Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by ksa at 2014-12-08 08:19:21 Run:1
Running from C:\Users\ksa\Desktop
Loaded Profiles: ksa & QBDataServiceUser24 & QBDataServiceUser25 (Available profiles: ksa & QBDataServiceUser24 & QBDataServiceUser25)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
URLSearchHook: HKU\S-1-5-21-3471586700-3200612355-1300292554-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKU\S-1-5-21-3471586700-3200612355-1300292554-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Tcpip\..\Interfaces\{E49CA6C1-70C6-4278-8802-F734A9BC85AC}: [NameServer] 31.168.224.106,5.135.12.52
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3471586700-3200612355-1300292554-1000: @spoon.net/Spoon Plugin 3.32 -> C:\Users\ksa\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll No File
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC132A86C-AD78-4EDB-8464-576CC4E5087F&SearchSource=55&CUI=&UM=5&UP=SP50BA7093-FB0F-402C-B109-06FD3EBCE50F&SSPV=", "", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_12_ch&cd=2XzuyEtN2Y1L1QzutCzztDtAyBtA0ByCzz0D0Bzz0C0ByEtDtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EzzzzzytCyEyDtGyD0BzzyDtGzy0DyDyCtGyB0DtBzytGyEzz0AyB0BzztAtAzz0F0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0BtCyD0FtCyCtG0DyEyC0CtGyEtBzz0AtG0E0DtB0EtGtBtByDtCtDtAyByEyC0AtD0A2Q&cr=2026194831&ir=", "hxxp://www.msn.com/", "hxxp://Vosteran.com/?f=7&a=vst_dnldstr_14_49_ch_na01_mi01&cd=2XzuyEtN2Y1L1QzutCzztDtAyBtA0ByCzz0D0Bzz0C0ByEtDtN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCyCtAtC0FyCtDtGtCyEyDtAtGyEyCtBtCtGyCyCtB0EtGyCtD0C0EzztCyDyCyE0A0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EtAzztC0A0AyCtG0BtD0CyBtGyEyByDtCtGzyyEtBtCtGyEtByB0ByDyEtD0DyCtBtDyB2Q&cr=1501281201&ir=", "hxxp://Vosteran.com/?f=7&a=vst_coinis_14_49_other_na01_mi01&cd=2XzuyEtN2Y1L1QzutCzztDtAyBtA0ByCzz0D0Bzz0C0ByEtDtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtCyBtDtC0Azz0BtGzytBzztDtG0A0A0BtDtGyD0F0EtAtGyCyE0B0C0B0CtCzy0FtB0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EtAzztC0A0AyCtG0BtD0CyBtGyEyByDtCtGzyyEtBtCtGyEtByB0ByDyEtD0DyCtBtDyB2Q&cr=1129609138&ir="
CHR HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ksa\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-29]
CHR HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 KromtechAccountService; "C:\Program Files\Kromtech\Common\AccountService.exe" [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2014-12-04 17:31 - 2014-12-05 20:39 - 00000000 ____D () C:\Users\ksa\Documents\Ad-Aware
2014-12-04 14:33 - 2014-12-04 14:33 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-04 14:33 - 2014-12-04 14:33 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-04 14:33 - 2014-12-04 14:33 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-04 14:33 - 2014-12-04 14:33 - 00000000 ____D () C:\Users\ksa\AppData\Roaming\LavasoftStatistics
2014-12-04 14:33 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-04 14:33 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-02 14:51 - 2014-12-02 14:51 - 00002978 _____ () C:\Windows\System32\Tasks\{0790C947-D178-40EF-BB7F-92335EC5F734}
2014-11-30 15:37 - 2014-12-07 20:11 - 00001326 _____ () C:\Windows\Tasks\KIZO.job
2014-11-30 15:37 - 2014-11-30 15:37 - 00004344 _____ () C:\Windows\System32\Tasks\KIZO
2014-11-29 16:14 - 2014-12-07 20:11 - 00001322 _____ () C:\Windows\Tasks\ZG.job
2014-11-29 16:14 - 2014-11-29 16:14 - 00004340 _____ () C:\Windows\System32\Tasks\ZG
2014-11-26 05:58 - 2014-11-26 05:58 - 00002964 _____ () C:\Windows\System32\Tasks\{884B4890-C5B4-4B57-86E2-05F29758A603}
2014-11-26 05:58 - 2014-11-26 05:58 - 00002964 _____ () C:\Windows\System32\Tasks\{7B7570C7-75D6-40CC-87CE-6259661E4CAC}
C:\Users\ksa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivxxvm.dll
Task: {054CE56F-0EC4-4084-B159-EAA719437A5E} - System32\Tasks\KIZO => C:\Users\ksa\AppData\Roaming\KIZO.exe <==== ATTENTION
Task: {057E8245-C861-4DD4-8A5B-3B4C9A5DF701} - System32\Tasks\ZG => C:\Users\ksa\AppData\Roaming\ZG.exe <==== ATTENTION
Task: C:\Windows\Tasks\KIZO.job => C:\Users\ksa\AppData\Roaming\KIZO.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZG.job => C:\Users\ksa\AppData\Roaming\ZG.exe <==== ATTENTION
EmptyTemp:
CMD: ipconfig /flushdns
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value deleted successfully.
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
"HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKCR\PROTOCOLS\Handler\intu-help-qb5" => Key deleted successfully.
"HKCR\CLSID\{867FCB77-9823-4cd6-8210-D85F968D466F}" => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E49CA6C1-70C6-4278-8802-F734A9BC85AC}\\NameServer => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32" => Key deleted successfully.
C:\Users\ksa\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll not found.
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found] not found.
Chrome StartupUrls deleted successfully.
"HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
C:\Users\ksa\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
"HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
51cdb72 => Service deleted successfully.
KromtechAccountService => Service deleted successfully.
OutfoxTvService => Service deleted successfully.
SBRE => Service deleted successfully.
C:\Users\ksa\Documents\Ad-Aware => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpService.ini => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini => Moved successfully.
C:\Windows\system32\LavasoftTcpServiceOff.ini => Moved successfully.
C:\Users\ksa\AppData\Roaming\LavasoftStatistics => Moved successfully.
C:\Windows\system32\LavasoftTcpService64.dll => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpService.dll => Moved successfully.
C:\Windows\System32\Tasks\{0790C947-D178-40EF-BB7F-92335EC5F734} => Moved successfully.
C:\Windows\Tasks\KIZO.job => Moved successfully.
C:\Windows\System32\Tasks\KIZO => Moved successfully.
C:\Windows\Tasks\ZG.job => Moved successfully.
C:\Windows\System32\Tasks\ZG => Moved successfully.
C:\Windows\System32\Tasks\{884B4890-C5B4-4B57-86E2-05F29758A603} => Moved successfully.
C:\Windows\System32\Tasks\{7B7570C7-75D6-40CC-87CE-6259661E4CAC} => Moved successfully.
"C:\Users\ksa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivxxvm.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{054CE56F-0EC4-4084-B159-EAA719437A5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{054CE56F-0EC4-4084-B159-EAA719437A5E}" => Key deleted successfully.
C:\Windows\System32\Tasks\KIZO not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KIZO" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{057E8245-C861-4DD4-8A5B-3B4C9A5DF701}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{057E8245-C861-4DD4-8A5B-3B4C9A5DF701}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZG not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZG" => Key deleted successfully.
C:\Windows\Tasks\KIZO.job not found.
C:\Windows\Tasks\ZG.job not found.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => Removed 36.3 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====