Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My pc infected by cinemaplus 3.2c or may be many more malware [Solved]

cinemaplus3.2c luckysearches.com ad popups

  • This topic is locked This topic is locked

#1
NK sharma

NK sharma

    Member

  • Member
  • PipPip
  • 14 posts

My pc got infected by  virus/malware due to downloading of some software from some sites. Now whenever I open my chrome/IE/Mozilla firefox browser it automatically open the page "luckysearches.com". I tried my best to remove it from chrome by going into settings, by changing startup page, search engine etc. but not succeeded. Now whenever I open any site too many ads pop up window automatically apperars and when ever I click on that site   to write or to open some section generally another new tab get open of some ad site or any other site , I have to close that Tab . Every time too many pop windows of ads or porn specially of "cinemaplus3.2c" get open and it become very difficult to work on internetarrow-10x10.png. I am attaching FRST LOG  reports.  Please help me to resolve my problem.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2015
Ran by admin (administrator) on ADMIN-PC on 11-04-2015 23:31:10
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\SCSECSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\BDSSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\EMLPROXY.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\OPSSVC.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\QUHLPSVC.EXE
() C:\Program Files\WajaWebEnhancer\wajam.exe
() C:\Program Files\WajaWebEnhancer\wajam.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANWSCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Internet Security\ONLINENT.EXE
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Internet Security\strtupap.exe [172664 2014-07-31] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-10-23] (Nero AG)
Lsa: [Notification Packages] scecli ScSecAuth
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysear...0418AS_9VMMEMT4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysear...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysear...0418AS_9VMMEMT4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysear...q={searchTerms}
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysear...0418AS_9VMMEMT4
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysear...0418AS_9VMMEMT4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-815915496-1986768213-1316658355-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-815915496-1986768213-1316658355-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Air Globe 1.0.0.7 -> {4c54ce3d-6b7d-4f21-9e69-200632a98540} -> C:\Program Files\Air Globe\AirGlobebho.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Tcpip\..\Interfaces\{CCAB7179-E8C7-4C5F-AEF8-015935000EB6}: [NameServer] 218.248.255.195,218.248.255.196
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysear...0418AS_9VMMEMT4
 
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default
FF DefaultSearchEngine: luckysearches
FF SelectedSearchEngine: luckysearches
FF Homepage: hxxp://www.luckysearches.com/?type=hp&ts=1428228820&from=2sq&uid=ST3320418AS_9VMMEMT4
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-26] (Google Inc.)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\user.js [2015-04-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\luckysearches.xml [2015-04-05]
FF Extension: SavePass 1.1 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] [2015-04-05]
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] [2015-04-09]
FF Extension: CinemaP-1.8cV05.04 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] [2015-04-05]
FF Extension: Air Globe 1.0.1 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\{21d3b30d-5feb-4224-9a1d-01f7d9334705}.xpi [2015-04-05]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.luckysear...0418AS_9VMMEMT4
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.co.in/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-26]
CHR Extension: (Air Globe) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlaeckbnhecoafejllmoellpjnfcldi [2015-04-06]
CHR Extension: (SavePass 1.1) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-04-05]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-26]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-26]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-26]
CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-26]
CHR Extension: (Google Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-26]
CHR Extension: (CinemaP-1.8cV05.04) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-04-05]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-26]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.luckysear...0418AS_9VMMEMT4
 
