Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
- Ran by Ward (2016-02-08 21:12:10) Run:1
- Running from C:\Users\Ward\Desktop
- Loaded Profiles: Ward (Available Profiles: Ward)
- Boot Mode: Normal
- ==============================================
- fixlist content:
- *****************
- Start
- CreateRestorePoint:
- CloseProcesses:
- HKLM-x32\...\Run: [] => [X]
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\...\Run: [UM] => C:\Users\Ward\AppData\Roaming\Update Manager\UM.EXE
- C:\Users\Ward\AppData\Roaming\Update Manager\UM.EXE
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
- C:\Program Files (x86)\NowUSeeItPlayer
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\...\Run: [GoogleChromeAutoLaunch_F68F7FC49005F4B11802D204FDBCFA1D] => "C:\Users\Ward\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\...\MountPoints2: {02c41e85-80e8-11e1-8b45-dc0ea12529c7} - E:\TL-Bootstrap.exe
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\...\MountPoints2: {d1d02d5c-f6ff-11e1-9085-dc0ea12529c7} - E:\TL-Bootstrap.exe
- SearchScopes: HKLM -> DefaultScope value is missing
- SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
- SearchScopes: HKLM-x32 -> DefaultScope value is missing
- BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
- FF DefaultSearchEngine: Search Provided by Yahoo
- FF SelectedSearchEngine: Search Provided by Yahoo
- FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bimmed_15_49¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtByDtBzy0CyBzytAyEyBtN0D0Tzu0StCyEtAyEtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzytAzy0DyCtC0FtGyEtC0E0FtGyEzyzz0CtGyByCtD0AtG0F0DtDtCyByE0CtDtA0BtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0ByBtDtAyDyDtGyByC0BzytGyEyD0DyCtG0Azzzz0CtGyE0EtBtDtByE0D0E0B0EyEyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D936629119%26a%3Dwbf_bimmed_15_49%26os%3DWindows%2B7%2BHome%2BPremium
- FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=667671&p=
- FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
- FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
- FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-07] (Pando Networks)
- C:\Program Files (x86)\Pando Networks
- FF Plugin HKU\S-1-5-21-3574914645-719415806-2970912433-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Ward\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
- C:\Users\Ward\AppData\Roaming\CATALI~1
- FF Plugin HKU\S-1-5-21-3574914645-719415806-2970912433-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-07-07] (Pando Networks)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
- CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bimmed_15_49¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtByDtBzy0CyBzytAyEyBtN0D0Tzu0StCyEtAyEtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzytAzy0DyCtC0FtGyEtC0E0FtGyEzyzz0CtGyByCtD0AtG0F0DtDtCyByE0CtDtA0BtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0ByBtDtAyDyDtGyByC0BzytGyEyD0DyCtG0Azzzz0CtGyE0EtBtDtByE0D0E0B0EyEyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D936629119%26a%3Dwbf_bimmed_15_49%26os%3DWindows%2B7%2BHome%2BPremium
- CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bimmed_15_49¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtByDtBzy0CyBzytAyEyBtN0D0Tzu0StCyEtAyEtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzytAzy0DyCtC0FtGyEtC0E0FtGyEzyzz0CtGyByCtD0AtG0F0DtDtCyByE0CtDtA0BtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0ByBtDtAyDyDtGyByC0BzytGyEyD0DyCtG0Azzzz0CtGyE0EtBtDtByE0D0E0B0EyEyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D936629119%26a%3Dwbf_bimmed_15_49%26os%3DWindows%2B7%2BHome%2BPremium"
- CHR DefaultSearchURL: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bimmed_15_49¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtByDtBzy0CyBzytAyEyBtN0D0Tzu0StCyEtAyEtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBzytAzy0DyCtC0FtGyEtC0E0FtGyEzyzz0CtGyByCtD0AtG0F0DtDtCyByE0CtDtA0BtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0B0ByBtDtAyDyDtGyByC0BzytGyEyD0DyCtG0Azzzz0CtGyE0EtBtDtByE0D0E0B0EyEyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D936629119%26a%3Dwbf_bimmed_15_49%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
- CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
- CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
- CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll => No File
- CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
- CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
- CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
- CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
- CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
- CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
- CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
- CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
- CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
- CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
- CHR Extension: (Google Search) - C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
- S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
- C:\Windows\TEMP\cpuz135
- C:\Users\Ward\AppData\Local\Temp\jre-8u71-windows-au.exe
- Task: {0CC0A9A7-E218-4615-B88B-9546C7E1BCD0} - System32\Tasks\ProfessionalPCCleaner_Start => C:\Program Files (x86)\Professional PC Cleaner\ProfessionalPCCleaner.exe
- Task: {225CACF0-1CDA-4CA0-A938-0124C29D714E} - System32\Tasks\ProfessionalPCCleaner_Popup => C:\Program Files (x86)\Professional PC Cleaner\Splash.exe
- C:\Program Files (x86)\Professional PC Cleaner
- Task: {2F2528F8-07AB-44D3-B6F4-94372D5CE7B3} - System32\Tasks\{36CFBC02-CEF8-41A9-A556-5A46DCE9360F} => pcalua.exe -a C:\Users\Ward\AppData\Local\Temp\jre-8u71-windows-au.exe -d "C:\Program Files (x86)\Java\jre1.8.0_66\bin" -c /installmethod=jau-m FAMILYUPGRADE=1
- cmd: ipconfig /flushdns
- cmd: netsh advfirewall reset
- cmd: netsh advfirewall set allprofiles state on
- Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
- Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
- CMD: bitsadmin /reset /allusers
- RemoveProxy:
- EmptyTemp:
- Reboot:
- end
- *****************
- Restore point was successfully created.
