API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 12th, 2016
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.51 KB | None | 0 0
raw download clone embed print report
  1. Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
  2. Ran by user (2016-02-12 23:50:35) Run:1
  3. Running from C:\Users\user\Downloads
  4. Loaded Profiles: user (Available Profiles: user & BvSsh_VirtualUsers & Gurtna011)
  5. Boot Mode: Normal
  6. ==============================================
  7.  
  8. fixlist content:
  9. *****************
  10. start
  11. CreateRestorePoint:
  12. CloseProcesses:
  13.  
  14. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [302a3f59a0bda767f51d068b3f4568a5] => C:\Users\user\AppData\Local\Temp\svchost.exe [135168 2016-01-26] (Evil Company) <===== ATTENTION
  15. C:\Users\user\AppData\Local\Temp\svchost.exe
  16. Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\302a3f59a0bda767f51d068b3f4568a5.exe [2016-01-25] (Evil Company)
  17.  
  18. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Policies\system: [LogonHoursAction] 2
  19. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
  20. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {256d7995-9e7c-11e5-815c-005056c00008} - F:\autorun.exe
  21. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {256d7998-9e7c-11e5-815c-005056c00008} - G:\MAXON-Start.exe
  22. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {400daf09-7f0e-11e5-809e-005056c00008} - E:\LG_PC_Programs.exe
  23. AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
  24. AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
  25.  
  26. GroupPolicy: Restriction - Chrome <======= ATTENTION
  27. GroupPolicyUsers\S-1-5-21-1292048591-1437342970-2306004842-1005\User: Restriction <======= ATTENTION
  28. CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
  29.  
  30. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  31. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  32. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  33. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  34. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  35. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  36. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  37. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  38. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  39. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  40. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  41. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  42. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  43. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
  44. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  45. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  46. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  47. SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
  48. SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  49. SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  50. SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  51. SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  52. SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  53. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  54. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=58&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&q={searchTerms}&SSPV=
  55. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  56. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151102__yaie&p={searchTerms}
  57. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  58. Toolbar: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
  59. StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  60.  
  61. FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116
  62. FF DefaultSearchEngine: yoursites123
  63. FF SelectedSearchEngine: Trovi
  64. FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
  65. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\findit.xml [2015-11-17]
  66. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\trovi.xml [2016-02-02]
  67. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\v9-.xml [2016-01-02]
  68. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\yoursites123.xml [2016-01-08]
  69. FF Extension: xRocket Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\arthurj8283@gmail.com [2015-12-21] [not signed]
  70. FF Extension: Default NewTab - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\default_newtabff@gmail.com [2015-12-10] [not signed]
  71. FF Extension: YahooToolsProtected - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\yahooprotected@gmail.com [2015-12-10] [not signed]
  72. FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\default_newtabff@gmail.com
  73. FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\yahooprotected@gmail.com
  74. FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\arthurj8283@gmail.com
  75.  
  76. CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
  77. CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV="
  78. CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=58&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&q={searchTerms}&SSPV=
  79. CHR DefaultSearchKeyword: Default -> trovi.search
  80. CHR DefaultNewTabURL: Default -> hxxps://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&SAT=CNTS&D=020116
  81. CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}&SSPV=
  82. CHR Extension: (Extutil) - C:\Users\user\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-02-02]
  83. CHR Extension: (Managera) - C:\Users\user\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-02-02]
  84.  
  85. OPR Extension: (Outrageous Deal) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\djmlpekfpipkpbipnanenhngngapmhal [2015-11-03]
  86. OPR Extension: (Monarch Find) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnnippojjelolbkfkaclaopllmbfoomp [2015-11-01]
  87.  
  88. R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
  89. R2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe [326656 2016-01-08] (TU-Funs LIMITED) [File not signed]
  90. C:\ProgramData\ZWdMZ
  91.  
  92. 2016-02-02 01:21 - 2016-02-02 01:21 - 00003456 _____ C:\Windows\System32\Tasks\bvxvbxxvaa
  93. 2016-02-02 01:20 - 2016-02-02 10:07 - 00000000 ____D C:\Users\user\AppData\Local\bvxvbxxvaa
  94. 2016-02-02 01:20 - 2016-02-02 01:21 - 00000000 ____D C:\Users\user\AppData\Local\SearchProtect
  95. 2016-02-02 01:20 - 2016-02-02 01:20 - 00000000 ____D C:\Program Files (x86)\SearchProtect
  96.  
  97. C:\Users\user\AppData\Local\Temp\bitool.dll
  98. C:\Users\user\AppData\Local\Temp\Crack Setup__11652_i1841842341_il6.exe
  99. C:\Users\user\AppData\Local\Temp\cres.dll
  100. C:\Users\user\AppData\Local\Temp\cshell.dll
  101. C:\Users\user\AppData\Local\Temp\ICReinstall_KeygenBitvise55HS3rv.exe
  102. C:\Users\user\AppData\Local\Temp\nGyN5z8T4Esc4ZoDj2nsN4DyL8i4biervHd.exe
  103. C:\Users\user\AppData\Local\Temp\OZlfHXt8eXLw3EDGtluUjjB3FzUldKyBQx1.exe
  104. C:\Users\user\AppData\Local\Temp\R2RTOOL.dll
  105. C:\Users\user\AppData\Local\Temp\sfamcc00001.dll
  106. C:\Users\user\AppData\Local\Temp\sfextra.dll
  107. C:\Users\user\AppData\Local\Temp\sp-downloader.exe
  108. C:\Users\user\AppData\Local\Temp\sres.dll
  109. C:\Users\user\AppData\Local\Temp\svchost.exe
  110.  
  111. Task: {21245C2D-784F-46EE-A9C0-785EE2D6B919} - System32\Tasks\u3ngamib => C:\Program Files\Common Files\s3bxrxon\fe6372brqoho3.exe <==== ATTENTION
  112. C:\Program Files\Common Files\s3bxrxon
  113. Task: {9C683581-1C5B-4FE2-ADD5-DF2557871DA0} - System32\Tasks\productdqw => C:\Windows\system32\config\systemprofile\AppData\Local\Volplus <==== ATTENTION
  114. Task: {F8BE0199-7333-4179-A772-C37B3F8DAC8D} - System32\Tasks\bvxvbxxvaa => C:\Users\user\AppData\Local\bvxvbxxvaa\bvxvbxxvaa.exe [2016-01-14] () <==== ATTENTION
  115. C:\Users\user\AppData\Local\bvxvbxxvaa
  116.  
  117. Task: {E79FFC5B-38B2-48E4-979A-15DC18538AD6} - System32\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5 => C:\Program Files (x86)\CinemaPlus-3.2cV25.10\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.exe [2015-10-31] (Cinema PlusV25.10) <==== ATTENTION
  118. Task: {EDA94171-95D1-4EDF-A9BA-B584701EC9F9} - System32\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5_user => C:\Program Files (x86)\SavePass 1.1\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.exe <==== ATTENTION
  119. Task: {8CBEF160-9C44-4F87-90CF-0B92F1F02162} - System32\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV25.10\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.exe [2015-10-31] (Cinema PlusV25.10) <==== ATTENTION
  120. C:\Program Files (x86)\CinemaPlus-3.2cV25.10
  121. Task: {9C683581-1C5B-4FE2-ADD5-DF2557871DA0} - System32\Tasks\productdqw => C:\Windows\system32\config\systemprofile\AppData\Local\Volplus <==== ATTENTION
  122. Task: {3995C6CD-CCED-4B48-B19E-10ED921B0170} - System32\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5 => C:\Program Files (x86)\SavePass 1.1\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.exe <==== ATTENTION
  123. C:\Program Files (x86)\SavePass 1.1
  124. Task: C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.job => C:\Program Files (x86)\SavePass 1.1\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.exe <==== ATTENTION
  125. Task: C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5_user.job => C:\Program Files (x86)\SavePass 1.1\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.exe <==== ATTENTION
  126. Task: C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV25.10\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.exe <==== ATTENTION
  127. Task: C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV25.10\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.exe <==== ATTENTION
  128.  
  129. ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  130. ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  131. ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  132. ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  133. ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  134. ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  135. ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  136. ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  137. ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  138.  
  139. AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfpfh
  140. AlternateDataStreams: C:\Users\user\Cookies:yRhqZuwxxcIjxCPPqx1pr2YVv
  141. AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:0ZX3q4jcXEBCwVhDLgj8QN
  142.  
  143. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Classes\.exe: exefile => <===== ATTENTION
  144. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Classes\exefile: <===== ATTENTION
  145.  
  146. Hosts:
  147. EmptyTemp:
  148. end
  149. *****************
  150.  
  151. Restore point was successfully created.
  152. Processes closed successfully.
  153. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Windows\CurrentVersion\Run\\302a3f59a0bda767f51d068b3f4568a5 => value removed successfully
  154. C:\Users\user\AppData\Local\Temp\svchost.exe => moved successfully
  155. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\302a3f59a0bda767f51d068b3f4568a5.exe => moved successfully
  156. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value removed successfully
  157. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value removed successfully
  158. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{256d7995-9e7c-11e5-815c-005056c00008}" => key removed successfully
  159. HKCR\CLSID\{256d7995-9e7c-11e5-815c-005056c00008} => key not found.
  160. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{256d7998-9e7c-11e5-815c-005056c00008}" => key removed successfully
  161. HKCR\CLSID\{256d7998-9e7c-11e5-815c-005056c00008} => key not found.
  162. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{400daf09-7f0e-11e5-809e-005056c00008}" => key removed successfully
  163. HKCR\CLSID\{400daf09-7f0e-11e5-809e-005056c00008} => key not found.
  164. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data not found.
  165. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data not found.
  166. C:\Windows\system32\GroupPolicy\Machine => moved successfully
  167. C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
  168. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1292048591-1437342970-2306004842-1005\User => moved successfully
  169. "HKLM\SOFTWARE\Policies\Google" => key removed successfully
  170. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
  171. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
  172. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
  173. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
  174. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
  175. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
  176. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
  177. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
  178. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
  179. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
  180. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
  181. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully
  182. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
  183. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
  184. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
  185. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
  186. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
  187. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
  188. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
  189. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
  190. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
  191. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
  192. HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
  193. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
  194. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
  195. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
  196. HKCR\Wow6432Node\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
  197. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
  198. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
  199. HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
  200. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
  201. HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
  202. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => key removed successfully
  203. HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
  204. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
  205. HKCR\CLSID\{ielnksrch} => key not found.
  206. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value removed successfully
  207. "HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389}" => key removed successfully
  208. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
  209. Firefox "newtab" removed successfully
  210. Firefox DefaultSearchEngine removed successfully
  211. Firefox SelectedSearchEngine removed successfully
  212. Firefox "homepage" removed successfully
  213. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\findit.xml => moved successfully
  214. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\trovi.xml => moved successfully
  215. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\v9-.xml => moved successfully
  216. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\yoursites123.xml => moved successfully
  217. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\arthurj8283@gmail.com => moved successfully
  218. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\default_newtabff@gmail.com => moved successfully
  219. C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\yahooprotected@gmail.com => moved successfully
  220. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\default_newtabff@gmail.com => value removed successfully
  221. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\yahooprotected@gmail.com => value removed successfully
  222. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\arthurj8283@gmail.com => value removed successfully
  223. Chrome HomePage => removed successfully
  224. Chrome StartupUrls => removed successfully
  225. Chrome DefaultSearchURL => removed successfully
  226. Chrome DefaultSearchKeyword => removed successfully
  227. Chrome DefaultNewTabURL => removed successfully
  228. Chrome DefaultSuggestURL => removed successfully
  229. C:\Users\user\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B => moved successfully
  230. C:\Users\user\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 => moved successfully
  231. C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\djmlpekfpipkpbipnanenhngngapmhal => moved successfully
  232. C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnnippojjelolbkfkaclaopllmbfoomp => moved successfully
  233. CltMngSvc => service not found.
  234. WdMan => service removed successfully
  235. C:\ProgramData\ZWdMZ => moved successfully
  236. "C:\Windows\System32\Tasks\bvxvbxxvaa" => not found.
  237. "C:\Users\user\AppData\Local\bvxvbxxvaa" => not found.
  238. "C:\Users\user\AppData\Local\SearchProtect" => not found.
  239. "C:\Program Files (x86)\SearchProtect" => not found.
  240. C:\Users\user\AppData\Local\Temp\bitool.dll => moved successfully
  241. C:\Users\user\AppData\Local\Temp\Crack Setup__11652_i1841842341_il6.exe => moved successfully
  242. C:\Users\user\AppData\Local\Temp\cres.dll => moved successfully
  243. C:\Users\user\AppData\Local\Temp\cshell.dll => moved successfully
  244. C:\Users\user\AppData\Local\Temp\ICReinstall_KeygenBitvise55HS3rv.exe => moved successfully
  245. C:\Users\user\AppData\Local\Temp\nGyN5z8T4Esc4ZoDj2nsN4DyL8i4biervHd.exe => moved successfully
  246. C:\Users\user\AppData\Local\Temp\OZlfHXt8eXLw3EDGtluUjjB3FzUldKyBQx1.exe => moved successfully
  247. C:\Users\user\AppData\Local\Temp\R2RTOOL.dll => moved successfully
  248. C:\Users\user\AppData\Local\Temp\sfamcc00001.dll => moved successfully
  249. C:\Users\user\AppData\Local\Temp\sfextra.dll => moved successfully
  250. C:\Users\user\AppData\Local\Temp\sp-downloader.exe => moved successfully
  251. C:\Users\user\AppData\Local\Temp\sres.dll => moved successfully
  252. "C:\Users\user\AppData\Local\Temp\svchost.exe" => not found.
  253. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21245C2D-784F-46EE-A9C0-785EE2D6B919}" => key removed successfully
  254. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21245C2D-784F-46EE-A9C0-785EE2D6B919}" => key removed successfully
  255. C:\Windows\System32\Tasks\u3ngamib => moved successfully
  256. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\u3ngamib" => key removed successfully
  257. C:\Program Files\Common Files\s3bxrxon => moved successfully
  258. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C683581-1C5B-4FE2-ADD5-DF2557871DA0}" => key removed successfully
  259. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C683581-1C5B-4FE2-ADD5-DF2557871DA0}" => key removed successfully
  260. C:\Windows\System32\Tasks\productdqw => moved successfully
  261. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\productdqw" => key removed successfully
  262. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8BE0199-7333-4179-A772-C37B3F8DAC8D} => key not found.
  263. C:\Windows\System32\Tasks\bvxvbxxvaa => not found.
  264. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxxvaa => key not found.
  265. "C:\Users\user\AppData\Local\bvxvbxxvaa" => not found.
  266. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E79FFC5B-38B2-48E4-979A-15DC18538AD6}" => key removed successfully
  267. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E79FFC5B-38B2-48E4-979A-15DC18538AD6}" => key removed successfully
  268. C:\Windows\System32\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5 => moved successfully
  269. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5" => key removed successfully
  270. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDA94171-95D1-4EDF-A9BA-B584701EC9F9}" => key removed successfully
  271. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA94171-95D1-4EDF-A9BA-B584701EC9F9}" => key removed successfully
  272. C:\Windows\System32\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5_user => moved successfully
  273. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5_user" => key removed successfully
  274. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CBEF160-9C44-4F87-90CF-0B92F1F02162}" => key removed successfully
  275. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CBEF160-9C44-4F87-90CF-0B92F1F02162}" => key removed successfully
  276. C:\Windows\System32\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5_user => moved successfully
  277. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5_user" => key removed successfully
  278. C:\Program Files (x86)\CinemaPlus-3.2cV25.10 => moved successfully
  279. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C683581-1C5B-4FE2-ADD5-DF2557871DA0} => key not found.
  280. C:\Windows\System32\Tasks\productdqw => not found.
  281. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\productdqw => key not found.
  282. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3995C6CD-CCED-4B48-B19E-10ED921B0170}" => key removed successfully
  283. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3995C6CD-CCED-4B48-B19E-10ED921B0170}" => key removed successfully
  284. C:\Windows\System32\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5 => moved successfully
  285. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5" => key removed successfully
  286. "C:\Program Files (x86)\SavePass 1.1" => not found.
  287. C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.job => moved successfully
  288. C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5_user.job => moved successfully
  289. C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.job => moved successfully
  290. C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5_user.job => moved successfully
  291. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Shortcut argument removed successfully.
  292. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
  293. C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
  294. C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
  295. C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
  296. C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully.
  297. C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk => Shortcut argument removed successfully.
  298. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
  299. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
  300. C:\ProgramData\Reprise => ":jhqduwvxlctbqqijsf`usjbm`bfpfh" ADS removed successfully.
  301. "C:\Users\user\Cookies" => ":yRhqZuwxxcIjxCPPqx1pr2YVv" ADS not found.
  302. "C:\Users\user\AppData\Local\Temporary Internet Files" => ":0ZX3q4jcXEBCwVhDLgj8QN" ADS not found.
  303. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Classes\exefile" => key removed successfully
  304. "HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Classes\.exe" => key removed successfully
  305. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Classes\exefile => key not found.
  306. C:\Windows\System32\Drivers\etc\hosts => moved successfully
  307. Hosts restored successfully.
  308. EmptyTemp: => 51.6 GB temporary data Removed.
  309.  
  310.  
  311. The system needed a reboot.
  312.  
  313. ==== End of Fixlog 00:01:06 ====
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!