Opera: 
=======
OPR Extension: (SavePass 1.1) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-04-05]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Internet Security\bdssvc.exe [25720 2014-06-06] (Quick Heal Technologies (P) Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Internet Security\EMLPROXY.EXE [34424 2014-12-16] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE [214648 2014-12-16] (Quick Heal Technologies (P) Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Internet Security\SAPISSVC.EXE [214648 2014-12-16] (Quick Heal Technologies (P) Ltd.)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Internet Security\opssvc.exe [30328 2014-12-16] (Quick Heal Technologies (P) Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Internet Security\quhlpsvc.exe [127608 2014-08-30] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANWSCS.EXE [257352 2014-09-25] (Quick Heal Technologies (P) Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Internet Security\ScSecSvc.exe [415352 2015-03-26] (Quick Heal Technologies (P) Ltd.)
R2 Wajam Web Enhancer; C:\Program Files\WajaWebEnhancer\wajam.exe [1349632 2015-03-19] () [File not signed] <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S2 Update Air Globe; "C:\Program Files\Air Globe\updateAirGlobe.exe" [X]
S2 Util Air Globe; "C:\Program Files\Air Globe\bin\utilAirGlobe.exe" [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [229480 2014-08-09] (Quick Heal Technologies (P) Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [21096 2014-09-12] (Quick Heal Technologies (P) Ltd.)
R1 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [43240 2015-03-26] (Quick Heal Technologies (P) Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [67688 2014-09-12] (Quick Heal Technologies (P) Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [32360 2014-06-06] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [60520 2014-08-27] (Quick Heal Technologies (P) Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [58728 2014-06-06] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [34792 2014-09-12] (Quick Heal Technologies (P) Ltd.)
R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2003-10-28] (Sonic Solutions) [File not signed]
R2 webssx; C:\Windows\System32\DRIVERS\webssx.sys [47720 2014-10-16] (Quick Heal Technologies (P) Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [65128 2014-08-19] (Quick Heal Technologies (P) Ltd.)
R1 {21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw; C:\Windows\System32\drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys [43144 2015-04-04] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-11 23:31 - 2015-04-11 23:31 - 00015329 _____ () C:\Users\admin\Desktop\FRST.txt
2015-04-11 23:29 - 2015-04-11 23:31 - 00000000 ____D () C:\FRST
2015-04-11 23:27 - 2015-04-11 23:28 - 01135104 _____ (Farbar) C:\Users\admin\Desktop\FRST.exe
2015-04-11 22:54 - 2015-04-11 22:54 - 00000000 ___HD () C:\Users\admin\ScStore
2015-04-10 14:33 - 2015-04-10 14:34 - 00011455 _____ () C:\Users\admin\Desktop\road.xlsx
2015-04-06 11:45 - 2015-04-06 11:45 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2015-04-05 16:23 - 2015-04-06 23:07 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-05 15:55 - 2015-04-05 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD Drawing Viewer
2015-04-05 15:55 - 2015-04-05 15:55 - 00000000 ____D () C:\Program Files\AutoCAD Drawing Viewer
2015-04-05 15:55 - 2013-06-29 07:12 - 14878208 _____ (SkySoft) C:\Windows\system32\DWGTOPDFX.dll
2015-04-05 15:55 - 2013-06-27 08:05 - 18019840 _____ (SkySoft) C:\Windows\system32\dwgviewx.dll
2015-04-05 15:55 - 2012-06-11 14:18 - 03907640 _____ () C:\Windows\system32\gsdll32.dll
2015-04-05 15:55 - 2012-06-11 14:16 - 01706800 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2015-04-05 15:55 - 2012-04-05 10:44 - 00000139 _____ () C:\Windows\system32\AutoDWG.lic
2015-04-05 15:55 - 2011-06-11 01:58 - 04397384 _____ (Microsoft Corporation) C:\Windows\system32\mfc100.dll
2015-04-05 15:55 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2015-04-05 15:55 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2015-04-05 15:55 - 2011-06-11 01:58 - 00138056 _____ (Microsoft Corporation) C:\Windows\system32\atl100.dll
2015-04-05 15:43 - 2015-04-04 17:29 - 00043144 _____ (StdLib) C:\Windows\system32\Drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys
2015-04-05 15:39 - 2015-04-11 22:54 - 00002416 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job
2015-04-05 15:39 - 2015-04-11 22:54 - 00002416 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005488 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005154 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005152 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00004464 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00004128 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00003444 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00003108 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00002082 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job
2015-04-05 15:37 - 2015-04-05 15:43 - 00001253 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-05 15:37 - 2015-04-05 15:43 - 00001241 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-04-05 15:37 - 2015-04-05 15:37 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Opera Software
2015-04-05 15:37 - 2015-04-05 15:37 - 00000000 ____D () C:\Users\admin\AppData\Local\Opera Software
2015-04-05 15:26 - 2015-04-08 18:08 - 00000000 ____D () C:\Program Files\Opera
2015-04-05 15:25 - 2015-04-05 15:25 - 00000000 ____D () C:\Program Files\WajaWebEnhancer
2015-04-05 15:24 - 2015-04-11 23:24 - 00003120 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00004476 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00003456 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00002428 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00002428 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job
2015-04-05 15:23 - 2015-04-11 23:23 - 00005500 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job
2015-04-05 15:23 - 2015-04-11 23:23 - 00002094 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00005164 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00004476 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00001338 _____ () C:\Windows\Tasks\RKEQEI.job
2015-04-05 15:17 - 2015-04-05 15:17 - 00000000 ____D () C:\Autodesk
2015-04-04 21:19 - 2009-07-14 10:12 - 00001242 _____ () C:\Users\admin\Desktop\Paint.lnk
2015-04-03 12:17 - 2015-04-03 12:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\dvdcss
2015-04-02 16:55 - 2015-04-02 16:57 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\admin\Downloads\flashplayer17_ga_install.exe
2015-04-02 16:46 - 2015-04-02 17:11 - 93634632 _____ (Ingram Content Group) C:\Users\admin\Downloads\BookshelfSetup.exe
2015-03-31 12:02 - 2015-03-31 12:03 - 00000000 ____D () C:\Users\admin\Desktop\aachit
2015-03-28 22:33 - 2015-03-28 23:06 - 00000099 _____ () C:\Users\admin\AppData\default.pls
2015-03-28 21:48 - 2015-03-28 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\HdO Adventure
2015-03-27 19:57 - 2015-03-27 19:57 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Nero
2015-03-27 19:56 - 2015-03-27 19:56 - 00002679 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk
2015-03-27 19:56 - 2015-03-27 19:56 - 00002581 _____ () C:\Users\Public\Desktop\Nero Home.lnk
2015-03-27 19:56 - 2015-03-27 19:56 - 00000000 ____D () C:\Users\admin\AppData\Local\Ahead
2015-03-27 19:56 - 2015-03-27 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
2015-03-27 19:54 - 2015-03-27 19:54 - 00000188 _____ () C:\Windows\system32\MsiExec.exe.log
2015-03-27 19:53 - 2015-03-27 19:54 - 00000000 ____D () C:\Program Files\Common Files\Nero
2015-03-27 19:53 - 2015-03-27 19:53 - 00000000 ____D () C:\ProgramData\Nero
2015-03-27 19:53 - 2015-03-27 19:53 - 00000000 ____D () C:\Program Files\Nero
2015-03-27 19:53 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-03-27 19:42 - 2015-03-27 19:42 - 00140392 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 19:41 - 2015-03-27 19:41 - 00001901 _____ () C:\Users\Public\Desktop\AutoCAD 2008.lnk
2015-03-27 19:39 - 2015-04-05 15:24 - 00000000 ____D () C:\Program Files\AutoCAD 2008
2015-03-27 19:39 - 2015-04-05 15:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Autodesk
2015-03-27 19:39 - 2015-04-05 15:19 - 00000000 ____D () C:\ProgramData\Autodesk
2015-03-27 19:39 - 2015-03-27 19:39 - 00000000 ____D () C:\Windows\system32\Macromed
2015-03-27 19:39 - 2015-03-27 19:39 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-03-27 19:38 - 2015-03-27 19:53 - 00060023 _____ () C:\Windows\DirectX.log
2015-03-27 19:38 - 2015-03-27 19:42 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-03-27 19:38 - 2015-03-27 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-03-27 19:38 - 2015-03-27 19:39 - 00000000 ____D () C:\Users\admin\AppData\Local\Autodesk
2015-03-27 19:38 - 2015-03-27 19:38 - 00000000 ____D () C:\Program Files\Autodesk
2015-03-27 19:38 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-03-27 05:18 - 2015-03-26 15:55 - 00000000 ____D () C:\Windows\Panther
2015-03-27 04:21 - 2015-04-11 22:57 - 00314930 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 04:21 - 2015-03-27 04:21 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-03-27 04:21 - 2015-03-27 04:21 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-03-27 04:20 - 2015-03-27 04:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-03-27 04:19 - 2015-03-27 04:21 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-03-27 00:44 - 2015-03-27 00:44 - 00005542 _____ () C:\Users\admin\AppData\Roaming\RKEQEI
2015-03-26 23:06 - 2015-03-27 18:42 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2015-03-26 23:06 - 2015-03-26 23:06 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2015-03-26 20:38 - 2015-04-11 09:47 - 00000000 ____D () C:\Users\admin\Documents\EA SPORTS™ Cricket 07
2015-03-26 20:36 - 2015-03-26 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-03-26 18:53 - 2015-03-26 18:53 - 00000000 ____D () C:\Users\admin\AppData\Roaming\vlc
2015-03-26 17:27 - 2015-04-11 23:04 - 00002361 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-26 17:27 - 2015-03-26 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-26 17:13 - 2015-03-26 17:10 - 00356456 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\SCDETOUR.DLL
2015-03-26 17:13 - 2015-03-26 17:10 - 00224872 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\SCSANDBOXAPI.DLL
2015-03-26 17:13 - 2015-03-26 17:10 - 00133736 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\SCSECAUTH.DLL
2015-03-26 17:08 - 2015-03-26 17:08 - 00006305 _____ () C:\Windows\regact.dat
2015-03-26 17:04 - 2015-04-11 23:04 - 00000454 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2015-03-26 17:04 - 2015-04-11 21:04 - 00000478 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2015-03-26 17:04 - 2015-03-26 17:10 - 00043240 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bsfs.sys
2015-03-26 17:04 - 2014-10-16 19:39 - 00047720 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\webssx.sys
2015-03-26 17:04 - 2014-09-12 10:53 - 00034792 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\mscank.sys
2015-03-26 17:04 - 2014-09-12 10:53 - 00021096 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2015-03-26 17:04 - 2014-08-19 18:49 - 00065128 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2015-03-26 17:04 - 2014-08-09 12:39 - 00229480 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2015-03-26 17:04 - 2014-06-06 12:29 - 00058728 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\llio.sys
2015-03-26 17:04 - 2014-06-06 12:11 - 00032360 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2015-03-26 17:03 - 2015-03-26 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal Internet Security
2015-03-26 17:03 - 2015-03-26 17:04 - 00000000 ____D () C:\Program Files\Common Files\Quick Heal
2015-03-26 17:03 - 2015-03-26 17:03 - 00000000 ____D () C:\Program Files\Quick Heal
2015-03-26 17:02 - 2015-04-11 20:24 - 00000000 ____D () C:\Windows\system32\gprodat
2015-03-26 17:02 - 2014-08-27 09:53 - 00060520 _____ (Quick Heal Technologies (P) Ltd.) C:\Windows\system32\Drivers\ggc.sys
2015-03-26 16:58 - 2015-04-11 23:03 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 16:58 - 2015-04-11 22:54 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 16:58 - 2015-03-26 17:27 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2015-03-26 16:58 - 2015-03-26 17:27 - 00000000 ____D () C:\Program Files\Google
2015-03-26 16:58 - 2015-03-26 16:58 - 00270146 _____ () C:\Users\admin\Downloads\ChromeSetup(1).exe.part
2015-03-26 16:58 - 2015-03-26 16:58 - 00000000 _____ () C:\Users\admin\Downloads\ChromeSetup(1).exe
2015-03-26 16:57 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-26 16:56 - 2015-03-26 16:57 - 00880208 _____ (Google Inc.) C:\Users\admin\Downloads\ChromeSetup.exe
2015-03-26 16:39 - 2015-03-26 16:51 - 01501142 _____ () C:\Users\admin\Downloads\WirelessLANAtheros.EXE
2015-03-26 16:39 - 2015-03-26 16:50 - 01400593 _____ () C:\Users\admin\Downloads\EthernetDriverMarvell.EXE
2015-03-26 16:38 - 2015-03-26 16:40 - 00000155 _____ () C:\Windows\winamp.ini
2015-03-26 16:38 - 2015-03-26 16:38 - 00001937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Try AOL for Broadband.lnk
2015-03-26 16:38 - 2015-03-26 16:38 - 00000937 _____ () C:\Users\admin\Desktop\Winamp.lnk
2015-03-26 16:38 - 2015-03-26 16:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
2015-03-26 16:38 - 2015-03-26 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-03-26 16:38 - 2015-03-26 16:38 - 00000000 ____D () C:\Program Files\Winamp
2015-03-26 16:38 - 2003-10-29 06:04 - 00462848 ____N (Sonic Solutions) C:\Windows\system32\px.dll
2015-03-26 16:38 - 2003-10-29 06:03 - 00286720 ____N (Sonic Solutions) C:\Windows\system32\pxwave.dll
2015-03-26 16:38 - 2003-10-29 06:03 - 00143360 ____N (Sonic Solutions) C:\Windows\system32\pxmas.dll
2015-03-26 16:38 - 2003-10-28 15:32 - 00053248 ____N () C:\Windows\system32\pxhpinst.exe
2015-03-26 16:38 - 2003-10-28 15:32 - 00020016 ____N (Sonic Solutions) C:\Windows\system32\Drivers\pxhelp20.sys
2015-03-26 16:38 - 2003-10-27 14:30 - 00319488 ____N (Sonic Solutions) C:\Windows\system32\pxdrv.dll
2015-03-26 16:38 - 2003-10-14 13:30 - 00028672 ____N (Sonic Solutions) C:\Windows\system32\vxblock.dll
2015-03-26 16:31 - 2015-03-26 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-26 16:30 - 2015-03-27 19:38 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-26 16:30 - 2015-03-26 16:30 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-26 16:30 - 2015-03-26 16:30 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-26 16:30 - 2015-03-26 16:30 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-03-26 16:30 - 2015-03-26 16:30 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-03-26 16:30 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2015-03-26 16:29 - 2015-03-26 16:29 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2015-03-26 16:28 - 2015-03-28 23:06 - 00000000 ____D () C:\Users\admin\AppData\Local\Microsoft Help
2015-03-26 16:28 - 2015-03-27 19:38 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-26 16:28 - 2015-03-26 16:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-26 16:28 - 2015-03-26 16:28 - 00000000 __RHD () C:\MSOCache
2015-03-26 16:27 - 2015-03-26 16:34 - 02185881 _____ () C:\Users\admin\Downloads\WLANAtheros.EXE
2015-03-26 16:09 - 2015-03-26 16:09 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2015-03-26 16:09 - 2015-03-26 16:09 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2015-03-26 16:08 - 2015-04-05 15:43 - 00001289 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-26 16:08 - 2015-04-05 15:43 - 00001277 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-26 16:08 - 2015-04-05 15:38 - 00000000 ____D () C:\Program Files\Adobe
2015-03-26 16:08 - 2015-03-26 16:09 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-26 16:08 - 2015-03-26 16:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2015-03-26 16:08 - 2015-03-26 16:08 - 00000000 ____D () C:\ProgramData\Mozilla
2015-03-26 16:08 - 2015-03-26 16:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-26 16:08 - 2015-03-26 16:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-26 16:08 - 2015-03-26 16:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-26 16:07 - 2015-03-26 16:07 - 00001024 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-26 16:07 - 2015-03-26 16:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-26 16:07 - 2015-03-26 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-26 16:07 - 2015-03-26 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-26 16:07 - 2015-03-26 16:07 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-26 16:07 - 2015-03-26 16:07 - 00000000 ____D () C:\Program Files\VideoLAN
2015-03-26 15:56 - 2015-04-11 22:54 - 00000000 ____D () C:\Users\admin
2015-03-26 15:56 - 2015-04-05 15:43 - 00001585 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-26 15:56 - 2015-03-26 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\VirtualStore
2015-03-26 15:56 - 2015-03-26 15:56 - 00000020 ___SH () C:\Users\admin\ntuser.ini
2015-03-26 15:56 - 2009-07-14 10:12 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-26 15:56 - 2009-07-14 10:07 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-26 15:55 - 2015-03-26 15:55 - 00000000 __SHD () C:\Recovery
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-11 23:15 - 2009-07-14 10:04 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 23:15 - 2009-07-14 10:04 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 22:58 - 2010-11-21 02:31 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 22:54 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 22:54 - 2009-07-14 10:09 - 00033544 _____ () C:\Windows\setupact.log
2015-04-11 20:24 - 2010-11-21 03:18 - 00085922 _____ () C:\Windows\PFRO.log
2015-04-06 23:25 - 2009-07-14 07:34 - 00000580 _____ () C:\Windows\win.ini
2015-04-06 06:16 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-05 15:44 - 2009-07-14 07:34 - 00000024 _____ () C:\AUTOEXEC.BAT
2015-04-04 11:45 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-29 22:10 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-27 23:46 - 2009-07-14 10:03 - 00480104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 19:53 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Cursors
2015-03-27 19:50 - 2009-07-14 08:07 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-27 19:42 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-27 19:39 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Help
2015-03-27 05:18 - 2009-07-14 10:27 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-03-27 05:18 - 2009-07-14 10:22 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-03-27 04:21 - 2009-07-14 10:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-27 04:21 - 2009-07-14 08:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-27 04:19 - 2010-11-21 06:16 - 00000000 ____D () C:\Windows\CSC
2015-03-27 04:19 - 2009-07-14 10:04 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-03-26 21:01 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-26 18:29 - 2009-07-14 08:07 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-26 16:30 - 2010-11-21 06:16 - 00000000 ____D () C:\Windows\ShellNew
2015-03-26 16:30 - 2009-07-14 10:22 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-26 16:28 - 2009-07-14 08:07 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-26 15:55 - 2010-11-21 02:59 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-03-26 15:55 - 2010-11-21 02:59 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-03-26 15:55 - 2010-11-21 02:59 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-03-26 15:55 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\system32\restore
2015-03-26 15:54 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2015-03-27 00:44 - 2015-03-27 00:44 - 0005542 _____ () C:\Users\admin\AppData\Roaming\RKEQEI
 
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\AcDeltree.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 14:56
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by admin at 2015-04-11 23:32:09
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Quick Heal Internet Security (Enabled - Up to date) {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
AS: Quick Heal Internet Security (Enabled - Up to date) {DB8FBA10-1533-A429-00B0-F3F913340A5B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {58D5DAD1-7966-AAFF-115F-61BE9660079D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Air Globe (HKLM\...\Air Globe) (Version: 2015.04.05.082237 - Air Globe) <==== ATTENTION
AutoCAD 2008 - English (HKLM\...\AutoCAD 2008 - English) (Version: 17.1.51.0 - Autodesk)
AutoCAD 2008 - English (Version: 17.1.51.0 - Autodesk) Hidden
AutoCAD Drawing Viewer version 4 (HKLM\...\{A7F0117D-6BEB-4834-B1E0-6BF08AA0F8E3}_is1) (Version: 4 - SkySof Software Inc.)
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
CinemaP-1.8cV05.04 (HKLM\...\CinemaP-1.8cV05.04) (Version: 1.36.01.22 - Cinema PlusV05.04) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
luckysearches uninstall (HKLM\...\luckysearches uninstall) (Version:  - luckysearches)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
Nero 8 (HKLM\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.295 - Nero AG)
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Quick Heal Internet Security (HKLM\...\Quick Heal Internet Security) (Version: 16.00 - Quick Heal Technologies Pvt. Ltd.)
Quick Heal Internet Security (Version: 16.00 - Quick Heal) Hidden
SavePass 1.1 (HKLM\...\SavePass 1.1) (Version: 1.36.01.22 - OB) <==== ATTENTION
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
Wajam (HKLM\...\Wajam Web Enhancer) (Version: 1.41.1.5 (i1.0) - Wajam) <==== ATTENTION
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2008\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points  =========================
 
26-03-2015 16:08:24 Installed Adobe Reader 9.1.
26-03-2015 16:28:18 Installed Microsoft Office Enterprise 2007
27-03-2015 19:38:29 Installed DirectX
27-03-2015 19:52:52 Installed DirectX
27-03-2015 19:53:14 Installed Nero 8 Trial. Available with Windows Installer version 1.2 and later.
27-03-2015 19:55:19 Quick Heal AntiMalware Restore Point
04-04-2015 15:03:20 Scheduled Checkpoint
05-04-2015 17:04:19 Quick Heal AntiMalware Restore Point
06-04-2015 23:28:54 Quick Heal AntiMalware Restore Point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2015-04-11 19:49 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02396B4D-28CB-4C51-90A1-40CA3CEBEEB8} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: {02FA39E6-5294-46C9-BF7E-EDBEADA759FE} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.exe <==== ATTENTION
Task: {14008CAA-E69C-4FF2-B156-A488AA436D74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {24CC4160-DDE7-4203-8B32-70C4CE01E89E} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: {37427426-6AC3-40BC-A2F0-17A717FE6D17} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.exe <==== ATTENTION
Task: {3C684556-02CC-4EBF-ABEA-CC8ECF09A943} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.exe <==== ATTENTION
Task: {42939318-9953-41DA-BB49-0BA1D4906347} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.exe <==== ATTENTION
Task: {430E5111-4FA7-4870-B46B-86BEE87F3280} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.exe <==== ATTENTION
Task: {44BD25C0-A19E-4D00-AB6A-9B6B766F3CB4} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.exe <==== ATTENTION
Task: {50C6E38F-2446-4D9C-B165-9A1C053FFE9F} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.exe <==== ATTENTION
Task: {57BD0019-7A92-4DF7-8B49-CB5348A9855A} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.exe <==== ATTENTION
Task: {5F033A6D-3064-491E-94C8-D40AB64C8666} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10.exe <==== ATTENTION
Task: {6F21D1E1-CC83-4445-9CFE-0CD50BF78658} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.exe <==== ATTENTION
Task: {70DA043C-91DD-4472-BE9A-C30FEA800FC2} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: {78941FA2-8B16-44EC-8BA4-8CDFE222FF98} - System32\Tasks\Opera scheduled Autoupdate 1428228422 => C:\Program Files\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {7E27DABA-908C-4B2D-9E56-DF1B8699E9B1} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.exe <==== ATTENTION
Task: {B52EEB23-C0E9-4B22-984B-4D7E0A179B93} - System32\Tasks\RKEQEI => C:\Users\admin\AppData\Roaming\RKEQEI.exe <==== ATTENTION
Task: {C278891F-FF20-4394-B44C-85936BD2B101} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.exe <==== ATTENTION
Task: {CEE2FBF6-5DD2-49B5-9881-689795221997} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: {D71B7654-2D99-4596-83C6-90D790E38766} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.exe <==== ATTENTION
Task: {DBC858F9-5EBE-4EC1-A656-09F9C5CBA288} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Internet Security\ACAPPAA.EXE [2014-06-06] (Quick Heal Technologies (P) Ltd.)
Task: {E0C13D99-57A8-440B-BAEB-2EF15AFC0C17} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-10.exe <==== ATTENTION
Task: {E84934A3-8A46-4511-95CB-14D8C8993372} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.exe <==== ATTENTION
Task: {F5BDDE0C-FA4A-411E-957B-032CC7179AD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {F7CB630E-0F9E-4761-B3EB-5E804D78B235} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Internet Security\ASMAIN.EXE [2014-09-13] (Quick Heal Technologies (P) Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Internet Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Internet Security\ACAPPAA.EXE
Task: C:\Windows\Tasks\RKEQEI.job => C:\Users\admin\AppData\Roaming\RKEQEI.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2014-07-26 12:40 - 2014-07-26 12:40 - 00025208 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\bdsres.dll
2014-09-09 14:30 - 2014-09-09 14:30 - 00065624 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANAPI.DLL
2014-11-04 20:42 - 2015-04-11 19:48 - 00548952 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\scansdk.dll
2014-12-17 22:38 - 2015-04-11 19:48 - 00344154 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\platform.dll
2014-11-10 13:57 - 2015-04-11 19:48 - 00041059 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\filesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\DRVCOMM.DLL
2014-10-20 12:19 - 2015-04-11 19:48 - 00036954 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\mbfswrap.dll
2014-06-25 19:09 - 2015-04-11 19:48 - 00221270 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\disasm.dll
2014-09-09 14:30 - 2014-09-09 14:30 - 00065624 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\scanapi.dll
2014-12-26 19:03 - 2015-04-11 19:48 - 00241746 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\scan.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\VIRLIST.DLL
2014-12-31 21:05 - 2015-04-11 19:48 - 00180306 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\boot.dll
2014-12-18 23:23 - 2015-04-11 19:48 - 00303194 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\mltiscan.dll
2014-11-26 22:25 - 2015-04-11 19:48 - 00614488 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\pescan.dll
2014-12-29 22:19 - 2015-04-11 19:48 - 03444822 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\pepoly.dll
2014-12-23 16:27 - 2015-04-11 19:48 - 00295000 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\arcvsdk.dll
2015-01-01 22:27 - 2015-04-11 19:48 - 00913494 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\lzesdk.dll
2014-12-31 21:05 - 2015-04-11 19:48 - 06422616 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\heurscan.dll
2014-09-02 19:11 - 2015-04-11 19:48 - 00225370 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\bkdrscan.dll
2014-12-30 16:27 - 2015-04-11 19:48 - 00270424 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\dospoly.dll
2014-12-29 22:19 - 2015-04-11 19:48 - 00307288 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\vbsscan.dll
2015-01-01 22:27 - 2015-04-11 19:48 - 01867866 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\miscscan.dll
2014-12-24 23:20 - 2015-04-11 19:48 - 00106588 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\olesdk.dll
2012-03-02 14:01 - 2012-03-02 14:01 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\ARJSDK.DLL
2012-03-02 14:02 - 2012-03-02 14:02 - 00028672 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\UNARJ32.DLL
2014-07-29 13:50 - 2015-04-11 19:48 - 00114688 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\rarsdk.dll
2015-03-26 16:07 - 2005-10-07 15:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-19 01:40 - 2015-03-19 01:40 - 01349632 _____ () C:\Program Files\WajaWebEnhancer\wajam.exe
2015-04-11 22:54 - 2015-04-11 22:54 - 02978304 _____ () C:\Program Files\WajaWebEnhancer\dlls\atskadfrpzde.dll
2015-04-11 22:54 - 2015-04-11 22:54 - 02978304 _____ () c:\program files\wajawebenhancer\dlls\atskadfrpzde.dll
2015-04-01 23:05 - 2015-03-31 02:37 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-01 23:05 - 2015-03-31 02:37 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-03-27 06:25 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-03-27 06:25 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 218.248.255.195 - 218.248.255.196
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-815915496-1986768213-1316658355-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-815915496-1986768213-1316658355-500 - Administrator - Disabled)
Guest (S-1-5-21-815915496-1986768213-1316658355-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/11/2015 10:54:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 08:25:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 07:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 02:42:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 08:56:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 07:55:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 09:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 08:44:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 00:15:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/09/2015 11:48:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/11/2015 10:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 10:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 10:54:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 08:25:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 08:25:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 08:24:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 07:30:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 07:30:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 07:29:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 02:42:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Air Globe service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 79%
Total physical RAM: 2013.24 MB
Available physical RAM: 421.12 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 2006.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.29 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:73.02 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:36.08 GB) NTFS
Drive e: (SHUBHAM) (Fixed) (Total:102.78 GB) (Free:21.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9F2A5100)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi 'tis a lot there .. So lets start the removal process