- Processes closed successfully.
- HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UM => value removed successfully
- "C:\Users\Ward\AppData\Roaming\Update Manager\UM.EXE" => not found.
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NowUSeeIt Player => value removed successfully
- "C:\Program Files (x86)\NowUSeeItPlayer" => not found.
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F68F7FC49005F4B11802D204FDBCFA1D => value removed successfully
- "HKU\S-1-5-21-3574914645-719415806-2970912433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02c41e85-80e8-11e1-8b45-dc0ea12529c7}" => key removed successfully
- HKCR\CLSID\{02c41e85-80e8-11e1-8b45-dc0ea12529c7} => key not found.
- "HKU\S-1-5-21-3574914645-719415806-2970912433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1d02d5c-f6ff-11e1-9085-dc0ea12529c7}" => key removed successfully
- HKCR\CLSID\{d1d02d5c-f6ff-11e1-9085-dc0ea12529c7} => key not found.
- HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
- "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
- HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
- "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
- "HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
- Firefox DefaultSearchEngine removed successfully
- Firefox SelectedSearchEngine removed successfully
- Firefox "homepage" removed successfully
- Firefox "Keyword.URL" removed successfully
- "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
- "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
- "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => moved successfully
- C:\Program Files (x86)\Pando Networks => moved successfully
- "HKU\S-1-5-21-3574914645-719415806-2970912433-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => key removed successfully
- C:\Users\Ward\AppData\Roaming\CATALI~1\NPBCSK~1.DLL => not found.
- "C:\Users\Ward\AppData\Roaming\CATALI~1" => not found.
- "HKU\S-1-5-21-3574914645-719415806-2970912433-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => key removed successfully
- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll => moved successfully
- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll => moved successfully
- "C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll" => not found.
- "C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll" => not found.
- Chrome HomePage => removed successfully
- Chrome StartupUrls => removed successfully
- Chrome DefaultSearchURL => removed successfully
- Chrome DefaultSearchKeyword => removed successfully
- Chrome DefaultSuggestURL => removed successfully
- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll => not found.
- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => not found.
- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => not found.
- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => not found.
- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => not found.
- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => not found.
- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => not found.
- C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
- C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
- c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
- C:\Users\Ward\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
- cpuz135 => service removed successfully
- "C:\Windows\TEMP\cpuz135" => not found.
- "C:\Users\Ward\AppData\Local\Temp\jre-8u71-windows-au.exe" => not found.
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CC0A9A7-E218-4615-B88B-9546C7E1BCD0}" => key removed successfully
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC0A9A7-E218-4615-B88B-9546C7E1BCD0}" => key removed successfully
- C:\Windows\System32\Tasks\ProfessionalPCCleaner_Start => moved successfully
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Start" => key removed successfully
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{225CACF0-1CDA-4CA0-A938-0124C29D714E}" => key removed successfully
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{225CACF0-1CDA-4CA0-A938-0124C29D714E}" => key removed successfully
- C:\Windows\System32\Tasks\ProfessionalPCCleaner_Popup => moved successfully
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Popup" => key removed successfully
- "C:\Program Files (x86)\Professional PC Cleaner" => not found.
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F2528F8-07AB-44D3-B6F4-94372D5CE7B3}" => key removed successfully
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2528F8-07AB-44D3-B6F4-94372D5CE7B3}" => key removed successfully
- C:\Windows\System32\Tasks\{36CFBC02-CEF8-41A9-A556-5A46DCE9360F} => moved successfully
- "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36CFBC02-CEF8-41A9-A556-5A46DCE9360F}" => key removed successfully
- ========= ipconfig /flushdns =========
- Windows IP Configuration
- Successfully flushed the DNS Resolver Cache.
- ========= End of CMD: =========
- ========= netsh advfirewall reset =========
- Ok.
- ========= End of CMD: =========
- ========= netsh advfirewall set allprofiles state on =========
- Ok.
- ========= End of CMD: =========
- ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
- The operation completed successfully.
- ========= End of Reg: =========
- ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
- The operation completed successfully.
- ========= End of Reg: =========
- ========= bitsadmin /reset /allusers =========
- BITSADMIN version 3.0 [ 7.5.7601 ]
- BITS administration utility.
- (C) Copyright 2000-2006 Microsoft Corp.
- BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
- Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
- 0 out of 0 jobs canceled.
- ========= End of CMD: =========
- ========= RemoveProxy: =========
- HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
- HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
- HKU\S-1-5-21-3574914645-719415806-2970912433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
- ========= End of RemoveProxy: =========
- EmptyTemp: => 2.2 GB temporary data Removed.
- The system needed a reboot.
- ==== End of Fixlog 21:18:47 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement