 - 2014-12-10 10:25 - 00000000 ____D () C:\ProgramData\600440862
2015-01-13 18:38 - 2014-12-10 10:48 - 00001428 _____ () C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
2015-01-13 18:38 - 2014-12-10 10:47 - 00000630 _____ () C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
2015-01-13 18:38 - 2014-12-10 10:33 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-12 17:19 - 2014-12-10 10:50 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\wincheck
2015-01-07 10:48 - 2014-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\SmartSaver+ 3
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
Task: {1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-3 No Task File <==== ATTENTION
Task: {268F112E-9845-463C-8B57-FADC29CAA40D} - \temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} - System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {320F3221-60C5-4884-A293-8C73885263EE} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {46489D21-9C22-45B4-BB77-9B72F66D1517} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} - System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {846B4A26-6B5F-4608-B508-22B0AFE1A359} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-4 No Task File <==== ATTENTION
Task: {86F0C95D-D292-4252-B6A1-2CE66DEE8F73} - System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe [2014-12-10] () <==== ATTENTION
Task: {8C6AA687-9C8C-4475-8236-BD5E795C663D} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-6 No Task File <==== ATTENTION
Task: {B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {C290C1D1-8027-4164-9389-68D8229967D9} - \temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-3 No Task File <==== ATTENTION
Task: {D6736007-D034-4C1F-99EF-CAF4EA6B501B} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-4 No Task File <==== ATTENTION
Task: {DB24EB34-7116-4151-95F3-5D5C17F8BBEF} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-6 No Task File <==== ATTENTION
Task: {DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {E28A2191-A53A-431D-880F-C8BC0675AC1E} - System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => pcalua.exe -a C:\Users\paulj_000\Downloads\RA2_Yuri\CnC.exe -d C:\Users\paulj_000\Downloads\RA2_Yuri
Task: {F82BD733-EC80-496E-BCA3-8D06F0EF095F} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe <==== ATTENTION
Task: C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Users\paulj_000\AppData\Roaming\TornTV.com
C:\Users\paulj_000\AppData\Roaming\Store\WindApp
C:\Users\paulj_000\AppData\Local\Vosteran
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\ClickCaption_1.10.0.6
C:\Program Files (x86)\XTab
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\innoApp
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\TornTv Downloader => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E => value deleted successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe => Moved successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{317BA602-FAC3-4CFF-A620-41084D43A3CF}" => Key deleted successfully.
HKCR\CLSID\{317BA602-FAC3-4CFF-A620-41084D43A3CF} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
ccsvc_1.10.0.6 => Unable to stop service
ccsvc_1.10.0.6 => Service deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
IHProtect Service => Unable to stop service
IHProtect Service => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
Update innoApp => Service deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
McProxy => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6} => Moved successfully.
C:\Users\paulj_000\Desktop\Vosteran.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran => Moved successfully.
C:\Users\paulj_000\AppData\Local\Vosteran => Moved successfully.
C:\Program Files (x86)\ClickCaption_1.10.0.6 => Moved successfully.
C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys => Moved successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => Moved successfully.
C:\ProgramData\600440862 => Moved successfully.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => Moved successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Users\paulj_000\AppData\Local\wincheck => Moved successfully.

"C:\Program Files (x86)\SmartSaver+ 3" directory move:

C:\Program Files (x86)\SmartSaver+ 3\1293297481.mxaddon => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\297b2f53-3c27-43e0-99e0-a1213b80b13a.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-64.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.xpi => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\background.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\bgNova.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\df54c2ac-cd3a-4222-ad89-60b41bc90e65.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Newtonsoft.Json.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bg.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3.ico => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Common.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Core.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Protocol.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Uninstall.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\utils.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\WebSocket4Net.dll => Moved successfully.
Could not move "C:\Program Files (x86)\SmartSaver+ 3" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5 => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
C:\Windows\System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9d6e54f1-3713-4659-ad7b-4bb73a34b094" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b940f593-482d-4fcc-b33f-4b8740b6572f-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
C:\Windows\System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8919c8e0-a140-4382-9e90-cdcd0849f7dd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance" => Key deleted successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job not found.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job not found.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.