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysear...0418AS_9VMMEMT4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysear...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysear...0418AS_9VMMEMT4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysear...q={searchTerms}
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysear...0418AS_9VMMEMT4
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysear...0418AS_9VMMEMT4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-815915496-1986768213-1316658355-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-815915496-1986768213-1316658355-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
BHO: Air Globe 1.0.0.7 -> {4c54ce3d-6b7d-4f21-9e69-200632a98540} -> C:\Program Files\Air Globe\AirGlobebho.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysear...0418AS_9VMMEMT4
FF DefaultSearchEngine: luckysearches
FF SelectedSearchEngine: luckysearches
FF Homepage: hxxp://www.luckysearches.com/?type=hp&ts=1428228820&from=2sq&uid=ST3320418AS_9VMMEMT4
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\user.js [2015-04-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\luckysearches.xml [2015-04-05]
FF Extension: CinemaP-1.8cV05.04 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] [2015-04-05]
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: SavePass 1.1 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] [2015-04-05]
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: Air Globe 1.0.1 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\{21d3b30d-5feb-4224-9a1d-01f7d9334705}.xpi [2015-04-05]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.luckysear...0418AS_9VMMEMT4
CHR Extension: (Air Globe) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlaeckbnhecoafejllmoellpjnfcldi [2015-04-06]
CHR Extension: (CinemaP-1.8cV05.04) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-04-05]
CHR Extension: (SavePass 1.1) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-04-05]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.luckysear...0418AS_9VMMEMT4
OPR Extension: (SavePass 1.1) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-04-05]
R2 Wajam Web Enhancer; C:\Program Files\WajaWebEnhancer\wajam.exe [1349632 2015-03-19] () [File not signed] <==== ATTENTION
S2 Update Air Globe; "C:\Program Files\Air Globe\updateAirGlobe.exe" [X]
S2 Util Air Globe; "C:\Program Files\Air Globe\bin\utilAirGlobe.exe" [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
R1 {21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw; C:\Windows\System32\drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys [43144 2015-04-04] (StdLib)
2015-04-05 16:23 - 2015-04-06 23:07 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-05 15:43 - 2015-04-04 17:29 - 00043144 _____ (StdLib) C:\Windows\system32\Drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys
2015-04-05 15:39 - 2015-04-11 22:54 - 00002416 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job
2015-04-05 15:39 - 2015-04-11 22:54 - 00002416 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005488 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005154 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005152 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00004464 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00004128 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00003444 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00003108 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00002082 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job
2015-04-05 15:25 - 2015-04-05 15:25 - 00000000 ____D () C:\Program Files\WajaWebEnhancer
2015-04-05 15:24 - 2015-04-11 23:24 - 00003120 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00004476 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00003456 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00002428 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00002428 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job
2015-04-05 15:23 - 2015-04-11 23:23 - 00005500 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job
2015-04-05 15:23 - 2015-04-11 23:23 - 00002094 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00005164 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00004476 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00001338 _____ () C:\Windows\Tasks\RKEQEI.job
2015-04-02 16:55 - 2015-04-02 16:57 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\admin\Downloads\flashplayer17_ga_install.exe
2015-03-27 00:44 - 2015-03-27 00:44 - 00005542 _____ () C:\Users\admin\AppData\Roaming\RKEQEI
2015-03-26 16:58 - 2015-03-26 16:58 - 00270146 _____ () C:\Users\admin\Downloads\ChromeSetup(1).exe.part
2015-03-26 16:58 - 2015-03-26 16:58 - 00000000 _____ () C:\Users\admin\Downloads\ChromeSetup(1).exe
2015-03-26 16:57 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-26 16:56 - 2015-03-26 16:57 - 00880208 _____ (Google Inc.) C:\Users\admin\Downloads\ChromeSetup.exe
Task: {02396B4D-28CB-4C51-90A1-40CA3CEBEEB8} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: {02FA39E6-5294-46C9-BF7E-EDBEADA759FE} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.exe <==== ATTENTION
Task: {24CC4160-DDE7-4203-8B32-70C4CE01E89E} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: {37427426-6AC3-40BC-A2F0-17A717FE6D17} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.exe <==== ATTENTION
Task: {3C684556-02CC-4EBF-ABEA-CC8ECF09A943} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.exe <==== ATTENTION
Task: {42939318-9953-41DA-BB49-0BA1D4906347} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.exe <==== ATTENTION
Task: {430E5111-4FA7-4870-B46B-86BEE87F3280} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.exe <==== ATTENTION
Task: {44BD25C0-A19E-4D00-AB6A-9B6B766F3CB4} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.exe <==== ATTENTION
Task: {50C6E38F-2446-4D9C-B165-9A1C053FFE9F} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.exe <==== ATTENTION
Task: {57BD0019-7A92-4DF7-8B49-CB5348A9855A} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.exe <==== ATTENTION
Task: {5F033A6D-3064-491E-94C8-D40AB64C8666} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10.exe <==== ATTENTION
Task: {6F21D1E1-CC83-4445-9CFE-0CD50BF78658} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.exe <==== ATTENTION
Task: {70DA043C-91DD-4472-BE9A-C30FEA800FC2} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: {7E27DABA-908C-4B2D-9E56-DF1B8699E9B1} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.exe <==== ATTENTION
Task: {B52EEB23-C0E9-4B22-984B-4D7E0A179B93} - System32\Tasks\RKEQEI => C:\Users\admin\AppData\Roaming\RKEQEI.exe <==== ATTENTION
Task: {C278891F-FF20-4394-B44C-85936BD2B101} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.exe <==== ATTENTION
Task: {CEE2FBF6-5DD2-49B5-9881-689795221997} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: {D71B7654-2D99-4596-83C6-90D790E38766} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.exe <==== ATTENTION
Task: {E0C13D99-57A8-440B-BAEB-2EF15AFC0C17} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-10.exe <==== ATTENTION
Task: {E84934A3-8A46-4511-95CB-14D8C8993372} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\RKEQEI.job => C:\Users\admin\AppData\Roaming\RKEQEI.exe <==== ATTENTION
C:\Program Files\WajaWebEnhancer
C:\Program Files\Air Globe
C:\Program Files\globalUpdate
C:\ProgramData\WindowsMangerProtect
C:\Windows\System32\drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys
C:\Program Files\CinemaP-1.8cV05.04
C:\Program Files\SavePass 1.1
C:\Users\admin\AppData\Roaming\RKEQEI.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
NK sharma

