Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014 Ran by Asia at 2014-07-30 20:25:14 Run:1 Running from C:\Users\Asia\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe SearchScopes: HKCU - {4B684257-ACCB-4E9E-B679-F8904863B7C6} URL = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=KMPV6&itbv=11.8.1.343&o=APN10749&locale=en_US&apn_uid=DD8F68F7-058F-4651-B1C3-EA5FE75FEAD2&apn_ptnrs=^AUC&apn_dtid=^YYYYYY^YY^PL&apn_dbr=ie_9.0.8112.16476&doi=2013-05-03&q={searchTerms}& BHO: HDPlus-V1.9 -> {11111111-1111-1111-1111-110511951170} -> C:\Program Files (x86)\HDPlus-V1.9\HDPlus-V1.9-bho64.dll (HDPlus) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: HDPlus-V1.9 -> {11111111-1111-1111-1111-110511951170} -> C:\Program Files (x86)\HDPlus-V1.9\HDPlus-V1.9-bho.dll (HDPlus) C:\Users\Asia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmpjohfgidbnmmihaholohmeccijgog S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] S2 kxescore; "c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S1 KDHacker; \??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [X] S2 kisknl; \??\C:\windows\system32\drivers\kisknl.sys [X] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] Task: {8EBF2612-A17F-41EB-AA90-5BB2471A1A86} - System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1 => C:\Program Files (x86)\HDPlus-V1.9\HDPlus-V1.9-codedownloader.exe [2014-07-10] (HDPlus) Task: {9ABF67A6-C1E7-4711-96DE-07DF29286ABA} - System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6 => C:\Program Files (x86)\HDPlus-V1.9\HDPlus-V1.9-novainstaller.exe [2014-07-10] (HDPlus) Task: {A3B2CF2E-37AB-4650-A8FB-8E48074EDE09} - System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2 => C:\Program Files (x86)\HDPlus-V1.9\c9d77c59-0ff5-4036-8806-71115fd01f45-2.exe [2014-07-10] (HDPlus) Task: {A6364819-5EA8-431D-80ED-86403287B6B4} - System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5 => C:\Program Files (x86)\HDPlus-V1.9\c9d77c59-0ff5-4036-8806-71115fd01f45-5.exe [2014-07-10] (HDPlus) Task: {A8888509-C605-4397-8E74-B7E4BDDAE0FD} - System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user => C:\Program Files (x86)\HDPlus-V1.9\c9d77c59-0ff5-4036-8806-71115fd01f45-5.exe [2014-07-10] (HDPlus) Task: {82CEBF28-9CCE-40C9-83A3-AA4A8CD33384} - System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4 => C:\Program Files (x86)\HDPlus-V1.9\c9d77c59-0ff5-4036-8806-71115fd01f45-4.exe [2014-07-10] (HDPlus) ***************** "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B684257-ACCB-4E9E-B679-F8904863B7C6}" => Key deleted successfully. "HKCR\CLSID\{4B684257-ACCB-4E9E-B679-F8904863B7C6}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951170}" => Key deleted successfully. "HKCR\CLSID\{11111111-1111-1111-1111-110511951170}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511951170}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511951170}" => Key deleted successfully. C:\Users\Asia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmpjohfgidbnmmihaholohmeccijgog => Moved successfully. AdobeARMservice => Service deleted successfully. kxescore => Service deleted successfully. ewusbnet => Service deleted successfully. KDHacker => Service deleted successfully. kisknl => Service deleted successfully. RimUsb => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EBF2612-A17F-41EB-AA90-5BB2471A1A86}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EBF2612-A17F-41EB-AA90-5BB2471A1A86}" => Key deleted successfully. C:\Windows\System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c9d77c59-0ff5-4036-8806-71115fd01f45-1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9ABF67A6-C1E7-4711-96DE-07DF29286ABA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9ABF67A6-C1E7-4711-96DE-07DF29286ABA}" => Key deleted successfully. C:\Windows\System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-6 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c9d77c59-0ff5-4036-8806-71115fd01f45-6" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3B2CF2E-37AB-4650-A8FB-8E48074EDE09}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3B2CF2E-37AB-4650-A8FB-8E48074EDE09}" => Key deleted successfully. C:\Windows\System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c9d77c59-0ff5-4036-8806-71115fd01f45-2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6364819-5EA8-431D-80ED-86403287B6B4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6364819-5EA8-431D-80ED-86403287B6B4}" => Key deleted successfully. C:\Windows\System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c9d77c59-0ff5-4036-8806-71115fd01f45-5" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8888509-C605-4397-8E74-B7E4BDDAE0FD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8888509-C605-4397-8E74-B7E4BDDAE0FD}" => Key deleted successfully. C:\Windows\System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c9d77c59-0ff5-4036-8806-71115fd01f45-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{82CEBF28-9CCE-40C9-83A3-AA4A8CD33384}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82CEBF28-9CCE-40C9-83A3-AA4A8CD33384}" => Key deleted successfully. C:\Windows\System32\Tasks\c9d77c59-0ff5-4036-8806-71115fd01f45-4 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c9d77c59-0ff5-4036-8806-71115fd01f45-4" => Key deleted successfully. ==== End of Fixlog ====