Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-05-2014
Ran by Natalia at 2014-05-23 13:41:13 Run:1
Running from C:\Users\Natalia\Downloads
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc) C:\Program Files\Settings Manager\systemk\systemku.exe
() C:\Users\Natalia\AppData\Local\winlogon.exe
() C:\Users\Natalia\AppData\Local\services.exe
() C:\Users\Natalia\AppData\Local\lsass.exe
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 SystemkService; C:\Program Files\Settings Manager\systemk\SystemkService.exe [3543056 2014-05-12] (Aztec Media Inc)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg [31120 2014-05-12] (Aztec Media Inc)
HKLM\...\Run: [Bron-Spizaetus] => C:\Windows\ShellNew\sempalong.exe [42734 2008-01-02] ()
HKLM\...\Winlogon: [Shell] Explorer.exe "C:\Windows\eksplorasi.exe" [x ] ()
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Natalia\AppData\Local\smss.exe [42734 2008-01-02] ()
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\...\Policies\Explorer: [NoFolderOptions] 1
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [490000 2014-05-12] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=175&itype=a&ver=12627&tm=350&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=175&itype=a&ver=12627&tm=350&src=ds&p={searchTerms}
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
ShortcutWithArgument: C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
ShortcutWithArgument: C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
ShortcutWithArgument: C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
ShortcutWithArgument: C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
ShortcutWithArgument: C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=sc&ts=1400414405&from=sof&uid=SAMSUNGXHM321HI_S25WJ9DB112496
CMD: for /d %f in (C:\Users\Natalia\AppData\Local\*bron*) do rd /s /q "%f"
C:\Users\Natalia\AppData\Local\*bron*
C:\Users\Natalia\AppData\Local\*.exe
C:\Users\Natalia\AppData\Local\*.txt
C:\Users\Natalia\Downloads\SoftonicDownloader_dla_spss-16.exe
C:\Windows\eksplorasi.exe
C:\Windows\ShellNew\sempalong.exe
C:\autorun.inf
D:\autorun.inf
E:\autorun.inf
Reboot:

*****************

C:\ProgramData\IePluginService\PluginService.exe => No running process found
C:\ProgramData\WPM\wprotectmanager.exe => No running process found
C:\Program Files\Settings Manager\systemk\SystemkService.exe => No running process found
C:\Program Files\Settings Manager\systemk\SystemkService.exe => No running process found
C:\Program Files\Settings Manager\systemk\systemku.exe => No running process found
[1164] C:\Users\Natalia\AppData\Local\winlogon.exe => Process closed successfully.
[1220] C:\Users\Natalia\AppData\Local\services.exe => Process closed successfully.
[1260] C:\Users\Natalia\AppData\Local\lsass.exe => Process closed successfully.
IePluginService => Service deleted successfully.
SystemkService => Service deleted successfully.
Wpm => Service deleted successfully.
F06DEFF2-5B9C-490D-910F-35D3A91196222 => Service deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus => Value deleted successfully.
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => Value deleted successfully.
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\S-1-5-21-3717591281-2072224576-1635484359-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe => Key deleted successfully.
C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument was removed successfully.
C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully.
C:\Users\Natalia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully.
C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument was removed successfully.
C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully.
C:\Users\Natalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument was removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument was removed successfully.

=========  for /d %f in (C:\Users\Natalia\AppData\Local\*bron*) do rd /s /q "%f" =========


========= End of CMD: =========

C:\Users\Natalia\AppData\Local\*bron* => Moved successfully.
C:\Users\Natalia\AppData\Local\*.exe => Moved successfully.
C:\Users\Natalia\AppData\Local\*.txt => Moved successfully.
C:\Users\Natalia\Downloads\SoftonicDownloader_dla_spss-16.exe => Moved successfully.
C:\Windows\eksplorasi.exe => Moved successfully.
C:\Windows\ShellNew\sempalong.exe => Moved successfully.
C:\autorun.inf => Moved successfully.
D:\autorun.inf => Moved successfully.
E:\autorun.inf => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====