"C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory move:

C:\Users\paulj_000\AppData\Roaming\TornTV.com\CMUtils.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\config.dat => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\fastresume.data => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.Dht.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\nodes.dht => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe.config => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTVSvc.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTvUpdater.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\uninst.exe => Moved successfully.
Could not move "C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Roaming\Store\WindApp => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Vosteran" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
"C:\Program Files (x86)\ClickCaption_1.10.0.6" => File/Directory not found.
"C:\Program Files (x86)\XTab" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Program Files (x86)\innoApp" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{5A34E2C8-C070-43DA-9C43-04A126F63AB7} canceled.
{48D47477-F130-4EF8-8771-6355A6606142} canceled.
{6945EF36-EDB2-4855-80AF-AC499B0CDFAC} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 14 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-14 21:39:17)<=

C:\Program Files (x86)\SmartSaver+ 3 => Is moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com => Is moved successfully.

==== End of Fixlog 21:39:17 ====

#6
Essexboy

Posted 15 January 2015 - 08:22 AM

GeekU Moderator

Retired Staff
69,964 posts

Ooops two fixlogs .. Could you post the AdwCleaner log please and also let me know how the system is behaving

#7
peejaygee

Posted 15 January 2015 - 01:17 PM

Member

Topic Starter
Member
39 posts

It is currently worse than before. Crome fared slighly better than firefox as i finally managed to dl adwcleaner however my browsers are very unresponsive and also the curent page i am on at the time keeps being replaced with some ad.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by paulj_000 at 2015-01-14 21:33:05 Run:1
Running from C:\Users\paulj_000\Downloads\FRST-OlderVersion
Loaded Profiles: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [TornTv Downloader] => C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [WindApp] => "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] => C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/r...=1391740327&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {317BA602-FAC3-4CFF-A620-41084D43A3CF} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga...q={searchTerms}
BHO: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
BHO-x32: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
R2 ccsvc_1.10.0.6; C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe [277584 2015-01-07] (ClickCaption)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-12] () [File not signed]
S2 Update innoApp; "C:\Program Files (x86)\innoApp\updateinnoApp.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-01-12 16:55 - 2015-01-12 16:55 - 00000000 ____D () C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
2015-01-12 16:46 - 2015-01-12 16:46 - 00002308 _____ () C:\Users\paulj_000\Desktop\Vosteran.lnk
2015-01-12 16:46 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-12 16:45 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Vosteran
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.6
2015-01-12 16:38 - 2015-01-11 20:28 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-12 16:32 - 2015-01-12 16:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-13 18:48 - 2014-12-10 10:48 - 00005516 _____ () C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
2015-01-13 18:40 - 2014-12-10 10:25 - 00000000 ____D () C:\ProgramData\600440862
2015-01-13 18:38 - 2014-12-10 10:48 - 00001428 _____ () C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
2015-01-13 18:38 - 2014-12-10 10:47 - 00000630 _____ () C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
2015-01-13 18:38 - 2014-12-10 10:33 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-12 17:19 - 2014-12-10 10:50 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\wincheck
2015-01-07 10:48 - 2014-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\SmartSaver+ 3
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
Task: {1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-3 No Task File <==== ATTENTION
Task: {268F112E-9845-463C-8B57-FADC29CAA40D} - \temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} - System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {320F3221-60C5-4884-A293-8C73885263EE} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {46489D21-9C22-45B4-BB77-9B72F66D1517} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} - System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {846B4A26-6B5F-4608-B508-22B0AFE1A359} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-4 No Task File <==== ATTENTION
Task: {86F0C95D-D292-4252-B6A1-2CE66DEE8F73} - System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe [2014-12-10] () <==== ATTENTION
Task: {8C6AA687-9C8C-4475-8236-BD5E795C663D} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-6 No Task File <==== ATTENTION
Task: {B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {C290C1D1-8027-4164-9389-68D8229967D9} - \temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-3 No Task File <==== ATTENTION
Task: {D6736007-D034-4C1F-99EF-CAF4EA6B501B} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-4 No Task File <==== ATTENTION
Task: {DB24EB34-7116-4151-95F3-5D5C17F8BBEF} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-6 No Task File <==== ATTENTION
Task: {DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {E28A2191-A53A-431D-880F-C8BC0675AC1E} - System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => pcalua.exe -a C:\Users\paulj_000\Downloads\RA2_Yuri\CnC.exe -d C:\Users\paulj_000\Downloads\RA2_Yuri
Task: {F82BD733-EC80-496E-BCA3-8D06F0EF095F} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe <==== ATTENTION
Task: C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Users\paulj_000\AppData\Roaming\TornTV.com
C:\Users\paulj_000\AppData\Roaming\Store\WindApp
C:\Users\paulj_000\AppData\Local\Vosteran
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\ClickCaption_1.10.0.6
C:\Program Files (x86)\XTab
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\innoApp
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\TornTv Downloader => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E => value deleted successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe => Moved successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{317BA602-FAC3-4CFF-A620-41084D43A3CF}" => Key deleted successfully.
HKCR\CLSID\{317BA602-FAC3-4CFF-A620-41084D43A3CF} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
ccsvc_1.10.0.6 => Unable to stop service
ccsvc_1.10.0.6 => Service deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
IHProtect Service => Unable to stop service
IHProtect Service => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
Update innoApp => Service deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
McProxy => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6} => Moved successfully.
C:\Users\paulj_000\Desktop\Vosteran.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran => Moved successfully.
C:\Users\paulj_000\AppData\Local\Vosteran => Moved successfully.
C:\Program Files (x86)\ClickCaption_1.10.0.6 => Moved successfully.
C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys => Moved successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => Moved successfully.
C:\ProgramData\600440862 => Moved successfully.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => Moved successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Users\paulj_000\AppData\Local\wincheck => Moved successfully.

"C:\Program Files (x86)\SmartSaver+ 3" directory move:

C:\Program Files (x86)\SmartSaver+ 3\1293297481.mxaddon => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\297b2f53-3c27-43e0-99e0-a1213b80b13a.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-64.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.xpi => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\background.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\bgNova.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\df54c2ac-cd3a-4222-ad89-60b41bc90e65.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Newtonsoft.Json.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bg.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3.ico => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Common.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Core.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Protocol.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Uninstall.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\utils.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\WebSocket4Net.dll => Moved successfully.
Could not move "C:\Program Files (x86)\SmartSaver+ 3" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5 => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
C:\Windows\System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9d6e54f1-3713-4659-ad7b-4bb73a34b094" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b940f593-482d-4fcc-b33f-4b8740b6572f-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
C:\Windows\System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8919c8e0-a140-4382-9e90-cdcd0849f7dd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance" => Key deleted successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job not found.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job not found.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.

"C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory move:

C:\Users\paulj_000\AppData\Roaming\TornTV.com\CMUtils.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\config.dat => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\fastresume.data => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.Dht.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\nodes.dht => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe.config => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTVSvc.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTvUpdater.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\uninst.exe => Moved successfully.
Could not move "C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Roaming\Store\WindApp => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Vosteran" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
"C:\Program Files (x86)\ClickCaption_1.10.0.6" => File/Directory not found.
"C:\Program Files (x86)\XTab" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Program Files (x86)\innoApp" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{5A34E2C8-C070-43DA-9C43-04A126F63AB7} canceled.
{48D47477-F130-4EF8-8771-6355A6606142} canceled.
{6945EF36-EDB2-4855-80AF-AC499B0CDFAC} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 14 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-14 21:39:17)<=

C:\Program Files (x86)\SmartSaver+ 3 => Is moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com => Is moved successfully.

==== End of Fixlog 21:39:17 ====

#8
Essexboy

Posted 15 January 2015 - 01:24 PM

GeekU Moderator

Retired Staff
69,964 posts

Could I have a fresh FRST scan please

#9
peejaygee

Posted 15 January 2015 - 03:55 PM

Member

Topic Starter
Member
39 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by paulj_000 at 2015-01-15 21:37:16 Run:2
Running from C:\Users\paulj_000\Downloads\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [TornTv Downloader] => C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [WindApp] => "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] => C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/r...=1391740327&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {317BA602-FAC3-4CFF-A620-41084D43A3CF} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga...q={searchTerms}
BHO: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
BHO-x32: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
R2 ccsvc_1.10.0.6; C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe [277584 2015-01-07] (ClickCaption)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-12] () [File not signed]
S2 Update innoApp; "C:\Program Files (x86)\innoApp\updateinnoApp.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-01-12 16:55 - 2015-01-12 16:55 - 00000000 ____D () C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
2015-01-12 16:46 - 2015-01-12 16:46 - 00002308 _____ () C:\Users\paulj_000\Desktop\Vosteran.lnk
2015-01-12 16:46 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-12 16:45 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Vosteran
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.6
2015-01-12 16:38 - 2015-01-11 20:28 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-12 16:32 - 2015-01-12 16:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-13 18:48 - 2014-12-10 10:48 - 00005516 _____ () C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
2015-01-13 18:40 - 2014-12-10 10:25 - 00000000 ____D () C:\ProgramData\600440862
2015-01-13 18:38 - 2014-12-10 10:48 - 00001428 _____ () C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
2015-01-13 18:38 - 2014-12-10 10:47 - 00000630 _____ () C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
2015-01-13 18:38 - 2014-12-10 10:33 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-12 17:19 - 2014-12-10 10:50 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\wincheck
2015-01-07 10:48 - 2014-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\SmartSaver+ 3
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
Task: {1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-3 No Task File <==== ATTENTION
Task: {268F112E-9845-463C-8B57-FADC29CAA40D} - \temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} - System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {320F3221-60C5-4884-A293-8C73885263EE} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {46489D21-9C22-45B4-BB77-9B72F66D1517} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} - System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {846B4A26-6B5F-4608-B508-22B0AFE1A359} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-4 No Task File <==== ATTENTION
Task: {86F0C95D-D292-4252-B6A1-2CE66DEE8F73} - System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe [2014-12-10] () <==== ATTENTION
Task: {8C6AA687-9C8C-4475-8236-BD5E795C663D} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-6 No Task File <==== ATTENTION
Task: {B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {C290C1D1-8027-4164-9389-68D8229967D9} - \temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-3 No Task File <==== ATTENTION
Task: {D6736007-D034-4C1F-99EF-CAF4EA6B501B} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-4 No Task File <==== ATTENTION
Task: {DB24EB34-7116-4151-95F3-5D5C17F8BBEF} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-6 No Task File <==== ATTENTION
Task: {DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {E28A2191-A53A-431D-880F-C8BC0675AC1E} - System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => pcalua.exe -a C:\Users\paulj_000\Downloads\RA2_Yuri\CnC.exe -d C:\Users\paulj_000\Downloads\RA2_Yuri
Task: {F82BD733-EC80-496E-BCA3-8D06F0EF095F} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe <==== ATTENTION
Task: C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Users\paulj_000\AppData\Roaming\TornTV.com
C:\Users\paulj_000\AppData\Roaming\Store\WindApp
C:\Users\paulj_000\AppData\Local\Vosteran
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\ClickCaption_1.10.0.6
C:\Program Files (x86)\XTab
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\innoApp
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\TornTv Downloader => Value not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => Value not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E => Value not found.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk not found.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk not found.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk not found.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{317BA602-FAC3-4CFF-A620-41084D43A3CF} => Key not found.
HKCR\CLSID\{317BA602-FAC3-4CFF-A620-41084D43A3CF} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106} => Key not found.
HKCR\CLSID\{11111111-1111-1111-1111-110611181106} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106} => Key not found.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611181106} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 => Key not found.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 => Key not found.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
"C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml" => not found.
"C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml" => not found.
"C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml" => not found.
"C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml" => not found.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => Key not found.
ccsvc_1.10.0.6 => Service not found.
globalUpdate => Service not found.
globalUpdatem => Service not found.
IHProtect Service => Service not found.
WindowsMangerProtect => Service not found.
Update innoApp => Service not found.
McAPExe => Service not found.
McMPFSvc => Service not found.
McNaiAnn => Service not found.
mcpltsvc => Service not found.
McProxy => Service not found.
mfecore => Service not found.
MSK80Service => Service not found.
"C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}" => File/Directory not found.
"C:\Users\paulj_000\Desktop\Vosteran.lnk" => File/Directory not found.
"C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran" => File/Directory not found.
"C:\Users\paulj_000\AppData\Local\Vosteran" => File/Directory not found.
"C:\Program Files (x86)\ClickCaption_1.10.0.6" => File/Directory not found.
"C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys" => File/Directory not found.
"C:\ProgramData\IHProtectUpDate" => File/Directory not found.
"C:\Program Files (x86)\XTab" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job" => File/Directory not found.
"C:\ProgramData\600440862" => File/Directory not found.
"C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job" => File/Directory not found.
"C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job" => File/Directory not found.
"C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job" => File/Directory not found.
"C:\Users\paulj_000\AppData\Local\wincheck" => File/Directory not found.
"C:\Program Files (x86)\SmartSaver+ 3" => File/Directory not found.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5" => File/Directory not found.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR" => File/Directory not found.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S" => File/Directory not found.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-3 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{268F112E-9845-463C-8B57-FADC29CAA40D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} => Key not found.
C:\Windows\System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} => Key not found.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320F3221-60C5-4884-A293-8C73885263EE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46489D21-9C22-45B4-BB77-9B72F66D1517} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-7 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} => Key not found.
C:\Windows\System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846B4A26-6B5F-4608-B508-22B0AFE1A359} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-4 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73} => Key not found.
C:\Windows\System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8919c8e0-a140-4382-9e90-cdcd0849f7dd => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6AA687-9C8C-4475-8236-BD5E795C663D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-6 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} => Key not found.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C290C1D1-8027-4164-9389-68D8229967D9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-3 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6736007-D034-4C1F-99EF-CAF4EA6B501B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-4 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-6 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-7 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28A2191-A53A-431D-880F-C8BC0675AC1E} => Key not found.
C:\Windows\System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82BD733-EC80-496E-BCA3-8D06F0EF095F} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance => Key not found.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job not found.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job not found.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job not found.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job not found.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key not found.
"C:\Users\paulj_000\AppData\Roaming\TornTV.com" => File/Directory not found.
"C:\Users\paulj_000\AppData\Roaming\Store\WindApp" => File/Directory not found.
"C:\Users\paulj_000\AppData\Local\Vosteran" => File/Directory not found.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
"C:\Program Files (x86)\ClickCaption_1.10.0.6" => File/Directory not found.
"C:\Program Files (x86)\XTab" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Program Files (x86)\innoApp" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 195.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 21:39:04 ====

#10
Essexboy

Posted 15 January 2015 - 04:01 PM

GeekU Moderator

Retired Staff
69,964 posts

That was the fixlog I am afraid

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#11
peejaygee

Posted 17 January 2015 - 03:40 AM

Member

Topic Starter
Member
39 posts

It is taking forever. I left it running all night and it has still not fnished.

#12
Essexboy

Posted 17 January 2015 - 07:40 AM

GeekU Moderator

Retired Staff
69,964 posts

OK stop FRST .. There should be a fixlog on the desktop could you post that

#13
peejaygee

Posted 17 January 2015 - 03:40 PM

Member

Topic Starter
Member
39 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by paulj_000 at 2015-01-14 21:33:05 Run:1
Running from C:\Users\paulj_000\Downloads\FRST-OlderVersion
Loaded Profiles: paulj_000 (Available profiles: Sarah & paulj_000 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [TornTv Downloader] => C:\Users\paulj_000\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [WindApp] => "C:\Users\paulj_000\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Run: [GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E] => C:\Users\paulj_000\AppData\Local\Vosteran\Application\vosteran.exe [1014272 2014-11-06] ()
Startup: C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk
ShortcutTarget: TornTvDownloader.lnk -> C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1345008057&ir=
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...102TK3LP2TK3LPX
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Taplika.com/r...=1391740327&ir=
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {317BA602-FAC3-4CFF-A620-41084D43A3CF} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://vosteran.com/...=1345008057&ir=
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3242301468-3912853311-3031073808-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://isearch.omiga...q={searchTerms}
BHO: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll (smart-saverplus)
BHO-x32: SmartSaver+ 3 -> {11111111-1111-1111-1111-110611181106} -> C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll (smart-saverplus)
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: FF Toolbar - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
R2 ccsvc_1.10.0.6; C:\Program Files (x86)\ClickCaption_1.10.0.6\Service\ccsvc.exe [277584 2015-01-07] (ClickCaption)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-10] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-12] () [File not signed]
S2 Update innoApp; "C:\Program Files (x86)\innoApp\updateinnoApp.exe" [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
2015-01-12 16:55 - 2015-01-12 16:55 - 00000000 ____D () C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6}
2015-01-12 16:46 - 2015-01-12 16:46 - 00002308 _____ () C:\Users\paulj_000\Desktop\Vosteran.lnk
2015-01-12 16:46 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2015-01-12 16:45 - 2015-01-12 16:46 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\Vosteran
2015-01-12 16:43 - 2015-01-12 16:43 - 00000000 ____D () C:\Program Files (x86)\ClickCaption_1.10.0.6
2015-01-12 16:38 - 2015-01-11 20:28 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-12 16:33 - 2015-01-12 16:33 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-12 16:32 - 2015-01-12 16:32 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-13 18:48 - 2014-12-10 10:48 - 00005516 _____ () C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job
2015-01-13 18:40 - 2014-12-10 10:25 - 00000000 ____D () C:\ProgramData\600440862
2015-01-13 18:38 - 2014-12-10 10:48 - 00001428 _____ () C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job
2015-01-13 18:38 - 2014-12-10 10:47 - 00000630 _____ () C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job
2015-01-13 18:38 - 2014-12-10 10:33 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-12 17:19 - 2014-12-10 10:50 - 00000000 ____D () C:\Users\paulj_000\AppData\Local\wincheck
2015-01-07 10:48 - 2014-12-10 10:47 - 00000000 ____D () C:\Program Files (x86)\SmartSaver+ 3
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S
Task: {1430B5CB-9168-43CA-BCF3-1B8E4021E2CE} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-3 No Task File <==== ATTENTION
Task: {268F112E-9845-463C-8B57-FADC29CAA40D} - \temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69} - System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {320F3221-60C5-4884-A293-8C73885263EE} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {46489D21-9C22-45B4-BB77-9B72F66D1517} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-7 No Task File <==== ATTENTION
Task: {5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9} - System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe [2014-12-10] (smart-saverplus) <==== ATTENTION
Task: {846B4A26-6B5F-4608-B508-22B0AFE1A359} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-4 No Task File <==== ATTENTION
Task: {86F0C95D-D292-4252-B6A1-2CE66DEE8F73} - System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe [2014-12-10] () <==== ATTENTION
Task: {8C6AA687-9C8C-4475-8236-BD5E795C663D} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-6 No Task File <==== ATTENTION
Task: {B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-10] (globalUpdate) <==== ATTENTION
Task: {C290C1D1-8027-4164-9389-68D8229967D9} - \temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-3 No Task File <==== ATTENTION
Task: {D6736007-D034-4C1F-99EF-CAF4EA6B501B} - \ada83cfd-5ef3-4064-a75e-640321c9eafb-4 No Task File <==== ATTENTION
Task: {DB24EB34-7116-4151-95F3-5D5C17F8BBEF} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-6 No Task File <==== ATTENTION
Task: {DC86D406-6D74-4F1C-9D14-E6E66D80AD9B} - \d71a77cf-58c7-4391-af6b-052d6a49ce04-7 No Task File <==== ATTENTION
Task: {E28A2191-A53A-431D-880F-C8BC0675AC1E} - System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => pcalua.exe -a C:\Users\paulj_000\Downloads\RA2_Yuri\CnC.exe -d C:\Users\paulj_000\Downloads\RA2_Yuri
Task: {F82BD733-EC80-496E-BCA3-8D06F0EF095F} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe <==== ATTENTION
Task: C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Users\paulj_000\AppData\Roaming\TornTV.com
C:\Users\paulj_000\AppData\Roaming\Store\WindApp
C:\Users\paulj_000\AppData\Local\Vosteran
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\ClickCaption_1.10.0.6
C:\Program Files (x86)\XTab
C:\ProgramData\WindowsMangerProtect
C:\Program Files (x86)\innoApp
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\TornTv Downloader => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value deleted successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_B7A120FA3627636CE6EE4BF233B3D92E => value deleted successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe => Moved successfully.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe not found.
C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Local\WeatherAlerts\WeatherAlerts.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{317BA602-FAC3-4CFF-A620-41084D43A3CF}" => Key deleted successfully.
HKCR\CLSID\{317BA602-FAC3-4CFF-A620-41084D43A3CF} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611181106}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Taplika.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\trovi-search.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\searchplugins\Vosteran.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Mozilla\Firefox\Profiles\f7t4qr94.default\Extensions\[email protected] => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKU\S-1-5-21-3242301468-3912853311-3031073808-1003\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key deleted successfully.
ccsvc_1.10.0.6 => Unable to stop service
ccsvc_1.10.0.6 => Service deleted successfully.
globalUpdate => Service deleted successfully.
globalUpdatem => Service deleted successfully.
IHProtect Service => Unable to stop service
IHProtect Service => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
Update innoApp => Service deleted successfully.
McAPExe => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
McProxy => Service deleted successfully.
mfecore => Service deleted successfully.
MSK80Service => Service deleted successfully.
C:\ProgramData\{87ae3b2d-9a8a-8a8f-87ae-e3b2d9a8ecb6} => Moved successfully.
C:\Users\paulj_000\Desktop\Vosteran.lnk => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran => Moved successfully.
C:\Users\paulj_000\AppData\Local\Vosteran => Moved successfully.
C:\Program Files (x86)\ClickCaption_1.10.0.6 => Moved successfully.
C:\Windows\system32\Drivers\{11ae8de1-edc8-48db-89f9-6fe01ea64977}Gw64.sys => Moved successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job => Moved successfully.
C:\ProgramData\600440862 => Moved successfully.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job => Moved successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Users\paulj_000\AppData\Local\wincheck => Moved successfully.

"C:\Program Files (x86)\SmartSaver+ 3" directory move:

C:\Program Files (x86)\SmartSaver+ 3\1293297481.mxaddon => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\1b642514-ef45-4947-9792-90666fe58766.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\297b2f53-3c27-43e0-99e0-a1213b80b13a.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\8919c8e0-a140-4382-9e90-cdcd0849f7dd.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\9d6e54f1-3713-4659-ad7b-4bb73a34b094.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-6.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f-64.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\b940f593-482d-4fcc-b33f-4b8740b6572f.xpi => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\background.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\bgNova.html => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\df54c2ac-cd3a-4222-ad89-60b41bc90e65.crx => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Newtonsoft.Json.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bg.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3-bho64.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SmartSaver+ 3.ico => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Common.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Core.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\SuperSocket.ClientEngine.Protocol.dll => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\Uninstall.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\utils.exe => Moved successfully.
C:\Program Files (x86)\SmartSaver+ 3\WebSocket4Net.dll => Moved successfully.
Could not move "C:\Program Files (x86)\SmartSaver+ 3" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\66LQV3D5 => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\IIPSTRUR => Moved successfully.
C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Microsoft\Windows\INetCache\IE\QO27PZ2S" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1430B5CB-9168-43CA-BCF3-1B8E4021E2CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{268F112E-9845-463C-8B57-FADC29CAA40D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A8F02CB-8BDD-45C3-B2EA-DC4A4E3C2F69}" => Key deleted successfully.
C:\Windows\System32\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9d6e54f1-3713-4659-ad7b-4bb73a34b094" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFAF7FE-2ED8-4B11-9A27-BF8D69DFF8EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320F3221-60C5-4884-A293-8C73885263EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46489D21-9C22-45B4-BB77-9B72F66D1517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7C57B7-BB07-44D4-8CAC-3A35FB39D9E9}" => Key deleted successfully.
C:\Windows\System32\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b940f593-482d-4fcc-b33f-4b8740b6572f-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846B4A26-6B5F-4608-B508-22B0AFE1A359}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F0C95D-D292-4252-B6A1-2CE66DEE8F73}" => Key deleted successfully.
C:\Windows\System32\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8919c8e0-a140-4382-9e90-cdcd0849f7dd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6AA687-9C8C-4475-8236-BD5E795C663D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B51A3326-2A90-4B5C-A45D-A1FF8CAFB3A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C290C1D1-8027-4164-9389-68D8229967D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14F5AF3-9838-4C4A-8CEC-7B4E1B9B8B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6736007-D034-4C1F-99EF-CAF4EA6B501B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ada83cfd-5ef3-4064-a75e-640321c9eafb-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB24EB34-7116-4151-95F3-5D5C17F8BBEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC86D406-6D74-4F1C-9D14-E6E66D80AD9B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d71a77cf-58c7-4391-af6b-052d6a49ce04-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28A2191-A53A-431D-880F-C8BC0675AC1E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DFF59B0-1187-4C7B-8529-8CEA2A1DCB10}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F82BD733-EC80-496E-BCA3-8D06F0EF095F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance" => Key deleted successfully.
C:\Windows\Tasks\8919c8e0-a140-4382-9e90-cdcd0849f7dd.job not found.
C:\Windows\Tasks\9d6e54f1-3713-4659-ad7b-4bb73a34b094.job not found.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-5_user.job => Moved successfully.
C:\Windows\Tasks\b940f593-482d-4fcc-b33f-4b8740b6572f-6.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.

"C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory move:

C:\Users\paulj_000\AppData\Roaming\TornTV.com\CMUtils.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\config.dat => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\fastresume.data => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\Interop.IWshRuntimeLibrary.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.Dht.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\MonoTorrent.dll => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\nodes.dht => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTV Downloader.exe.config => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTVSvc.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\TornTvUpdater.exe => Moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com\uninst.exe => Moved successfully.
Could not move "C:\Users\paulj_000\AppData\Roaming\TornTV.com" directory. => Scheduled to move on reboot.

C:\Users\paulj_000\AppData\Roaming\Store\WindApp => Moved successfully.
"C:\Users\paulj_000\AppData\Local\Vosteran" => File/Directory not found.
C:\Program Files (x86)\globalUpdate => Moved successfully.
"C:\Program Files (x86)\ClickCaption_1.10.0.6" => File/Directory not found.
"C:\Program Files (x86)\XTab" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Program Files (x86)\innoApp" => File/Directory not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{5A34E2C8-C070-43DA-9C43-04A126F63AB7} canceled.
{48D47477-F130-4EF8-8771-6355A6606142} canceled.
{6945EF36-EDB2-4855-80AF-AC499B0CDFAC} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 14 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-14 21:39:17)<=

C:\Program Files (x86)\SmartSaver+ 3 => Is moved successfully.
C:\Users\paulj_000\AppData\Roaming\TornTV.com => Is moved successfully.

==== End of Fixlog 21:39:17 ====

#14
Essexboy

Posted 17 January 2015 - 03:51 PM

GeekU Moderator

Retired Staff
69,964 posts

There should be an improvement now

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

#15
peejaygee

Posted 17 January 2015 - 04:39 PM

Member

Topic Starter
Member
39 posts

# AdwCleaner v4.108 - Report created 17/01/2015 at 22:33:01
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : paulj_000 - PC
# Running from : C:\Users\paulj_000\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0 (x86 en-US)

-\\ Google Chrome v39.0.2171.99

[C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_idaddy1_15_03&cd=2XzuyEtN2Y1L1Qzu0F0CtCyD0ByEtDtB0FtCyEyCyDtBtDzytN0D0Tzu0StCtCtDyBtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1Q1T1Q1Q2UtCtN1L1G1B1V1N2Y1L1Qzu2SyB0CzzyEzz0CyE0CtGtBtB0A0CtGtDtBzzyDtGyB0AzytCtGyEtC0DyEyEyEyE0AyC0DyCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0DyByEtCtByDtGyD0CtBtBtGyE0BtC0AtG0AyEyDtCtGyByB0DtDtCyB0A0DtAzztDyE2Q&cr=1391740327&ir=

*************************

AdwCleaner[R0].txt - [12644 octets] - [09/06/2014 16:43:00]
AdwCleaner[R1].txt - [282 octets] - [14/01/2015 23:14:46]
AdwCleaner[R2].txt - [28474 octets] - [14/01/2015 23:24:44]
AdwCleaner[R3].txt - [1727 octets] - [17/01/2015 22:26:09]
AdwCleaner[S0].txt - [11385 octets] - [09/06/2014 17:32:37]
AdwCleaner[S1].txt - [29396 octets] - [14/01/2015 23:30:40]
AdwCleaner[S2].txt - [1652 octets] - [17/01/2015 22:33:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1712 octets] ##########