Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01 Ran by RESO at 2015-03-05 19:04:42 Run:3 Running from C:\Users\RESO\Desktop Loaded Profiles: RESO (Available profiles: RESO) Boot Mode: Normal ============================================== Content of fixlist: ***************** start folder: C:\Users\Public\Documents\ShopperPro CMD: For %i in ("c:\frst\logs\fixlog*.txt") do for /f "delims=" %p in ('type "%i"') do echo %p end ***************** ========================= folder: C:\Users\Public\Documents\ShopperPro ======================== 2015-02-28 10:13 - 2015-02-28 10:13 - 0000000 ____D () C:\Users\Public\Documents\ShopperPro\JsDriver 2015-02-27 19:11 - 2015-02-27 19:11 - 0001915 _____ () C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml ====== End of Folder: ====== ========= For %i in ("c:\frst\logs\fixlog*.txt") do for /f "delims=" %p in ('type "%i"') do echo %p ========= Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 Ran by RESO at 2015-03-04 18:27:09 Run:2 Running from C:\Users\RESO\Desktop Loaded Profiles: RESO (Available profiles: RESO) Boot Mode: Normal ============================================== Content of fixlist: ***************** Start closeprocesses: createrestorepoint: file: C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e\3e2a3a4b2e7d4a2ca793dd4127047b9e.exe file: C:\Windows\TEMP\006113~1.EXE file: C:\Windows\SysWOW64\locale.nls file: C:\Windows\system32\locale.nls file: C:\Users\RESO\Downloads\keyboard-leds_2-7-1-59_fr_335880.exe file: C:\Users\RESO\Downloads\SpyHunter-Installer.exe file: C:\Users\RESO\AppData\Roaming\sp_data.sys folder: C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e Task: {51AA86B9-391D-4C1D-8DE0-94FEF6E51457} - System32\Tasks\FOUMHM => C:\Users\RESO\AppData\Roaming\FOUMHM.exe [2015-02-28] (Cinema PlusV28.02) <==== ATTENTION Task: {88F03275-3636-4977-8A35-70628B442092} - System32\Tasks\BLZYASW => C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e\3e2a3a4b2e7d4a2ca793dd4127047b9e.exe Task: {928F9601-0B3B-4DF4-BF44-03E10DF214C6} - System32\Tasks\{50279AC7-2083-4FF7-A406-6776252DB802} => pcalua.exe -a C:\Users\RESO\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt Task: C:\Windows\Tasks\FOUMHM.job => C:\Users\RESO\AppData\Roaming\FOUMHM.exe <==== ATTENTION c:\windows\System32\Tasks\FOUMHM c:\windows\System32\Tasks\BLZYASW c:\windowsSystem32\Tasks\{50279AC7-2083-4FF7-A406-6776252DB802} C:\Users\RESO\AppData\Roaming\FOUMHM.exe C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e\3e2a3a4b2e7d4a2ca793dd4127047b9e.exe HKLM-x32\...\Run: [mbot_fr_530] => [X] HKLM-x32\...\Run: [gmsd_fr_259] => [X] HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X] c:\windows\system32\drivers\qrnfd_1_10_0_9.sys C:\Windows\Tasks\FOUMHM.job 2015-02-28 10:08 - 2015-02-28 10:08 - 02039256 _____ (Cinema PlusV28.02) C:\Users\RESO\AppData\Roaming\FOUMHM.exe 2015-02-28 10:08 - 2015-02-28 10:08 - 00004372 _____ () C:\Windows\System32\Tasks\FOUMHM 2015-02-28 10:08 - 2015-02-28 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC 2015-02-28 10:08 - 2015-02-28 10:08 - 00000000 ____D () C:\Program Files (x86)\clean2PC 2014-10-29 07:25 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2014-10-29 07:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-10-29 07:25 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS C:\Users\RESO\AppData\Local\Temp\84119B98-C705-4D51-7590-22C23A5B69FD.dll C:\Users\RESO\AppData\Local\Temp\ccicabfceia.exe C:\Users\RESO\AppData\Local\Temp\cracked version of aero glass for windows 8.1__10924_i1473522581_il1111637.exe C:\Users\RESO\AppData\Local\Temp\Opera_NI_stable.exe C:\Users\RESO\AppData\Local\Temp\setup.exe C:\Users\RESO\AppData\Local\Temp\ShopperProJSINJFull.exe C:\Users\RESO\AppData\Local\Temp\SpOrder.dll C:\Users\RESO\AppData\Local\Temp\tu17p84.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC\clean2PC.lnk C:\Program Files (x86)\clean2PC emptytemp: end ***************** Processes closed successfully. Restore point was successfully created. ========================= file: C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e\3e2a3a4b2e7d4a2ca793dd4127047b9e.exe ======================== "C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e\3e2a3a4b2e7d4a2ca793dd4127047b9e.exe" not found. ====== End Of File: ====== ========================= file: C:\Windows\TEMP\006113~1.EXE ======================== "C:\Windows\TEMP\006113~1.EXE" not found. ====== End Of File: ====== ========================= file: C:\Windows\SysWOW64\locale.nls ======================== MD5: D4A564BABFF82F56E68835FBFDA7AB00 Creation and modification date: 2015-03-02 19:47 - 2014-12-13 22:28 Size: 0513488 Attributes: ----A Company Name: Internal Name: Original Name: Product Name: Description: File Version: Product Version: Copyright: ====== End Of File: ====== ========================= file: C:\Windows\system32\locale.nls ======================== MD5: D4A564BABFF82F56E68835FBFDA7AB00 Creation and modification date: 2015-03-02 19:47 - 2014-12-13 22:28 Size: 0513488 Attributes: ----A Company Name: Internal Name: Original Name: Product Name: Description: File Version: Product Version: Copyright: ====== End Of File: ====== ========================= file: C:\Users\RESO\Downloads\keyboard-leds_2-7-1-59_fr_335880.exe ======================== MD5: 168DDA478D68FF19354ADDF64653E0F8 Creation and modification date: 2015-03-02 19:15 - 2015-03-02 19:15 Size: 0522508 Attributes: ----A Company Name: KARPOLAN Internal Name: Original Name: Product Name: Keyboard LEDs Description: Keyboard LEDs File Version: 2.7.1.59 Product Version: 2.7 Copyright: Copyright © KARPOLAN ====== End Of File: ====== ========================= file: C:\Users\RESO\Downloads\SpyHunter-Installer.exe ======================== MD5: B4CD9E8513C17C32224C70330A235296 Creation and modification date: 2015-02-28 13:14 - 2015-02-28 13:15 Size: 3044736 Attributes: ----A Company Name: Enigma Software Group USA, LLC. Internal Name: Installer.exe Original Name: Installer.exe Product Name: Installer Description: Enigma Installer File Version: 1.0.298.372 Product Version: 1.0.298.372 Copyright: Copyright 2003-2014. Enigma Software Group USA, LLC. All rights reserved. ====== End Of File: ====== ========================= file: C:\Users\RESO\AppData\Roaming\sp_data.sys ======================== MD5: 5CA9D0681DAB4EF84F87B8D22639BA1C Creation and modification date: 2015-02-27 15:38 - 2015-03-04 18:12 Size: 0000074 Attributes: ----A Company Name: Internal Name: Original Name: Product Name: Description: File Version: Product Version: Copyright: ====== End Of File: ====== ========================= folder: C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e ======================== Directory Not Found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51AA86B9-391D-4C1D-8DE0-94FEF6E51457} => Key not found. C:\Windows\System32\Tasks\FOUMHM not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FOUMHM => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88F03275-3636-4977-8A35-70628B442092} => Key not found. C:\Windows\System32\Tasks\BLZYASW not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BLZYASW => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{928F9601-0B3B-4DF4-BF44-03E10DF214C6} => Key not found. C:\Windows\System32\Tasks\{50279AC7-2083-4FF7-A406-6776252DB802} not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{50279AC7-2083-4FF7-A406-6776252DB802} => Key not found. C:\Windows\Tasks\FOUMHM.job not found. "c:\windows\System32\Tasks\FOUMHM" => File/Directory not found. "c:\windows\System32\Tasks\BLZYASW" => File/Directory not found. "c:\windowsSystem32\Tasks\{50279AC7-2083-4FF7-A406-6776252DB802}" => File/Directory not found. "C:\Users\RESO\AppData\Roaming\FOUMHM.exe" => File/Directory not found. "C:\ProgramData\3e2a3a4b2e7d4a2ca793dd4127047b9e\3e2a3a4b2e7d4a2ca793dd4127047b9e.exe" => File/Directory not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_fr_530 => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_259 => Value not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D} => Key not found. HKCR\CLSID\{5081D2D4-1637-404c-B74F-50526718257D} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D} => Key not found. HKCR\Wow6432Node\CLSID\{5081D2D4-1637-404c-B74F-50526718257D} => Key not found. qrnfd_1_10_0_9 => Service not found. "c:\windows\system32\drivers\qrnfd_1_10_0_9.sys" => File/Directory not found. "C:\Windows\Tasks\FOUMHM.job" => File/Directory not found. "C:\Users\RESO\AppData\Roaming\FOUMHM.exe" => File/Directory not found. "C:\Windows\System32\Tasks\FOUMHM" => File/Directory not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC" => File/Directory not found. "C:\Program Files (x86)\clean2PC" => File/Directory not found. "C:\ProgramData\SetStretch.cmd" => File/Directory not found. "C:\ProgramData\SetStretch.exe" => File/Directory not found. "C:\ProgramData\SetStretch.VBS" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\84119B98-C705-4D51-7590-22C23A5B69FD.dll" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\ccicabfceia.exe" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\cracked version of aero glass for windows 8.1__10924_i1473522581_il1111637.exe" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\Opera_NI_stable.exe" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\setup.exe" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\ShopperProJSINJFull.exe" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\SpOrder.dll" => File/Directory not found. "C:\Users\RESO\AppData\Local\Temp\tu17p84.exe" => File/Directory not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC\clean2PC.lnk" => File/Directory not found. "C:\Program Files (x86)\clean2PC" => File/Directory not found. EmptyTemp: => Removed 353.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 18:28:08 ==== ========= End of CMD: ========= ==== End of Fixlog 19:04:44 ====