Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ge-Force and Crossbrowse malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 kirontanvir11

kirontanvir11

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 20 May 2015 - 10:32 PM

There's malware and adware from a mistaken download and now I can't seem to get rid of it. Ge-Force Plus v3 is making my life difficult. Attached here I have the FRST log and Addition txt

 

I definitely want these programs removed L3Vmn3m.png

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015

Ran by Tanvir (administrator) on TANVIR-PC on 20-05-2015 23:16:50
Running from C:\Users\Tanvir\Downloads
Loaded Profiles: Tanvir & UpdatusUser (Available profiles: Tanvir & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Systweak Inc., (www.systweak.com)) C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe
() C:\Users\Tanvir\AppData\Local\3FAB6580-1432155654-1014-BBB0-C6C9936C50C1\cnsq7F62.tmp
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(PastaLeads) C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe
() C:\ProgramData\Fobuisaksiii\1.0.1.0\jludsuet.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Cinema PlusV20.05) C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-6.exe
(Cinema PlusV20.05) C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Disc Soft Ltd) T:\DAEMON Tools Pro\DTShellHlp.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Webar) C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-6.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Webar) C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-1-6.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-03-13] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windesk Winsearch] => C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-01-26] (Razer Inc.)
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwi3m2j2nhnkbdv.exe [2390016 2015-05-20] ()
HKLM-x32\...\Run: [CrashMon] => C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe [440320 2015-05-20] ()
HKLM-x32\...\Run: [WinCheck] => C:\Users\Tanvir\AppData\Local\3FAB6580-1432155638-1014-BBB0-C6C9936C50C1\bnsv3D14.exe [273408 2015-05-20] ()
HKLM-x32\...\Run: [gmsd_us_598] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1866\jsdrv.exe [3225088 2015-05-20] ()
HKLM-x32\...\RunOnce: [MaxComputerCleaner_v17.507] => C:\Program Files (x86)\MaxComputerCleaner_v17.507\MaxComputerCleaner_Maintenance.exe [30920 2015-05-20] ()
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tanvir\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [DAEMON Tools Pro Agent] => T:\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [Spotify Web Helper] => C:\Users\Tanvir\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-19] (Spotify Ltd)
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [PCKeeper2] => :"C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [GoogleChromeAutoLaunch_2ED681A6216D26C143E38BFCEF7D767B] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1866\jsdrv.exe [3225088 2015-05-20] ()
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-4248042720-1123214413-3646476727-1005\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.exe /r "C:\Program Files (x86)\The Print Shop 3.0 Professional\RegApp\encore_reg.rpd"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] 
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.disabled [2015-05-20] ()
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.disabled [2015-05-20] ()
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.disabled [2015-05-20] ()
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled [2014-12-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-21-4248042720-1123214413-3646476727-1005] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-4248042720-1123214413-3646476727-1005] => http=127.0.0.1:8118;https=127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
SearchScopes: HKLM -> {39CCBFDB-64BE-4C57-A910-301C208F3715} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM -> {D7DD363E-248E-4FBE-9F60-6FCEB5CF6D26} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {39CCBFDB-64BE-4C57-A910-301C208F3715} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 -> {D7DD363E-248E-4FBE-9F60-6FCEB5CF6D26} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\.DEFAULT -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = http://www.basicserve.com/?prt=BASICSERVE113&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=3212_4&babsrc=SP_ss&mntrId=a091f2e900000000000000226805ef56
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {39CCBFDB-64BE-4C57-A910-301C208F3715} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1056&systemid=406&v=r11551-268&apn_uid=4075580215434705&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {D7DD363E-248E-4FBE-9F60-6FCEB5CF6D26} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-05-20] (Goobzo Ltd.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-13] (Oracle Corporation)
BHO: gereatsaver -> {FEFCB80C-7E6B-632C-638C-EACCED3A2137} ->  No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: No Name -> {0931BD3F-547E-45C1-B133-D0E995645DBA} ->  No File
BHO-x32: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} ->  No File
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-05-20] (Goobzo Ltd.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: gereatsaver -> {FEFCB80C-7E6B-632C-638C-EACCED3A2137} ->  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{80B834C8-1717-42F6-8BD5-7AA11F0D6C3F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8F7E2CAF-27E8-46BB-8619-9C5219506E98}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{A2F2F247-F6E2-47E2-AEC4-09F083F84073}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D88536FD-30BB-4C28-B54D-EDDF8598703F}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.v9.com/?type=sc&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
 
FireFox:
========
FF ProfilePath: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default
FF NewTab: about:newtab
FF DefaultSearchEngine,S: 
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: 
FF SearchEngineOrder.1,S: 
FF SelectedSearchEngine,S: 
FF Homepage: hxxp://websearch.calcitapp.info/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-05-20] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-05-20] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4248042720-1123214413-3646476727-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tanvir\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4248042720-1123214413-3646476727-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tanvir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4248042720-1123214413-3646476727-1005: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF user.js: detected! => C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\user.js [2015-05-20]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-01] (Apple Inc.)
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\Astromenda.xml [2014-09-09]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\ividi.xml [2013-09-10]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\sweetim.xml [2012-09-09]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\trovi.xml [2015-05-20]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\youtube.xml [2014-08-03]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\searchplugins\trovi.xml [2015-05-20]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-12-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-05-08]
FF Extension: CinemaPlus-3.2cV20.05 - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-05-20]
FF Extension: Fast Start - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\faststartff@gmail.com [2014-08-03]
FF Extension: Ge-Force - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-20]
FF Extension: Shopper-Pro - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-05-20]
FF Extension: Adblock Plus - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-10]
FF Extension: CinemaPlus-3.2cV20.05 - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-05-20]
FF Extension: Ge-Force - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-20]
FF Extension: saver box - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\v4@VAU6gm.org [2015-01-24]
FF Extension: Shopper-Pro - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-05-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011-09-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-10-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-4248042720-1123214413-3646476727-1005\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Aurora\firefox.exe
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://gmail.com/
CHR StartupUrls: Default -> "https://mail.google.com/mail/u/0/#inbox"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-26]
CHR Extension: (YouTube) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-26]
CHR Extension: (Screen capture, screenshot share/save) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod [2015-02-04]
CHR Extension: (Google Search) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-26]
CHR Extension: (Bookmark Manager) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Hangouts) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-02-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-26]
CHR Profile: C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-21]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Jasim\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nhbidioaakecomhhkehafphmolneehoe] - C:\Users\Tanvir\AppData\Roaming\TGF Interactive LLC\Trends Genius\trendsgenius.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Jasim\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264464 2015-03-09] (Systweak Software, (www.systweak.com))
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
R2 DSUDiskOptimizer; C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe [692008 2013-02-06] (Systweak Inc., (www.systweak.com))
R2 gerugefu; C:\Users\Tanvir\AppData\Local\3FAB6580-1432155654-1014-BBB0-C6C9936C50C1\cnsq7F62.tmp [291840 2015-05-20] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-05-20] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-05-20] (globalUpdate) [File not signed] <==== ATTENTION
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 pastaleadsupd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe [1088000 2015-05-17] (PastaLeads) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186560 2015-01-30] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-03-13] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-01-26] (Razer Inc.)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-05-20] (ShopperPro)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [710144 2015-05-20] () [File not signed]
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-20] ()
S2 VuuPCConnectivity; C:\Program Files (x86)\VuuPC\Connectivity.exe [4747280 2014-06-02] (ClickMeIn Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-11-05] (Wellbia.com Co., Ltd.) [File not signed]
S4 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [X]
S2 GoToMyPC; "C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe" "Start=service" [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S3 xoxetj; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-02-13] (Conexant Systems, Inc.)
R0 DeepFrz; C:\Windows\System32\Drivers\DeepFrz.sys [214744 2012-07-16] (Faronics Corporation)
R0 DfDiskLow; C:\Windows\System32\Drivers\DfDiskLow.sys [38232 2012-07-16] (Faronics Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-16] (Disc Soft Ltd)
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
S1 iizrzusz; C:\Windows\system32\drivers\iizrzusz.sys [55104 2015-05-20] (Microsoft Corporation)
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 mwi3m2j2nhnkbdv; C:\Windows\System32\drivers\mwi3m2j2nhnkbdv.sys [50504 2015-01-15] (Windows ® Win 7 DDK provider)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 PastaLUpdd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys [61904 2015-05-17] ()
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-01-30] (Razer, Inc.)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-05-20] ()
R2 SPDRIVER_1.42.1.1866; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1866\jsdrv.sys [52384 2015-05-20] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-06-07] ()
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 kcplniec; \??\C:\Windows\system32\drivers\kcplniec.sys [X]
S1 ousljumz; \??\C:\Windows\system32\drivers\ousljumz.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va005; \??\C:\Users\Tanvir\AppData\Local\Temp\005B712.tmp [X]
S3 X6va006; \??\C:\Users\Tanvir\AppData\Local\Temp\006F0F3.tmp [X]
S3 X6va008; \??\C:\Users\Tanvir\AppData\Local\Temp\008C3C3.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-20 23:16 - 2015-05-20 23:20 - 00045292 _____ () C:\Users\Tanvir\Downloads\FRST.txt
2015-05-20 23:15 - 2015-05-20 23:17 - 00000000 ____D () C:\FRST
2015-05-20 23:14 - 2015-05-20 23:14 - 02209792 _____ () C:\Users\Tanvir\Downloads\AdwCleaner.exe
2015-05-20 23:14 - 2015-05-20 23:14 - 02107904 _____ (Farbar) C:\Users\Tanvir\Downloads\FRST64.exe
2015-05-20 22:44 - 2015-05-20 22:44 - 00003306 _____ () C:\Windows\System32\Tasks\VuuPCUpdate
2015-05-20 22:44 - 2015-05-20 22:44 - 00003120 _____ () C:\Windows\System32\Tasks\VuuPCUpdateLogin
2015-05-20 22:43 - 2015-05-20 22:44 - 00000000 ____D () C:\Program Files (x86)\VuuPC
2015-05-20 22:43 - 2015-05-20 22:43 - 00260876 _____ (VuuPC Limited) C:\Users\Tanvir\AppData\Local\nsyB3EB.tmp
2015-05-20 22:41 - 2015-05-20 22:41 - 00005796 _____ () C:\Windows\System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-5
2015-05-20 22:41 - 2015-05-20 22:41 - 00002766 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-5_user.job
2015-05-20 22:41 - 2015-05-20 22:41 - 00002766 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-5.job
2015-05-20 22:40 - 2015-05-20 22:40 - 00007500 _____ () C:\Windows\System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-4
2015-05-20 22:40 - 2015-05-20 22:40 - 00006824 _____ () C:\Windows\System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-7
2015-05-20 22:40 - 2015-05-20 22:40 - 00006478 _____ () C:\Windows\System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-6
2015-05-20 22:40 - 2015-05-20 22:40 - 00004504 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-05-20 22:40 - 2015-05-20 22:40 - 00004470 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-4.job
2015-05-20 22:40 - 2015-05-20 22:40 - 00004240 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3938383035303635332d3437415a556c2a3223346c41
2015-05-20 22:40 - 2015-05-20 22:40 - 00003794 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-7.job
2015-05-20 22:40 - 2015-05-20 22:40 - 00003498 _____ () C:\Windows\System32\Tasks\SPDriver
2015-05-20 22:40 - 2015-05-20 22:40 - 00003450 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-6.job
2015-05-20 22:40 - 2015-05-20 22:40 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-05-20 22:39 - 2015-05-20 22:40 - 00000000 ____D () C:\ProgramData\ShopperPro
2015-05-20 22:39 - 2015-05-20 22:39 - 00009210 _____ () C:\Windows\System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-6
2015-05-20 22:39 - 2015-05-20 22:39 - 00008868 _____ () C:\Windows\System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-7
2015-05-20 22:39 - 2015-05-20 22:39 - 00006182 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-6.job
2015-05-20 22:39 - 2015-05-20 22:39 - 00005838 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-7.job
2015-05-20 22:39 - 2015-05-20 22:39 - 00003572 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-05-20 22:39 - 2015-05-20 22:39 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-05-20 22:39 - 2015-05-20 22:39 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2015-05-20 22:39 - 2015-05-20 22:39 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-20 22:39 - 2015-05-20 22:39 - 00000000 ____D () C:\Program Files (x86)\65389f70-5439-4eb5-8cbe-f5adb12c6561
2015-05-20 22:38 - 2015-05-20 22:41 - 00000000 ____D () C:\Program Files (x86)\Ge-Force
2015-05-20 22:38 - 2015-05-20 22:38 - 00002088 _____ () C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-10_user.job
2015-05-20 22:33 - 2015-05-20 22:36 - 00003712 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-05-20 22:14 - 2015-05-20 22:14 - 00055104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\iizrzusz.sys
2015-05-20 22:06 - 2015-05-20 22:06 - 00006566 _____ () C:\Windows\PFRO.log
2015-05-20 21:47 - 2015-05-20 22:07 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-05-20 21:47 - 2015-05-20 21:47 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-05-20 21:47 - 2015-05-20 21:47 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-05-20 21:47 - 2015-05-20 21:47 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-05-20 21:47 - 2015-05-20 21:47 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-05-20 21:47 - 2015-05-20 21:47 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-05-20 21:34 - 2015-05-20 21:34 - 00333506 _____ (AnySend.com) C:\Users\Tanvir\AppData\Local\nssCE5.tmp
2015-05-20 21:34 - 2015-05-20 21:33 - 00613255 _____ (CMI Limited) C:\Users\Tanvir\AppData\Local\nsx3884.tmp
2015-05-20 21:33 - 2015-05-20 21:33 - 00000000 __SHD () C:\Users\Tanvir\AppData\Roaming\AnyProtectEx
2015-05-20 21:32 - 2015-05-20 21:32 - 00260876 _____ (VuuPC Limited) C:\Users\Tanvir\AppData\Local\nsc1751.tmp
2015-05-20 21:32 - 2015-05-20 21:32 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Windesk_Winsearch
2015-05-20 21:30 - 2015-05-20 21:30 - 00000112 _____ () C:\ProgramData\082rb1.dat
2015-05-20 21:29 - 2015-05-20 21:40 - 00003202 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-05-20 21:29 - 2015-05-20 21:29 - 00003464 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-05-20 21:28 - 2015-05-20 21:39 - 00004518 _____ () C:\Windows\System32\Tasks\Installer_geforce
2015-05-20 21:28 - 2015-05-20 21:28 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Pro_PC_Cleaner
2015-05-20 21:28 - 2015-05-20 21:28 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-05-20 21:27 - 2015-05-20 21:39 - 00004530 _____ () C:\Windows\System32\Tasks\Installer_shopperpro
2015-05-20 21:27 - 2015-05-20 21:31 - 00000000 ____D () C:\Users\Tanvir\Documents\ProPCCleaner
2015-05-20 21:27 - 2015-05-20 21:27 - 00333506 _____ (AnySend.com) C:\Users\Tanvir\AppData\Local\nsaAFA9.tmp
2015-05-20 21:27 - 2015-05-20 21:27 - 00333506 _____ (AnySend.com) C:\Users\Tanvir\AppData\Local\nsaACEB.tmp
2015-05-20 21:27 - 2015-05-20 21:27 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-05-20 21:27 - 2015-05-20 21:27 - 00000000 ____D () C:\Program Files (x86)\AnySend
2015-05-20 21:25 - 2015-05-20 22:07 - 00000996 _____ () C:\Windows\Tasks\Nu97y7iQLy.job
2015-05-20 21:25 - 2015-05-20 21:40 - 00004038 _____ () C:\Windows\System32\Tasks\Nu97y7iQLy
2015-05-20 21:25 - 2015-05-20 21:32 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\Pro PC Cleaner
2015-05-20 21:25 - 2015-05-20 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-05-20 21:25 - 2015-05-20 21:26 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-05-20 21:24 - 2015-05-20 22:07 - 00000996 _____ () C:\Windows\Tasks\NtS5KTdU8W.job
2015-05-20 21:24 - 2015-05-20 21:40 - 00004038 _____ () C:\Windows\System32\Tasks\NtS5KTdU8W
2015-05-20 21:24 - 2015-05-20 21:26 - 00000000 ____D () C:\Program Files (x86)\RapidMediaConverter
2015-05-20 21:24 - 2015-05-20 21:24 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter
2015-05-20 21:24 - 2015-05-20 21:24 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\RapidMediaConverter
2015-05-20 21:23 - 2015-05-20 22:07 - 00002448 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-5_user.job
2015-05-20 21:23 - 2015-05-20 22:07 - 00002448 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-5.job
2015-05-20 21:23 - 2015-05-20 21:36 - 00005490 _____ () C:\Windows\System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-5
2015-05-20 21:22 - 2015-05-20 23:22 - 00003140 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6.job
2015-05-20 21:22 - 2015-05-20 22:07 - 00003476 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-7.job
2015-05-20 21:22 - 2015-05-20 21:36 - 00006518 _____ () C:\Windows\System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-7
2015-05-20 21:22 - 2015-05-20 21:36 - 00006180 _____ () C:\Windows\System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6
2015-05-20 21:21 - 2015-05-20 22:07 - 00004496 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-4.job
2015-05-20 21:21 - 2015-05-20 21:36 - 00007538 _____ () C:\Windows\System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-4
2015-05-20 21:20 - 2015-05-20 23:21 - 00005520 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-6.job
2015-05-20 21:20 - 2015-05-20 22:44 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-20 21:20 - 2015-05-20 22:39 - 00003902 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-05-20 21:20 - 2015-05-20 22:07 - 00005520 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-7.job
2015-05-20 21:20 - 2015-05-20 21:37 - 00008562 _____ () C:\Windows\System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-7
2015-05-20 21:20 - 2015-05-20 21:37 - 00008560 _____ () C:\Windows\System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-6
2015-05-20 21:20 - 2015-05-20 21:21 - 00000000 ____D () C:\Program Files (x86)\bb11f101-c797-45eb-a909-19cc926b3749
2015-05-20 21:19 - 2015-05-20 23:19 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-20 21:19 - 2015-05-20 22:44 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-20 21:19 - 2015-05-20 22:39 - 00003648 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-05-20 21:19 - 2015-05-20 22:07 - 00004496 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-3.job
2015-05-20 21:19 - 2015-05-20 21:36 - 00007538 _____ () C:\Windows\System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-3
2015-05-20 21:19 - 2015-05-20 21:19 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\globalUpdate
2015-05-20 21:19 - 2015-05-20 21:19 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-20 21:18 - 2015-05-20 23:19 - 00002114 _____ () C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-10_user.job
2015-05-20 21:18 - 2015-05-20 21:24 - 00000000 ____D () C:\Program Files (x86)\CinemaPlus-3.2cV20.05
2015-05-20 21:17 - 2015-05-20 21:39 - 00003224 _____ () C:\Windows\System32\Tasks\MaxComputerCleaner_Start
2015-05-20 21:17 - 2015-05-20 21:17 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Crossbrowse
2015-05-20 21:17 - 2015-05-20 21:17 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Crossbrowse
2015-05-20 21:17 - 2015-05-20 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Crossbrowse
2015-05-20 21:17 - 2015-05-20 21:17 - 00000000 ____D () C:\Users\Guest.Tanvir-PC\AppData\Local\Crossbrowse
2015-05-20 21:17 - 2015-05-20 21:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-05-20 21:16 - 2015-05-20 22:07 - 00001058 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-05-20 21:16 - 2015-05-20 21:38 - 00004100 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-05-20 21:16 - 2015-05-20 21:22 - 00000000 ____D () C:\Users\Tanvir\Documents\MaxComputerCleaner
2015-05-20 21:16 - 2015-05-20 21:19 - 00000000 ____D () C:\Program Files\Coupoon
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Max_Computer_Cleaner
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-05-20 21:15 - 2015-05-20 21:50 - 00000000 ____D () C:\ProgramData\abc
2015-05-20 21:13 - 2015-05-20 22:36 - 00000000 ____D () C:\Program Files (x86)\MaxComputerCleaner_v17.507
2015-05-20 21:13 - 2015-05-20 21:16 - 00000000 ____D () C:\Program Files (x86)\Coupoon
2015-05-20 21:13 - 2015-05-20 21:13 - 00000000 ____D () C:\Program Files (x86)\MaxComputerCleaner
2015-05-20 21:13 - 2015-05-20 21:13 - 00000000 ____D () C:\Program Files (x86)\Crossbrowse
2015-05-20 21:12 - 2015-05-20 22:38 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\SmartWeb
2015-05-20 21:12 - 2015-05-20 21:12 - 00004040 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-05-20 21:10 - 2015-05-20 21:11 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.14
2015-05-20 21:00 - 2015-05-20 21:01 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\3FAB6580-1432155654-1014-BBB0-C6C9936C50C1
2015-05-20 21:00 - 2015-05-20 21:00 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\3FAB6580-1432155638-1014-BBB0-C6C9936C50C1
2015-05-20 20:59 - 2015-05-20 21:40 - 00004470 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-05-20 20:59 - 2015-05-20 21:38 - 00003866 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-05-20 20:59 - 2015-05-20 21:37 - 00004262 _____ () C:\Windows\System32\Tasks\Check Updates
2015-05-20 20:59 - 2015-05-20 20:59 - 00003442 _____ () C:\Windows\System32\Tasks\Fobuisaksiii
2015-05-20 20:59 - 2015-05-20 20:59 - 00000064 _____ () C:\Users\Tanvir\AppData\Local\344c960902c26697e9584f9883a587d0
2015-05-20 20:59 - 2015-05-20 20:59 - 00000000 ____D () C:\ProgramData\Fobuisaksiii
2015-05-20 20:59 - 2015-05-20 20:59 - 00000000 ____D () C:\Program Files (x86)\user extensions
2015-05-20 20:59 - 2015-05-20 20:59 - 00000000 ____D () C:\Program Files (x86)\Umtayyznhndq1ntz
2015-05-20 20:59 - 2015-05-20 20:59 - 00000000 ____D () C:\Program Files (x86)\Hades
2015-05-20 20:58 - 2015-05-20 20:59 - 00000000 ____D () C:\Program Files (x86)\Smwyyntm1ndi1zdz
2015-05-20 20:56 - 2015-05-20 21:25 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\ASPackage
2015-05-20 20:56 - 2015-05-20 20:56 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\VOPackage
2015-05-20 20:56 - 2015-05-20 20:56 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-05-20 20:56 - 2015-05-20 20:56 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-05-20 20:56 - 2015-05-20 20:56 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\3FAB6580-1432169812-1014-BBB0-C6C9936C50C1
2015-05-20 20:56 - 2015-05-20 20:56 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Zeoinsight
2015-05-20 20:56 - 2015-05-20 20:56 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\ZBAnalyticsCore
2015-05-20 20:56 - 2015-05-20 20:56 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Kromtech
2015-05-20 20:53 - 2015-05-20 21:39 - 00000000 ____D () C:\Program Files\shopperz
2015-05-20 20:53 - 2015-05-20 20:55 - 00000000 ____D () C:\ProgramData\Kromtech
2015-05-20 20:51 - 2015-05-20 21:39 - 00003530 _____ () C:\Windows\System32\Tasks\LuckyTab
2015-05-20 20:50 - 2015-05-20 20:51 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-05-20 20:50 - 2015-05-20 20:50 - 00000000 ____D () C:\Program Files (x86)\LuckyTab
2015-05-20 19:01 - 2015-05-20 22:11 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT
2015-05-17 09:18 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 09:18 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 16:53 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-16 16:53 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-16 16:53 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-16 16:53 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-16 16:53 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-16 16:53 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-16 16:53 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-16 16:53 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-16 16:53 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-16 16:53 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-16 16:53 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-16 16:53 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-16 16:53 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-16 16:53 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-16 16:53 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-16 16:53 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-16 16:53 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-16 16:53 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-16 16:53 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-16 16:53 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-16 16:53 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-16 16:53 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-16 16:53 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-16 16:53 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-16 16:53 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-16 16:53 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-16 16:53 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-16 16:53 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-16 16:53 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-16 16:53 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-16 16:53 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-16 16:53 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-16 16:53 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-16 16:53 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-16 16:53 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-16 16:53 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-16 16:53 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-16 16:53 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-16 16:53 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-16 16:53 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-16 16:53 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-16 16:53 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-16 16:53 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-16 16:53 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-16 16:53 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-16 16:53 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-16 16:53 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-16 16:53 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-16 16:53 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-16 16:53 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-16 16:53 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-16 16:53 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-16 16:53 - 2015-04-03 23:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-16 16:53 - 2015-04-03 23:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-16 16:53 - 2015-04-03 23:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-16 16:53 - 2015-04-03 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-16 16:53 - 2015-04-03 23:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-16 16:53 - 2015-04-03 23:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-16 16:53 - 2015-04-03 23:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-16 16:53 - 2015-04-03 23:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-16 16:53 - 2015-04-03 23:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-16 16:53 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-16 16:53 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-16 16:53 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-16 16:53 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-16 16:53 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-16 16:53 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-16 16:53 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-16 16:53 - 2015-04-03 23:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-16 16:53 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-16 16:53 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-16 16:53 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-16 16:53 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-16 16:52 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-16 16:52 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-16 16:52 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-16 16:52 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-16 16:52 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-16 16:52 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-16 16:52 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-16 16:52 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-16 16:52 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-16 16:52 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-16 16:52 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-16 16:52 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-16 16:52 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-16 16:52 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-16 16:52 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-16 16:52 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-16 16:52 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 16:52 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-16 16:52 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-16 16:52 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-16 16:52 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-16 16:52 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-16 08:45 - 2015-05-20 22:07 - 00229216 _____ () C:\Windows\setupact.log
2015-05-16 08:45 - 2015-05-16 08:45 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-09 13:06 - 2015-05-09 13:06 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\CrashRpt
2015-05-09 13:06 - 2015-05-09 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iBackup Viewer
2015-05-09 13:06 - 2015-05-09 13:06 - 00000000 ____D () C:\Program Files (x86)\iMacTools
2015-05-04 19:08 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPMC311.dll
2015-05-04 19:07 - 2015-05-04 19:07 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-04-20 19:30 - 2015-04-20 19:30 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Adobe_Systems_Incorporate
2015-04-20 19:29 - 2015-04-23 19:51 - 00000000 ____D () C:\Users\Tanvir\Documents\My Digital Editions
2015-04-20 10:05 - 2015-04-20 10:05 - 01579520 _____ () C:\Users\Tanvir\AppData\Roaming\NtS5KTdU8W.exe
2015-04-20 10:05 - 2015-04-20 10:05 - 01246720 _____ () C:\Users\Tanvir\AppData\Roaming\Nu97y7iQLy.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-20 22:48 - 2012-04-07 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 22:47 - 2011-12-20 22:40 - 01827972 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 22:39 - 2011-10-24 21:35 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2015-05-20 22:33 - 2011-12-20 21:50 - 00000000 ____D () C:\Users\Tanvir
2015-05-20 22:20 - 2011-12-20 21:47 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 22:20 - 2011-12-20 21:47 - 00015104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 22:07 - 2013-09-01 13:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 22:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 21:39 - 2013-09-01 13:31 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-20 21:37 - 2015-01-07 20:46 - 00003896 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-20 21:37 - 2011-12-03 09:31 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4248042720-1123214413-3646476727-1001UA.job
2015-05-20 21:16 - 2013-04-06 12:01 - 00000005 _____ () C:\END
2015-05-20 21:01 - 2013-03-25 23:21 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Spotify
2015-05-20 20:39 - 2013-03-25 23:20 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\Spotify
2015-05-20 19:34 - 2011-09-18 15:02 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Paint.NET
2015-05-19 23:27 - 2014-11-02 16:50 - 00000000 ____D () C:\Users\Tanvir\Documents\School
2015-05-19 21:53 - 2011-10-24 22:16 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4248042720-1123214413-3646476727-1000UA.job
2015-05-18 06:37 - 2011-12-03 09:31 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4248042720-1123214413-3646476727-1001Core.job
2015-05-18 04:06 - 2011-09-18 09:36 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-17 19:03 - 2014-08-31 20:11 - 00000462 _____ () C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
2015-05-17 16:05 - 2011-10-24 22:15 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4248042720-1123214413-3646476727-1000Core.job
2015-05-17 12:57 - 2009-07-14 00:45 - 05071000 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 12:48 - 2012-05-11 01:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 12:48 - 2011-12-21 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 09:58 - 2011-12-21 17:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-17 09:54 - 2011-09-17 15:18 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-17 09:54 - 2011-09-17 15:14 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-17 09:53 - 2011-09-17 15:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-17 09:53 - 2011-09-17 15:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-17 09:51 - 2013-08-14 22:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-17 09:51 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 09:38 - 2011-12-21 00:23 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-17 09:17 - 2011-12-21 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 19:12 - 2013-09-01 13:31 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 19:12 - 2013-09-01 13:31 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 00:20 - 2014-08-31 20:11 - 00000434 _____ () C:\Windows\Tasks\ASO-OneClickCare.job
2015-05-09 13:54 - 2013-04-07 22:21 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\.minecraft
2015-05-09 13:07 - 2011-09-17 18:10 - 00000000 ___RD () C:\Users\Tanvir\Desktop\Stuff
2015-05-09 13:07 - 2006-11-02 08:34 - 00000229 _____ () C:\Windows\win.ini
2015-05-05 19:39 - 2011-09-17 20:56 - 00000000 ____D () C:\Users\Tanvir\Desktop\Gaming
2015-05-04 19:09 - 2011-09-26 06:33 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\HP
2015-05-04 19:08 - 2011-09-26 06:34 - 00000000 ____D () C:\Program Files\HP
2015-05-04 19:08 - 2008-09-18 13:57 - 00000000 ____D () C:\ProgramData\HP
2015-05-04 19:08 - 2008-09-18 13:57 - 00000000 ____D () C:\Program Files (x86)\HP
2015-05-04 19:08 - 2008-09-18 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-05-01 14:31 - 2011-09-19 20:49 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\Apple Computer
2015-05-01 10:36 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 08:58 - 2012-08-07 19:44 - 00000000 ____D () C:\Users\Tanvir\AppData\Local\Unity
2015-04-21 22:37 - 2013-09-10 20:10 - 00000000 ____D () C:\Users\Tanvir\AppData\Roaming\BitTorrent
2015-04-20 19:29 - 2011-10-14 19:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-20 15:01 - 2014-12-03 23:18 - 00000933 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
 
==================== Files in the root of some directories =======
 
2012-09-09 18:57 - 2014-11-02 22:56 - 0000132 _____ () C:\Users\Tanvir\AppData\Roaming\Adobe PNG Format CS6 Prefs
2011-11-04 15:24 - 2011-11-04 15:24 - 0000412 _____ () C:\Users\Tanvir\AppData\Roaming\All CPU Meter_Settings.ini
2011-11-03 19:49 - 2011-11-04 15:25 - 0000297 _____ () C:\Users\Tanvir\AppData\Roaming\Network Meter_Settings.ini
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Tanvir\AppData\Roaming\NtS5KTdU8W
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Tanvir\AppData\Roaming\NtS5KTdU8W.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Tanvir\AppData\Roaming\Nu97y7iQLy
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Tanvir\AppData\Roaming\Nu97y7iQLy.exe
2005-04-07 22:16 - 2005-04-07 22:16 - 0001233 ____H () C:\Users\Tanvir\AppData\Roaming\Tanvirlog.dat
2012-11-17 02:41 - 2012-11-17 02:41 - 0579274 _____ () C:\Users\Tanvir\AppData\Roaming\technic-launcher.jar
2014-09-02 00:57 - 2014-09-02 00:57 - 0000042 _____ () C:\Users\Tanvir\AppData\Roaming\WB.CFG
2014-01-27 20:59 - 2014-01-27 20:59 - 0000600 _____ () C:\Users\Tanvir\AppData\Roaming\winscp.rnd
2011-09-19 20:12 - 2011-12-16 21:38 - 0000540 _____ () C:\Users\Tanvir\AppData\Roaming\wklnhst.dat
2015-05-20 20:59 - 2015-05-20 20:59 - 0000064 _____ () C:\Users\Tanvir\AppData\Local\344c960902c26697e9584f9883a587d0
2015-03-14 22:10 - 2015-03-14 22:10 - 0000000 ____H () C:\Users\Tanvir\AppData\Local\BIT84A9.tmp
2015-04-17 19:36 - 2015-04-17 19:36 - 0000000 ____H () C:\Users\Tanvir\AppData\Local\BITA5F0.tmp
2011-12-23 17:50 - 2014-11-18 02:21 - 0008704 _____ () C:\Users\Tanvir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-20 21:27 - 2015-05-20 21:27 - 0333506 _____ (AnySend.com) C:\Users\Tanvir\AppData\Local\nsaACEB.tmp
2015-05-20 21:27 - 2015-05-20 21:27 - 0333506 _____ (AnySend.com) C:\Users\Tanvir\AppData\Local\nsaAFA9.tmp
2015-05-20 21:32 - 2015-05-20 21:32 - 0260876 _____ (VuuPC Limited) C:\Users\Tanvir\AppData\Local\nsc1751.tmp
2015-05-20 21:34 - 2015-05-20 21:34 - 0333506 _____ (AnySend.com) C:\Users\Tanvir\AppData\Local\nssCE5.tmp
2015-05-20 21:34 - 2015-05-20 21:33 - 0613255 _____ (CMI Limited) C:\Users\Tanvir\AppData\Local\nsx3884.tmp
2015-05-20 22:43 - 2015-05-20 22:43 - 0260876 _____ (VuuPC Limited) C:\Users\Tanvir\AppData\Local\nsyB3EB.tmp
2014-02-13 20:50 - 2014-03-26 19:09 - 0000600 _____ () C:\Users\Tanvir\AppData\Local\PUTTY.RND
2013-02-02 21:29 - 2014-03-26 16:37 - 0007599 _____ () C:\Users\Tanvir\AppData\Local\Resmon.ResmonCfg
2011-08-06 23:20 - 2011-08-06 23:20 - 0295951 _____ () C:\Users\Tanvir\AppData\Local\Tempaha.png
2015-03-14 22:10 - 2015-03-14 22:10 - 0000000 _____ () C:\Users\Tanvir\AppData\Local\{C2BD858E-DF0F-435A-B17B-50560F310FDC}
2015-05-20 21:30 - 2015-05-20 21:30 - 0000112 _____ () C:\ProgramData\082rb1.dat
2015-05-04 19:07 - 2015-05-04 19:07 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\ProgramData\082rb1.dat
C:\Users\Tanvir\matrix_cl_matrix_LIVE.dat
 
 
Some content of TEMP:
====================
C:\Users\Tanvir\AppData\Local\Temp\0_Offer_0.exe
C:\Users\Tanvir\AppData\Local\Temp\1343.exe
C:\Users\Tanvir\AppData\Local\Temp\1_Offer_2.exe
C:\Users\Tanvir\AppData\Local\Temp\1_Offer_3.exe
C:\Users\Tanvir\AppData\Local\Temp\1_Offer_4.exe
C:\Users\Tanvir\AppData\Local\Temp\1_Offer_6.exe
C:\Users\Tanvir\AppData\Local\Temp\5itjfvfl.dll
C:\Users\Tanvir\AppData\Local\Temp\83MkByxkJl.exe
C:\Users\Tanvir\AppData\Local\Temp\8514.exe
C:\Users\Tanvir\AppData\Local\Temp\9e731fd947228ecf6df09b67695d98de.dll
C:\Users\Tanvir\AppData\Local\Temp\aqw bot quest worlds 1 9 free__3039_i649006541_il4150391.exe
C:\Users\Tanvir\AppData\Local\Temp\BackupSetup.exe
C:\Users\Tanvir\AppData\Local\Temp\bes6154.exe
C:\Users\Tanvir\AppData\Local\Temp\bes6200.exe
C:\Users\Tanvir\AppData\Local\Temp\bes7679.exe
C:\Users\Tanvir\AppData\Local\Temp\bitool.dll
C:\Users\Tanvir\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Tanvir\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Tanvir\AppData\Local\Temp\CloudBackup6932.exe
C:\Users\Tanvir\AppData\Local\Temp\compete.exe
C:\Users\Tanvir\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Tanvir\AppData\Local\Temp\cr8GQzfeQm.exe
C:\Users\Tanvir\AppData\Local\Temp\CyPYdL8Aqu.exe
C:\Users\Tanvir\AppData\Local\Temp\Delta.exe
C:\Users\Tanvir\AppData\Local\Temp\DeltaTB.exe
C:\Users\Tanvir\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnxk57b.dll
C:\Users\Tanvir\AppData\Local\Temp\EwbR6vKiNm.exe
C:\Users\Tanvir\AppData\Local\Temp\f.exe
C:\Users\Tanvir\AppData\Local\Temp\fb1d5c12ab65a33663c67a42c8bf47b2.dll
C:\Users\Tanvir\AppData\Local\Temp\htmlayout.dll
C:\Users\Tanvir\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-heartgold.exe
C:\Users\Tanvir\AppData\Local\Temp\install_flashplayer13x32au_mssa_aaa_aih.exe
C:\Users\Tanvir\AppData\Local\Temp\instrac.exe
C:\Users\Tanvir\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tanvir\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tanvir\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Tanvir\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tanvir\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Tanvir\AppData\Local\Temp\n2wIwKvQ3u.exe
C:\Users\Tanvir\AppData\Local\Temp\n5ouqxv6.dll
C:\Users\Tanvir\AppData\Local\Temp\nsa2662.exe
C:\Users\Tanvir\AppData\Local\Temp\nsa5299.exe
C:\Users\Tanvir\AppData\Local\Temp\nsa6051.exe
C:\Users\Tanvir\AppData\Local\Temp\nsb42FF.exe
C:\Users\Tanvir\AppData\Local\Temp\nsb4749.exe
C:\Users\Tanvir\AppData\Local\Temp\nsd36A1.exe
C:\Users\Tanvir\AppData\Local\Temp\nse1A27.exe
C:\Users\Tanvir\AppData\Local\Temp\nsf3DB0.exe
C:\Users\Tanvir\AppData\Local\Temp\nsf485B.exe
C:\Users\Tanvir\AppData\Local\Temp\nsf58D1.exe
C:\Users\Tanvir\AppData\Local\Temp\nsj53EE.exe
C:\Users\Tanvir\AppData\Local\Temp\nsjD2FE.exe
C:\Users\Tanvir\AppData\Local\Temp\nsl1F7F.exe
C:\Users\Tanvir\AppData\Local\Temp\nsl32CE.exe
C:\Users\Tanvir\AppData\Local\Temp\nsn6451.exe
C:\Users\Tanvir\AppData\Local\Temp\nsq2BEF.exe
C:\Users\Tanvir\AppData\Local\Temp\nsq4A6E.exe
C:\Users\Tanvir\AppData\Local\Temp\nsuC75A.exe
C:\Users\Tanvir\AppData\Local\Temp\nsv17ED.exe
C:\Users\Tanvir\AppData\Local\Temp\nsv2C13.exe
C:\Users\Tanvir\AppData\Local\Temp\nszDCCF.exe
C:\Users\Tanvir\AppData\Local\Temp\optprosetup.exe
C:\Users\Tanvir\AppData\Local\Temp\ose00002.exe
C:\Users\Tanvir\AppData\Local\Temp\oVzcymg4lR.exe
C:\Users\Tanvir\AppData\Local\Temp\prefetch.exe
C:\Users\Tanvir\AppData\Local\Temp\QuickShare1.exe
C:\Users\Tanvir\AppData\Local\Temp\Runner2.exe
C:\Users\Tanvir\AppData\Local\Temp\Runner4.exe
C:\Users\Tanvir\AppData\Local\Temp\sdf88A1.exe
C:\Users\Tanvir\AppData\Local\Temp\sdfD0F6.exe
C:\Users\Tanvir\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Tanvir\AppData\Local\Temp\Search_Protect_NonSearch_setup.exe
C:\Users\Tanvir\AppData\Local\Temp\setup_644.exe
C:\Users\Tanvir\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\Tanvir\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\Tanvir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tanvir\AppData\Local\Temp\sp-downloader.exe
C:\Users\Tanvir\AppData\Local\Temp\SymCCIS.dll
C:\Users\Tanvir\AppData\Local\Temp\TidyNetwork.exe
C:\Users\Tanvir\AppData\Local\Temp\Toparcadehits.exe
C:\Users\Tanvir\AppData\Local\Temp\TrendsGeniusInstaller.exe
C:\Users\Tanvir\AppData\Local\Temp\ttv.exe
C:\Users\Tanvir\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\Tanvir\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Tanvir\AppData\Local\Temp\vBhEefnQyp.exe
C:\Users\Tanvir\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Tanvir\AppData\Local\Temp\VuuPCSetup_full.exe
C:\Users\Tanvir\AppData\Local\Temp\WSSetup.exe
C:\Users\Tanvir\AppData\Local\Temp\xuHjkfJMqL.exe
C:\Users\Tanvir\AppData\Local\Temp\YqSMOKW1QS.exe
C:\Users\Tanvir\AppData\Local\Temp\_isB4A3.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 00:04
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 AM

Posted 24 May 2015 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

I definitely want these programs removed

If not already attemted please remove the using the Add/Remove programs applet.

Remove these programs using the Add/Remove Programs applet.


AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION!
CinemaPlus-3.2cV20.05 (HKLM-x32\...\CinemaPlus-3.2cV20.05) (Version: 1.36.01.22 - Cinema PlusV20.05) <==== ATTENTION
Coupoon version 1.0 (HKLM-x32\...\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1) (Version: 1.0 - Coupoon) <==== ATTENTION
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ATTENTION!
Double-sided Launch (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - Double-sided Launch) <==== ATTENTION
Ge-Force (HKLM-x32\...\Ge-Force) (Version: 1.36.01.22 - Webar) <==== ATTENTION
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden <==== ATTENTION

p.s.
If you want to remove others use the same applet.

===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(PastaLeads) C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe
() C:\ProgramData\Fobuisaksiii\1.0.1.0\jludsuet.exe
(Cinema PlusV20.05) C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-6.exe
(Cinema PlusV20.05) C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6.exe
(Webar) C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-6.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Webar) C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-1-6.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
HKLM\...\Run: [Windesk Winsearch] => C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwi3m2j2nhnkbdv.exe [2390016 2015-05-20] ()
HKLM-x32\...\Run: [CrashMon] => C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe [440320 2015-05-20] ()
HKLM-x32\...\Run: [WinCheck] => C:\Users\Tanvir\AppData\Local\3FAB6580-1432155638-1014-BBB0-C6C9936C50C1\bnsv3D14.exe [273408 2015-05-20] ()
HKLM-x32\...\Run: [gmsd_us_598] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1866\jsdrv.exe [3225088 2015-05-20] ()
Winlogon\Notify\DfLogon: LogonDll.dll [X]
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [PCKeeper2] => :"C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [GoogleChromeAutoLaunch_2ED681A6216D26C143E38BFCEF7D767B] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1866\jsdrv.exe [3225088 2015-05-20] ()
HKU\S-1-5-21-4248042720-1123214413-3646476727-1005\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.disabled [2015-05-20] ()
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RapidMediaConverterApp.disabled [2015-05-20] ()
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.disabled [2015-05-20] ()
Startup: C:\Users\Tanvir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystweakDisabled [2014-12-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-21-4248042720-1123214413-3646476727-1005] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-4248042720-1123214413-3646476727-1005] => http=127.0.0.1:8118;https=127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_36_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEyE0D0EtCyE0FtB0EzytN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtAtAyB0AtC0CtG0CyD0CzztGyCtAzzyCtGyE0DtByEtGtBzy0FtD0CyCyDtAzz0DtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEtDtA0FyCtAyCtGzyyC0CzytGyEtD0EtDtG0BtB0DtCtGtB0BtD0Azz0A0DyCyEtC0C0D2Q&cr=1394582729&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1056&systemid=406&v=r11551-268&apn_uid=4075580215434705&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {D7DD363E-248E-4FBE-9F60-6FCEB5CF6D26} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1056&systemid=406&v=r11551-268&apn_uid=4075580215434705&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {D7DD363E-248E-4FBE-9F60-6FCEB5CF6D26} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\.DEFAULT -> {47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} URL = http://www.basicserve.com/?prt=BASICSERVE113&sp=&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_36_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEyE0D0EtCyE0FtB0EzytN0D0Tzu0SzyyByDtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyDzytDyEtD0BzytG0AyCtDtCtGyDyDtAtBtGtB0EtC0EtGtAzzyC0DyDtByCyBzyyB0B0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyC0B0FtDtA0DzztGtB0EtBzztGyEtBzy0FtGzztDyBtBtG0BzzyEzyyCzztAzzyE0FtBzz2Q&cr=37553010&ir=
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_36_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEyE0D0EtCyE0FtB0EzytN0D0Tzu0SzyyByDtN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyDzytDyEtD0BzytG0AyCtDtCtGyDyDtAtBtGtB0EtC0EtGtAzzyC0DyDtByCyBzyyB0B0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyC0B0FtDtA0DzztGtB0EtBzztGyEtBzy0FtGzztDyBtBtG0BzzyEzyyCzztAzzyE0FtBzz2Q&cr=37553010&ir=
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=M01A3001F-DCE4-4995-B131-B5017960FFFF&SearchSource=58&CUI=&UM=8&UP=SP97BC64A0-ACF6-41EB-808F-781E54E18026&D=052115&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=3212_4&babsrc=SP_ss&mntrId=a091f2e900000000000000226805ef56
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_36_ch&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEyE0D0EtCyE0FtB0EzytN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtBtAtAyB0AtC0CtG0CyD0CzztGyCtAzzyCtGyE0DtByEtGtBzy0FtD0CyCyDtAzz0DtByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyEtDtA0FyCtAyCtGzyyC0CzytGyEtD0EtDtG0BtB0DtCtGtB0BtD0Azz0A0DyCyEtC0C0D2Q&cr=1394582729&ir=
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1056&systemid=406&v=r11551-268&apn_uid=4075580215434705&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> {D7DD363E-248E-4FBE-9F60-6FCEB5CF6D26} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} ->  No File
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-05-20] (Goobzo Ltd.)
BHO: gereatsaver -> {FEFCB80C-7E6B-632C-638C-EACCED3A2137} ->  No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {0931BD3F-547E-45C1-B133-D0E995645DBA} ->  No File
BHO-x32: No Name -> {2395B860-45E4-42fd-96E6-50BA597C1C42} ->  No File
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll No File
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-05-20] (Goobzo Ltd.)
BHO-x32: gereatsaver -> {FEFCB80C-7E6B-632C-638C-EACCED3A2137} ->  No File
Toolbar: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-4248042720-1123214413-3646476727-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.v9.com/?type=sc&ts=1399584938&from=amt&uid=ST3250310AS_6RYE9AMM&i=psd&t=34237b6ad
FF Homepage: hxxp://websearch.calcitapp.info/
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-05-20] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-05-20] (globalUpdate)
FF Plugin HKU\S-1-5-21-4248042720-1123214413-3646476727-1005: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF user.js: detected! => C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\user.js [2015-05-20]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010-10-06] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\Astromenda.xml [2014-09-09]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\ividi.xml [2013-09-10]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\sweetim.xml [2012-09-09]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\searchplugins\trovi.xml [2015-05-20]
FF SearchPlugin: C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\searchplugins\trovi.xml [2015-05-20]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012-12-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-05-08]
FF Extension: CinemaPlus-3.2cV20.05 - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-05-20]
FF Extension: Fast Start - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\faststartff@gmail.com [2014-08-03]
FF Extension: Ge-Force - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-20]
FF Extension: Shopper-Pro - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\aq744hlh.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-05-20]
FF Extension: CinemaPlus-3.2cV20.05 - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-05-20]
FF Extension: Ge-Force - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-05-20]
FF Extension: saver box - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\v4@VAU6gm.org [2015-01-24]
FF Extension: Shopper-Pro - C:\Users\Tanvir\AppData\Roaming\Mozilla\Firefox\Profiles\dv6y5pus.dev-edition-default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-05-20]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-4248042720-1123214413-3646476727-1005\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4248042720-1123214413-3646476727-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dapejillpcnbpfidhfkpidklcombbmel] - C:\Users\Jasim\AppData\Local\CRE\dapejillpcnbpfidhfkpidklcombbmel.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nhbidioaakecomhhkehafphmolneehoe] - C:\Users\Tanvir\AppData\Roaming\TGF Interactive LLC\Trends Genius\trendsgenius.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [oleomanaehojaiigacblenknbkhfdicd] - C:\Users\Jasim\AppData\Local\CRE\oleomanaehojaiigacblenknbkhfdicd.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Tanvir\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
R2 DSUDiskOptimizer; C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe [692008 2013-02-06] (Systweak Inc., (www.systweak.com))
R2 gerugefu; C:\Users\Tanvir\AppData\Local\3FAB6580-1432155654-1014-BBB0-C6C9936C50C1\cnsq7F62.tmp [291840 2015-05-20] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-05-20] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-05-20] (globalUpdate) [File not signed] <==== ATTENTION
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 pastaleadsupd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe [1088000 2015-05-17] (PastaLeads) [File not signed]
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-05-20] (ShopperPro)
S4 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed]
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [710144 2015-05-20] () [File not signed]
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-20] ()
S2 VuuPCConnectivity; C:\Program Files (x86)\VuuPC\Connectivity.exe [4747280 2014-06-02] (ClickMeIn Limited)
S4 DFServ; C:\Program Files (x86)\Faronics\Deep Freeze\Install C-0\DFServ.exe [X]
S2 GoToMyPC; "C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe" "Start=service" [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S3 xoxetj; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [X]
S1 iizrzusz; C:\Windows\system32\drivers\iizrzusz.sys [55104 2015-05-20] (Microsoft Corporation)
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
R1 mwi3m2j2nhnkbdv; C:\Windows\System32\drivers\mwi3m2j2nhnkbdv.sys [50504 2015-01-15] (Windows ® Win 7 DDK provider)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R1 PastaLUpdd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys [61904 2015-05-17] ()
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-05-20] ()
R2 SPDRIVER_1.42.1.1866; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1866\jsdrv.sys [52384 2015-05-20] ()
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 kcplniec; \??\C:\Windows\system32\drivers\kcplniec.sys [X]
S1 ousljumz; \??\C:\Windows\system32\drivers\ousljumz.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va005; \??\C:\Users\Tanvir\AppData\Local\Temp\005B712.tmp [X]
S3 X6va006; \??\C:\Users\Tanvir\AppData\Local\Temp\006F0F3.tmp [X]
S3 X6va008; \??\C:\Users\Tanvir\AppData\Local\Temp\008C3C3.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
Task: {040C07B9-5E99-4E6D-BCC6-304563187F6B} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-4 => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-4.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {16B19710-ECB2-472F-96EB-E1A20627DFA5} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-5 => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-5.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {1985ED31-21F5-4935-8DB8-EB8C99DCD974} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2015-05-20] (Goobzo) <==== ATTENTION
Task: {1A1D2AA0-6E97-4E41-8BE1-3D323EB3B917} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-05-20] (globalUpdate) <==== ATTENTION
Task: {2BF75EBC-EB4C-4074-86ED-002C6595D341} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-07-14] () <==== ATTENTION
Task: {314995AD-8CD5-4DB3-98DA-5634E562B745} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-07-14] (Pro PC Cleaner) <==== ATTENTION
Task: {3447209E-9396-4230-AFF9-D623502232CF} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-3 => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-3.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {349C8EE4-F910-4048-8273-109DD6BF0C28} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {42AC942F-7FCF-4D42-A7D3-AD61F18C57C6} - System32\Tasks\NtS5KTdU8W => C:\Users\Tanvir\AppData\Roaming\NtS5KTdU8W.exe [2015-04-20] () <==== ATTENTION
Task: {563405A2-380E-43DE-A099-1A483BD72F7E} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-4 => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-4.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {59BCA031-0DC0-4E34-9C76-7620E1013859} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-6 => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-6.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {5C98E60D-E718-448C-9531-CC45FCB97D4D} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-1-7.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {66124A10-0595-4387-B87D-83A3C6C86B63} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-05-20] (globalUpdate) <==== ATTENTION
Task: {674E5B3E-31DB-4F6A-B18E-CB7A7181A3AB} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Tanvir\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {6B2CC560-BF41-49A0-8845-74B6D0779B3D} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-10_user => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-10.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {6E2430D4-CFB9-48D9-B1EE-8A42A02C18A9} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-05-20] () <==== ATTENTION
Task: {7ADBEE56-C33F-4D64-98EA-7D17D1624CA2} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-5.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {8CAB3878-F5A9-42B9-846D-BCBE7CF8EA17} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-7 => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-7.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {9091D7F4-6B7B-4AA6-AC31-FF59A4B3BBD8} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Program Files (x86)\user extensions\client.exe" <==== ATTENTION
Task: {9199E77A-EBD9-459A-9576-A8A37A464180} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-7 => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-1-7.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {92E29584-1081-461B-A6B6-4AD5D447220F} - System32\Tasks\Nu97y7iQLy => C:\Users\Tanvir\AppData\Roaming\Nu97y7iQLy.exe [2015-04-20] () <==== ATTENTION
Task: {9504559A-17F4-410D-B861-CFB6671E6952} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-5_user => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-5.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {9533D661-24C4-4694-99D9-BA23122F3F08} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-6 => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-1-6.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {9F532BE6-D996-457C-AC95-8E3FACFC68A3} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-10.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {A5CC8628-677A-4FAF-9834-B71279276571} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-6 => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-6.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {BC339D3C-4136-486C-A300-A1E830A34D8B} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2015-05-20] (http://lucky-tab.com/) <==== ATTENTION
Task: {BEE4969B-4DF5-4CC9-BEFB-F580610818C0} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {C1F09E0E-0B73-4FB8-9AAC-1526A641F39D} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1866\jsdrv.exe [2015-05-20] () <==== ATTENTION
Task: {C38BCB0B-3BE3-4D53-B648-E1BD0AE67195} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2015-05-20] (Goobzo LTD) <==== ATTENTION
Task: {D683F669-6373-4324-899A-DBECE37862D4} - System32\Tasks\SPBIW_UpdateTask_Time_3938383035303635332d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {D839595E-B851-433F-A68B-662664172098} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DD4D6FB1-AB70-4018-8CC3-A9BE455F9DF0} - System32\Tasks\21cebb23-83b7-487c-9224-68037233619a-5 => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-5.exe [2015-05-20] (Webar) <==== ATTENTION
Task: {DECA41E8-B479-4824-B345-6A3720AC572C} - System32\Tasks\Installer_shopperpro => C:\Users\Tanvir\AppData\Local\Installer\Installshopperpro_29635\DCytdkietut_tutdk_setup.exe <==== ATTENTION
Task: {DF3F6E8B-48AA-4639-9B1F-284FC13623C3} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E2C4D3C3-9DB3-4226-A1B0-193518893331} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-7 => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-7.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: {EF850B53-731E-46DE-8F4D-C52807A82319} - System32\Tasks\Validate Installation => C:\Program Files (x86)\user extensions\updater.exe [2015-05-20] () <==== ATTENTION
Task: {FEC2B4EB-CF0E-4497-8385-2DF448BCAC21} - System32\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6.exe [2015-05-20] (Cinema PlusV20.05) <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-6.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-1-7.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-10_user.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-4.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-5.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-5_user.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-6.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\21cebb23-83b7-487c-9224-68037233619a-7.job => C:\Program Files (x86)\Ge-Force\21cebb23-83b7-487c-9224-68037233619a-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\690e598e-741d-48b3-a1a3-97770dcbf56d-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV20.05\690e598e-741d-48b3-a1a3-97770dcbf56d-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\NtS5KTdU8W.job => C:\Users\Tanvir\AppData\Roaming\NtS5KTdU8W.exe <==== ATTENTION
Task: C:\Windows\Tasks\Nu97y7iQLy.job => C:\Users\Tanvir\AppData\Roaming\Nu97y7iQLy.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\Drivers\iizrzusz.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:BD36345D
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:F264BECE
AlternateDataStreams: C:\Users\Tanvir\AppData\Local\9anheAYMuXLMu:p57fsYEYRiKfPIE4STUy8
AlternateDataStreams: C:\Users\Tanvir\AppData\Local\Temp:Qpu9erigmA2phEvOa0
AlternateDataStreams: C:\Users\Tanvir\AppData\Local\Temporary Internet Files:LCEAZ4gLBKq1OvJ9iqNJgkv6zZMvx

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please run the Farbar tool and post a fresh log for my review.

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 AM

Posted 29 May 2015 - 07:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users