NK sharma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thanks for your support. I am attaching logfile as per your instruction.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-04-2015
Ran by admin at 2015-04-12 00:56:05 Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available profiles: admin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysear...0418AS_9VMMEMT4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.luckysear...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysear...0418AS_9VMMEMT4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.luckysear...q={searchTerms}
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.luckysear...0418AS_9VMMEMT4
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.luckysear...0418AS_9VMMEMT4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-815915496-1986768213-1316658355-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
SearchScopes: HKU\S-1-5-21-815915496-1986768213-1316658355-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.luckysear...q={searchTerms}
BHO: Air Globe 1.0.0.7 -> {4c54ce3d-6b7d-4f21-9e69-200632a98540} -> C:\Program Files\Air Globe\AirGlobebho.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.luckysear...0418AS_9VMMEMT4
FF DefaultSearchEngine: luckysearches
FF SelectedSearchEngine: luckysearches
FF Homepage: hxxp://www.luckysearches.com/?type=hp&ts=1428228820&from=2sq&uid=ST3320418AS_9VMMEMT4
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\user.js [2015-04-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\luckysearches.xml [2015-04-05]
FF Extension: CinemaP-1.8cV05.04 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] [2015-04-05]
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: SavePass 1.1 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] [2015-04-05]
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: Air Globe 1.0.1 - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\{21d3b30d-5feb-4224-9a1d-01f7d9334705}.xpi [2015-04-05]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.luckysear...0418AS_9VMMEMT4
CHR Extension: (Air Globe) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlaeckbnhecoafejllmoellpjnfcldi [2015-04-06]
CHR Extension: (CinemaP-1.8cV05.04) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-04-05]
CHR Extension: (SavePass 1.1) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-04-05]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.luckysear...0418AS_9VMMEMT4
OPR Extension: (SavePass 1.1) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh [2015-04-05]
R2 Wajam Web Enhancer; C:\Program Files\WajaWebEnhancer\wajam.exe [1349632 2015-03-19] () [File not signed] <==== ATTENTION
S2 Update Air Globe; "C:\Program Files\Air Globe\updateAirGlobe.exe" [X]
S2 Util Air Globe; "C:\Program Files\Air Globe\bin\utilAirGlobe.exe" [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
R1 {21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw; C:\Windows\System32\drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys [43144 2015-04-04] (StdLib)
2015-04-05 16:23 - 2015-04-06 23:07 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-05 15:43 - 2015-04-04 17:29 - 00043144 _____ (StdLib) C:\Windows\system32\Drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys
2015-04-05 15:39 - 2015-04-11 22:54 - 00002416 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job
2015-04-05 15:39 - 2015-04-11 22:54 - 00002416 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005488 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005154 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00005152 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00004464 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00004128 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00003444 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00003108 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job
2015-04-05 15:38 - 2015-04-11 22:54 - 00002082 _____ () C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job
2015-04-05 15:25 - 2015-04-05 15:25 - 00000000 ____D () C:\Program Files\WajaWebEnhancer
2015-04-05 15:24 - 2015-04-11 23:24 - 00003120 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00004476 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00003456 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00002428 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job
2015-04-05 15:24 - 2015-04-11 22:54 - 00002428 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job
2015-04-05 15:23 - 2015-04-11 23:23 - 00005500 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job
2015-04-05 15:23 - 2015-04-11 23:23 - 00002094 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00005164 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00004476 _____ () C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job
2015-04-05 15:23 - 2015-04-11 22:54 - 00001338 _____ () C:\Windows\Tasks\RKEQEI.job
2015-04-02 16:55 - 2015-04-02 16:57 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\admin\Downloads\flashplayer17_ga_install.exe
2015-03-27 00:44 - 2015-03-27 00:44 - 00005542 _____ () C:\Users\admin\AppData\Roaming\RKEQEI
2015-03-26 16:58 - 2015-03-26 16:58 - 00270146 _____ () C:\Users\admin\Downloads\ChromeSetup(1).exe.part
2015-03-26 16:58 - 2015-03-26 16:58 - 00000000 _____ () C:\Users\admin\Downloads\ChromeSetup(1).exe
2015-03-26 16:57 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-26 16:56 - 2015-03-26 16:57 - 00880208 _____ (Google Inc.) C:\Users\admin\Downloads\ChromeSetup.exe
Task: {02396B4D-28CB-4C51-90A1-40CA3CEBEEB8} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: {02FA39E6-5294-46C9-BF7E-EDBEADA759FE} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.exe <==== ATTENTION
Task: {24CC4160-DDE7-4203-8B32-70C4CE01E89E} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: {37427426-6AC3-40BC-A2F0-17A717FE6D17} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.exe <==== ATTENTION
Task: {3C684556-02CC-4EBF-ABEA-CC8ECF09A943} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.exe <==== ATTENTION
Task: {42939318-9953-41DA-BB49-0BA1D4906347} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.exe <==== ATTENTION
Task: {430E5111-4FA7-4870-B46B-86BEE87F3280} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.exe <==== ATTENTION
Task: {44BD25C0-A19E-4D00-AB6A-9B6B766F3CB4} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.exe <==== ATTENTION
Task: {50C6E38F-2446-4D9C-B165-9A1C053FFE9F} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.exe <==== ATTENTION
Task: {57BD0019-7A92-4DF7-8B49-CB5348A9855A} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.exe <==== ATTENTION
Task: {5F033A6D-3064-491E-94C8-D40AB64C8666} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10.exe <==== ATTENTION
Task: {6F21D1E1-CC83-4445-9CFE-0CD50BF78658} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.exe <==== ATTENTION
Task: {70DA043C-91DD-4472-BE9A-C30FEA800FC2} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: {7E27DABA-908C-4B2D-9E56-DF1B8699E9B1} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.exe <==== ATTENTION
Task: {B52EEB23-C0E9-4B22-984B-4D7E0A179B93} - System32\Tasks\RKEQEI => C:\Users\admin\AppData\Roaming\RKEQEI.exe <==== ATTENTION
Task: {C278891F-FF20-4394-B44C-85936BD2B101} - System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6 => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.exe <==== ATTENTION
Task: {CEE2FBF6-5DD2-49B5-9881-689795221997} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: {D71B7654-2D99-4596-83C6-90D790E38766} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.exe <==== ATTENTION
Task: {E0C13D99-57A8-440B-BAEB-2EF15AFC0C17} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-10.exe <==== ATTENTION
Task: {E84934A3-8A46-4511-95CB-14D8C8993372} - System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11 => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job => C:\Program Files\SavePass 1.1\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job => C:\Program Files\CinemaP-1.8cV05.04\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\RKEQEI.job => C:\Users\admin\AppData\Roaming\RKEQEI.exe <==== ATTENTION
C:\Program Files\WajaWebEnhancer
C:\Program Files\Air Globe
C:\Program Files\globalUpdate
C:\ProgramData\WindowsMangerProtect
C:\Windows\System32\drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys
C:\Program Files\CinemaP-1.8cV05.04
C:\Program Files\SavePass 1.1
C:\Users\admin\AppData\Roaming\RKEQEI.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-815915496-1986768213-1316658355-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c54ce3d-6b7d-4f21-9e69-200632a98540}" => Key deleted successfully.
"HKCR\CLSID\{4c54ce3d-6b7d-4f21-9e69-200632a98540}" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\user.js => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\luckysearches.xml => Moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] => Moved successfully.
"HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\[email protected] => Moved successfully.
"HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fn9itv95.default\Extensions\{21d3b30d-5feb-4224-9a1d-01f7d9334705}.xpi => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahlaeckbnhecoafejllmoellpjnfcldi => Moved successfully.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp => Moved successfully.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh => Moved successfully.
Wajam Web Enhancer => Service stopped successfully.
Wajam Web Enhancer => Service deleted successfully.
Update Air Globe => Service deleted successfully.
Util Air Globe => Service deleted successfully.
WindowsMangerProtect => Service deleted successfully.
{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw => Service stopped successfully.
{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw => Service deleted successfully.
C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Windows\system32\Drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job => Moved successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job => Moved successfully.
C:\Program Files\WajaWebEnhancer => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job => Moved successfully.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job => Moved successfully.
C:\Windows\Tasks\RKEQEI.job => Moved successfully.
C:\Users\admin\Downloads\flashplayer17_ga_install.exe => Moved successfully.
C:\Users\admin\AppData\Roaming\RKEQEI => Moved successfully.
C:\Users\admin\Downloads\ChromeSetup(1).exe.part => Moved successfully.
C:\Users\admin\Downloads\ChromeSetup(1).exe => Moved successfully.
C:\Windows\system32\MpSigStub.exe => Moved successfully.
C:\Users\admin\Downloads\ChromeSetup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02396B4D-28CB-4C51-90A1-40CA3CEBEEB8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02396B4D-28CB-4C51-90A1-40CA3CEBEEB8}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02FA39E6-5294-46C9-BF7E-EDBEADA759FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02FA39E6-5294-46C9-BF7E-EDBEADA759FE}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24CC4160-DDE7-4203-8B32-70C4CE01E89E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24CC4160-DDE7-4203-8B32-70C4CE01E89E}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37427426-6AC3-40BC-A2F0-17A717FE6D17}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37427426-6AC3-40BC-A2F0-17A717FE6D17}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C684556-02CC-4EBF-ABEA-CC8ECF09A943}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C684556-02CC-4EBF-ABEA-CC8ECF09A943}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{42939318-9953-41DA-BB49-0BA1D4906347}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42939318-9953-41DA-BB49-0BA1D4906347}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{430E5111-4FA7-4870-B46B-86BEE87F3280}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{430E5111-4FA7-4870-B46B-86BEE87F3280}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44BD25C0-A19E-4D00-AB6A-9B6B766F3CB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44BD25C0-A19E-4D00-AB6A-9B6B766F3CB4}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50C6E38F-2446-4D9C-B165-9A1C053FFE9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50C6E38F-2446-4D9C-B165-9A1C053FFE9F}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57BD0019-7A92-4DF7-8B49-CB5348A9855A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57BD0019-7A92-4DF7-8B49-CB5348A9855A}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F033A6D-3064-491E-94C8-D40AB64C8666}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F033A6D-3064-491E-94C8-D40AB64C8666}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F21D1E1-CC83-4445-9CFE-0CD50BF78658}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F21D1E1-CC83-4445-9CFE-0CD50BF78658}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{70DA043C-91DD-4472-BE9A-C30FEA800FC2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70DA043C-91DD-4472-BE9A-C30FEA800FC2}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E27DABA-908C-4B2D-9E56-DF1B8699E9B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E27DABA-908C-4B2D-9E56-DF1B8699E9B1}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B52EEB23-C0E9-4B22-984B-4D7E0A179B93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B52EEB23-C0E9-4B22-984B-4D7E0A179B93}" => Key deleted successfully.
C:\Windows\System32\Tasks\RKEQEI => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RKEQEI" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C278891F-FF20-4394-B44C-85936BD2B101}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C278891F-FF20-4394-B44C-85936BD2B101}" => Key deleted successfully.
C:\Windows\System32\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEE2FBF6-5DD2-49B5-9881-689795221997}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE2FBF6-5DD2-49B5-9881-689795221997}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D71B7654-2D99-4596-83C6-90D790E38766}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D71B7654-2D99-4596-83C6-90D790E38766}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0C13D99-57A8-440B-BAEB-2EF15AFC0C17}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0C13D99-57A8-440B-BAEB-2EF15AFC0C17}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E84934A3-8A46-4511-95CB-14D8C8993372}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E84934A3-8A46-4511-95CB-14D8C8993372}" => Key deleted successfully.
C:\Windows\System32\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2339d767-6cd2-46bc-ba2d-cc5586b99077-11" => Key deleted successfully.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-6.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-1-7.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-10_user.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-11.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-3.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-4.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-5_user.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-6.job not found.
C:\Windows\Tasks\2339d767-6cd2-46bc-ba2d-cc5586b99077-7.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-6.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-1-7.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-10_user.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-3.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-4.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-5_user.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-6.job not found.
C:\Windows\Tasks\488de0d3-2e28-42cb-9c42-91cab6af9d3a-7.job not found.
C:\Windows\Tasks\RKEQEI.job not found.
"C:\Program Files\WajaWebEnhancer" => File/Directory not found.
"C:\Program Files\Air Globe" => File/Directory not found.
"C:\Program Files\globalUpdate" => File/Directory not found.
"C:\ProgramData\WindowsMangerProtect" => File/Directory not found.
"C:\Windows\System32\drivers\{21d3b30d-5feb-4224-9a1d-01f7d9334705}Gw.sys" => File/Directory not found.
"C:\Program Files\CinemaP-1.8cV05.04" => File/Directory not found.
"C:\Program Files\SavePass 1.1" => File/Directory not found.
"C:\Users\admin\AppData\Roaming\RKEQEI.exe" => File/Directory not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 00:57:05 ====

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once AdwCleaner has completed could you let me know how the computer is behaving
  • 0

#5
NK sharma

NK sharma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thanks, it seems problem may be resolved now because no pop windows after opening chrome and 'luckysearches.com' also removed from browser. attaching Adwcleaner log file as per your instruction. Thanks once again for your support. If anything more has to do after reading Adwcleaner logfile, please let me know.

# AdwCleaner v4.201 - Logfile created 12/04/2015 at 01:20:14
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\admin\AppData\Roaming\luckysearches
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\akaelkiagnbfcccfnmbimdbplecgbikh
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
File Deleted : C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\akaelkiagnbfcccfnmbimdbplecgbikh
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\7668b16d-973e-48c3-aa41-c6629bc6d259
Key Deleted : HKLM\SOFTWARE\7c25d144-8f13-4973-a311-c2e75cdf14f7
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\SavePass 1.1
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\SavePass1.1
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\SavePass 1.1
Key Deleted : HKLM\SOFTWARE\Wajam Web Enhancer
Key Deleted : HKLM\SOFTWARE\luckysearchesSoftware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Web Enhancer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckysearches uninstall
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[fn9itv95.default\prefs.js] - Line Deleted : user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[fn9itv95.default\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[fn9itv95.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14c8c32dc816df88ac14d1c7c609a6ca");
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : akaelkiagnbfcccfnmbimdbplecgbikh
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : papbadoldddalgcjcicnikcfenodpghp
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
-\\ Opera v28.0.1750.51
 
[C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Preferences] - Deleted [Extension] : akaelkiagnbfcccfnmbimdbplecgbikh
 
*************************
 
AdwCleaner[R0].txt - [29103 bytes] - [12/04/2015 01:15:44]
AdwCleaner[R1].txt - [29163 bytes] - [12/04/2015 01:18:28]
AdwCleaner[S0].txt - [10038 bytes] - [12/04/2015 01:20:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10098  bytes] ##########

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good now

If I could have one final FRST scan to ensure that nothing was missed
  • 0

#7
NK sharma

NK sharma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Attaching FRST scans. Is every thing OK?

 

# AdwCleaner v4.201 - Logfile created 12/04/2015 at 01:20:14
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\admin\AppData\Roaming\luckysearches
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\akaelkiagnbfcccfnmbimdbplecgbikh
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
File Deleted : C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\akaelkiagnbfcccfnmbimdbplecgbikh
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\7668b16d-973e-48c3-aa41-c6629bc6d259
Key Deleted : HKLM\SOFTWARE\7c25d144-8f13-4973-a311-c2e75cdf14f7
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\SavePass 1.1
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\SavePass1.1
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\SavePass 1.1
Key Deleted : HKLM\SOFTWARE\Wajam Web Enhancer
Key Deleted : HKLM\SOFTWARE\luckysearchesSoftware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Web Enhancer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckysearches uninstall
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[fn9itv95.default\prefs.js] - Line Deleted : user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[fn9itv95.default\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[fn9itv95.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14c8c32dc816df88ac14d1c7c609a6ca");
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : akaelkiagnbfcccfnmbimdbplecgbikh
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : papbadoldddalgcjcicnikcfenodpghp
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
-\\ Opera v28.0.1750.51
 
[C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Preferences] - Deleted [Extension] : akaelkiagnbfcccfnmbimdbplecgbikh
 
*************************
 
AdwCleaner[R0].txt - [29103 bytes] - [12/04/2015 01:15:44]
AdwCleaner[R1].txt - [29163 bytes] - [12/04/2015 01:18:28]
AdwCleaner[S0].txt - [10038 bytes] - [12/04/2015 01:20:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10098  bytes] ##########
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2015
Ran by admin at 2015-04-12 01:55:34
Running from C:\Users\admin\Desktop\GEEKS TO GO
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Quick Heal Internet Security (Enabled - Up to date) {60EE5BF4-3309-ABA7-3A00-C88B68B340E6}
AS: Quick Heal Internet Security (Enabled - Up to date) {DB8FBA10-1533-A429-00B0-F3F913340A5B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {58D5DAD1-7966-AAFF-115F-61BE9660079D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Air Globe (HKLM\...\Air Globe) (Version: 2015.04.05.082237 - Air Globe) <==== ATTENTION
AutoCAD 2008 - English (HKLM\...\AutoCAD 2008 - English) (Version: 17.1.51.0 - Autodesk)
AutoCAD 2008 - English (Version: 17.1.51.0 - Autodesk) Hidden
AutoCAD Drawing Viewer version 4 (HKLM\...\{A7F0117D-6BEB-4834-B1E0-6BF08AA0F8E3}_is1) (Version: 4 - SkySof Software Inc.)
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
CinemaP-1.8cV05.04 (HKLM\...\CinemaP-1.8cV05.04) (Version: 1.36.01.22 - Cinema PlusV05.04) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
Nero 8 (HKLM\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.295 - Nero AG)
Opera Stable 28.0.1750.51 (HKLM\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Quick Heal Internet Security (HKLM\...\Quick Heal Internet Security) (Version: 16.00 - Quick Heal Technologies Pvt. Ltd.)
Quick Heal Internet Security (Version: 16.00 - Quick Heal) Hidden
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-815915496-1986768213-1316658355-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2008\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points  =========================
 
04-04-2015 15:03:20 Scheduled Checkpoint
05-04-2015 17:04:19 Quick Heal AntiMalware Restore Point
06-04-2015 23:28:54 Quick Heal AntiMalware Restore Point
12-04-2015 00:56:08 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2015-04-11 19:49 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14008CAA-E69C-4FF2-B156-A488AA436D74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {78941FA2-8B16-44EC-8BA4-8CDFE222FF98} - System32\Tasks\Opera scheduled Autoupdate 1428228422 => C:\Program Files\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {DBC858F9-5EBE-4EC1-A656-09F9C5CBA288} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Internet Security\ACAPPAA.EXE [2014-06-06] (Quick Heal Technologies (P) Ltd.)
Task: {F5BDDE0C-FA4A-411E-957B-032CC7179AD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {F7CB630E-0F9E-4761-B3EB-5E804D78B235} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Internet Security\ASMAIN.EXE [2014-09-13] (Quick Heal Technologies (P) Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Internet Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Internet Security\ACAPPAA.EXE
 
==================== Loaded Modules (whitelisted) ==============
 
2014-07-26 12:40 - 2014-07-26 12:40 - 00025208 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\bdsres.dll
2014-09-09 14:30 - 2014-09-09 14:30 - 00065624 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANAPI.DLL
2014-11-04 20:42 - 2015-04-11 19:48 - 00548952 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\scansdk.dll
2014-12-17 22:38 - 2015-04-11 19:48 - 00344154 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\platform.dll
2014-11-10 13:57 - 2015-04-11 19:48 - 00041059 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\filesdk.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\DRVCOMM.DLL
2014-10-20 12:19 - 2015-04-11 19:48 - 00036954 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\mbfswrap.dll
2014-06-25 19:09 - 2015-04-11 19:48 - 00221270 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\disasm.dll
2014-09-09 14:30 - 2014-09-09 14:30 - 00065624 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\scanapi.dll
2014-12-26 19:03 - 2015-04-11 19:48 - 00241746 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\scan.dll
2012-03-02 14:02 - 2012-03-02 14:02 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\VIRLIST.DLL
2014-12-31 21:05 - 2015-04-11 19:48 - 00180306 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\boot.dll
2014-12-18 23:23 - 2015-04-11 19:48 - 00303194 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\mltiscan.dll
2014-11-26 22:25 - 2015-04-11 19:48 - 00614488 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\pescan.dll
2014-12-29 22:19 - 2015-04-11 19:48 - 03444822 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\pepoly.dll
2014-12-23 16:27 - 2015-04-11 19:48 - 00295000 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\arcvsdk.dll
2015-01-01 22:27 - 2015-04-11 19:48 - 00913494 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\lzesdk.dll
2014-12-31 21:05 - 2015-04-11 19:48 - 06422616 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\heurscan.dll
2014-09-02 19:11 - 2015-04-11 19:48 - 00225370 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\bkdrscan.dll
2014-12-30 16:27 - 2015-04-11 19:48 - 00270424 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\dospoly.dll
2014-12-29 22:19 - 2015-04-11 19:48 - 00307288 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\vbsscan.dll
2015-01-01 22:27 - 2015-04-11 19:48 - 01867866 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\miscscan.dll
2014-12-24 23:20 - 2015-04-11 19:48 - 00106588 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\olesdk.dll
2012-03-02 14:01 - 2012-03-02 14:01 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\ARJSDK.DLL
2012-03-02 14:02 - 2012-03-02 14:02 - 00028672 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\UNARJ32.DLL
2014-07-29 13:50 - 2015-04-11 19:48 - 00114688 _____ () C:\Program Files\Quick Heal\Quick Heal Internet Security\rarsdk.dll
2015-03-26 16:07 - 2005-10-07 15:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-01 23:05 - 2015-03-31 02:37 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-01 23:05 - 2015-03-31 02:37 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-815915496-1986768213-1316658355-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 218.248.255.195 - 218.248.255.196
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-815915496-1986768213-1316658355-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-815915496-1986768213-1316658355-500 - Administrator - Disabled)
Guest (S-1-5-21-815915496-1986768213-1316658355-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/12/2015 01:21:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2015 00:58:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2015 00:56:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a6ae16ab-8ba2-45e7-b565-26fef9290802}
 
Error: (04/11/2015 10:54:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 08:25:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 07:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 02:42:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 08:56:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2015 07:55:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2015 09:05:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/12/2015 01:20:48 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/12/2015 01:20:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/12/2015 01:20:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/12/2015 01:20:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NMIndexingService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/12/2015 01:20:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero BackItUp Scheduler 3 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/12/2015 01:20:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/11/2015 10:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 10:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Air Globe service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 10:54:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindowsMangerProtect Service service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 08:25:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Air Globe service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 48%
Total physical RAM: 2013.24 MB
Available physical RAM: 1040.59 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 2768.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:78.54 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:36.08 GB) NTFS
Drive e: (SHUBHAM) (Fixed) (Total:102.78 GB) (Free:21.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9F2A5100)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go to control panel > programmes and features
Uninstall the following CinemaP-1.8cV05.04
Windows will say it cannot find it and offer to remove, allow that

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP