Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Marcollose at 2015-06-02 23:11:41 Run:1
Running from C:\Users\Marcollose\Downloads\FRST-OlderVersion
Loaded Profiles: Marcollose (Available Profiles: Marcollose)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
EmptyTemp:
CreateRestorePoint:
Task: {29FCE178-FE1C-433F-BB99-98A1230FC6DB} - System32\Tasks\{03EB3E30-B8E8-4761-95E2-3A207F65FFB4} => pcalua.exe -a C:\Users\Marcollose\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
Task: {4BB010ED-7B2F-45F2-A0C5-4687A206D15B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7308CEBD-0D2A-448C-A5B9-2F9FFA2D1067} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Marcollose\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {7548F94E-98BD-42DF-AB0E-749FDC1F5810} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {9B154A9F-786C-4F81-ABDC-24D02FF1FEB0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E35C023B-36AE-459F-A594-86A78DEBFB51} - System32\Tasks\Run_Browser => C:\Users\Marcollose\AppData\Local\UnicoBrowser\Application\unicobrowser.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\678a7185-5455-440b-b575-a67817b3d169-10_user.job => C:\Program Files (x86)\Cinema PlusV14.04-ntf\678a7185-5455-440b-b575-a67817b3d169-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
FirewallRules: [TCP Query User{F57DB331-BB83-44A5-9DA6-699F26D00DD4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3BF99CE9-1A20-40D6-8456-DFA77666D1B8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{E6BC5D92-EA47-452B-956E-01F65CDA1044}] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{5F3FE904-A1D4-44FA-BD2C-4A9FAECB4841}] => (Block) C:\program files\java\jre7\bin\javaw.exe
HKLM-x32\...\Run: [gmsd_fr_421] => [X]
HKLM-x32\...\Run: [gmsd_fr_431] => [X]
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Run: [EpicScale] => [X]
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Run: [ContentAgent] => C:\Users\Marcollose\AppData\Local\ContentAgent.exe [109568 2014-03-21] ()
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Run: [ContentFinder] => C:\Users\Marcollose\AppData\Local\ContentFinder.exe [161280 2014-03-14] (ContentFinder Company)
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Run: [CommonLauncher] => C:\Users\Marcollose\AppData\Local\CommonLauncher.exe [210944 2014-03-12] (VDC Company)
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Run: [WindApp] => "C:\Users\Marcollose\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Run: [Selection Tools] => "C:\Users\Marcollose\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Run: [HKCU] => C:\Users\Marcollose\AppData\Local\Temp\Rar$EXa0.729 [0 2015-05-24] () <===== ATTENTION
Startup: C:\Users\Marcollose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-16]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.<!DOCTYPE html>?type=hppppppppppppppppppppppppppppppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1423265587&from=smt&uid=SamsungXSSDX840XSeries_S19HNEAD307067V&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.<!DOCTYPE html>?type=hppppppppppppppppppppppppppppppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1423265587&from=smt&uid=SamsungXSSDX840XSeries_S19HNEAD307067V&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1711936963-1032946900-3355487878-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M1F126693-4F51-4B71-8C3B-2D6DACFF0255&SearchSource=58&CUI=&UM=8&UP=SP0E791457-97A7-45AF-803A-352C51DDD113&q={searchTerms}&D=041615&SSPV=
SearchScopes: HKU\S-1-5-21-1711936963-1032946900-3355487878-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=SamsungXSSDX840XSeries_S19HNEAD307067V&ts=1423265645&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1711936963-1032946900-3355487878-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=SamsungXSSDX840XSeries_S19HNEAD307067V&ts=1423265645&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1711936963-1032946900-3355487878-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=SamsungXSSDX840XSeries_S19HNEAD307067V&ts=1423265645&type=default&q={searchTerms}
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1423265587&from=smt&uid=SamsungXSSDX840XSeries_S19HNEAD307067V
FF Homepage: hxxp://www.<!DOCTYPE html>?type=hppppppppppppppppppppppppppppppp
FF SearchPlugin: C:\Users\Marcollose\AppData\Roaming\Mozilla\Firefox\Profiles\gzlhrpen.default\searchplugins\mystartsearch.xml [2015-02-18]
FF SearchPlugin: C:\Users\Marcollose\AppData\Roaming\Mozilla\Firefox\Profiles\gzlhrpen.default\searchplugins\trovi.xml [2015-04-16]
FF HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\...\Firefox\Extensions: [SoundFrost@helper.com] - C:\Program Files (x86)\keepvid\SoundFrost.xpi
FF Extension: No Name - C:\Program Files (x86)\keepvid\SoundFrost.xpi [2015-04-16]
C:\Program Files (x86)\keepvid
R1 {369f59d7-4d51-422d-a5d9-ec096787635f}Gw64; C:\Windows\System32\drivers\{369f59d7-4d51-422d-a5d9-ec096787635f}Gw64.sys [48776 2015-04-15] (StdLib)
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
C:\Windows\System32\drivers\{369f59d7-4d51-422d-a5d9-ec096787635f}Gw64.sys
2015-03-26 21:14 - 2015-04-18 16:03 - 0000385 _____ () C:\Users\Marcollose\AppData\Roaming\ACXWGNVQ
2015-04-16 00:18 - 2015-04-16 00:19 - 0001282 _____ () C:\Users\Marcollose\AppData\Roaming\Bubble Dock.boostrap.log
2015-04-16 00:18 - 2015-04-16 00:19 - 0005743 _____ () C:\Users\Marcollose\AppData\Roaming\Bubble Dock.installation.log
2015-03-26 21:14 - 2015-03-26 21:14 - 0004185 _____ () C:\Users\Marcollose\AppData\Roaming\PYSAL
2015-04-16 00:19 - 2015-04-16 00:19 - 0000078 _____ () C:\Users\Marcollose\AppData\Roaming\Selection Tools.installation.log
2015-04-16 00:18 - 2015-04-16 00:18 - 0000097 _____ () C:\Users\Marcollose\AppData\Roaming\WindApp.boostrap.log
2015-04-16 00:19 - 2015-04-16 00:19 - 0000078 _____ () C:\Users\Marcollose\AppData\Roaming\WindApp.installation.log
2015-04-16 00:18 - 2014-03-14 14:25 - 0161280 _____ (ContentFinder Company) C:\Users\Marcollose\AppData\Local\ContentFinder.exe
2015-04-16 00:18 - 2014-03-21 10:25 - 0109568 _____ () C:\Users\Marcollose\AppData\Local\ContentAgent.exe
C:\Program Files (x86)\AnyProtectEx
C:\Users\Marcollose\AppData\Roaming\mystartsearch
C:\Users\Marcollose\AppData\Local\SmartWeb
C:\Program Files (x86)\Cinema PlusV14.04-ntf
C:\Users\Marcollose\AppData\Local\UnicoBrowser
C:\Users\Marcollose\AppData\Local\ContentAgent.exe
C:\Users\Marcollose\AppData\Local\ContentFinder.exe
C:\Users\Marcollose\AppData\Local\CommonLauncher.exe
C:\Users\Marcollose\AppData\Roaming\Store\WindApp
C:\Users\Marcollose\AppData\Roaming\WTools
C:\ProgramData\{0554d145-3ee6-dcd6-0554-4d1453ee4514}
[-HKCU\Software\XtremeRAT]
[-HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\XtremeRAT]
end
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29FCE178-FE1C-433F-BB99-98A1230FC6DB}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29FCE178-FE1C-433F-BB99-98A1230FC6DB}" => key Removed successfully
C:\Windows\System32\Tasks\{03EB3E30-B8E8-4761-95E2-3A207F65FFB4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{03EB3E30-B8E8-4761-95E2-3A207F65FFB4}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BB010ED-7B2F-45F2-A0C5-4687A206D15B}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB010ED-7B2F-45F2-A0C5-4687A206D15B}" => key Removed successfully
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7308CEBD-0D2A-448C-A5B9-2F9FFA2D1067}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7308CEBD-0D2A-448C-A5B9-2F9FFA2D1067}" => key Removed successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7548F94E-98BD-42DF-AB0E-749FDC1F5810}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7548F94E-98BD-42DF-AB0E-749FDC1F5810}" => key Removed successfully
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B154A9F-786C-4F81-ABDC-24D02FF1FEB0}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B154A9F-786C-4F81-ABDC-24D02FF1FEB0}" => key Removed successfully
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E35C023B-36AE-459F-A594-86A78DEBFB51}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E35C023B-36AE-459F-A594-86A78DEBFB51}" => key Removed successfully
C:\Windows\System32\Tasks\Run_Browser => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Browser" => key Removed successfully
C:\WINDOWS\Tasks\678a7185-5455-440b-b575-a67817b3d169-10_user.job => Moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP1.job => Moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP2.job => Moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP3.job => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F57DB331-BB83-44A5-9DA6-699F26D00DD4}C:\program files\java\jre7\bin\javaw.exe => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3BF99CE9-1A20-40D6-8456-DFA77666D1B8}C:\program files\java\jre7\bin\javaw.exe => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6BC5D92-EA47-452B-956E-01F65CDA1044} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F3FE904-A1D4-44FA-BD2C-4A9FAECB4841} => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_421 => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_431 => value Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EpicScale => value Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ContentAgent => value Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ContentFinder => value Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CommonLauncher => value Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => value Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Selection Tools => value Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU => value Removed successfully
C:\Users\Marcollose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key Removed successfully
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key Removed successfully
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found.
"HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key Removed successfully
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox homepage Removed successfully
C:\Users\Marcollose\AppData\Roaming\Mozilla\Firefox\Profiles\gzlhrpen.default\searchplugins\mystartsearch.xml => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\Mozilla\Firefox\Profiles\gzlhrpen.default\searchplugins\trovi.xml => Moved successfully.
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\Mozilla\Firefox\Extensions\\SoundFrost@helper.com => value Removed successfully
C:\Program Files (x86)\keepvid\SoundFrost.xpi => Moved successfully.
C:\Program Files (x86)\keepvid => Moved successfully.
{369f59d7-4d51-422d-a5d9-ec096787635f}Gw64 => Unable to stop service.
{369f59d7-4d51-422d-a5d9-ec096787635f}Gw64 => Service Removed successfully
innfd_1_10_0_14 => Service Removed successfully
C:\Windows\System32\drivers\{369f59d7-4d51-422d-a5d9-ec096787635f}Gw64.sys => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\ACXWGNVQ => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\Bubble Dock.boostrap.log => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\Bubble Dock.installation.log => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\PYSAL => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\Selection Tools.installation.log => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\WindApp.boostrap.log => Moved successfully.
C:\Users\Marcollose\AppData\Roaming\WindApp.installation.log => Moved successfully.
C:\Users\Marcollose\AppData\Local\ContentFinder.exe => Moved successfully.
C:\Users\Marcollose\AppData\Local\ContentAgent.exe => Moved successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Folder not found.
C:\Users\Marcollose\AppData\Roaming\mystartsearch => Moved successfully.
C:\Users\Marcollose\AppData\Local\SmartWeb => Moved successfully.
C:\Program Files (x86)\Cinema PlusV14.04-ntf => Moved successfully.
C:\Users\Marcollose\AppData\Local\UnicoBrowser => Moved successfully.
"C:\Users\Marcollose\AppData\Local\ContentAgent.exe" => File/Folder not found.
"C:\Users\Marcollose\AppData\Local\ContentFinder.exe" => File/Folder not found.
C:\Users\Marcollose\AppData\Local\CommonLauncher.exe => Moved successfully.
"C:\Users\Marcollose\AppData\Roaming\Store\WindApp" => File/Folder not found.
C:\Users\Marcollose\AppData\Roaming\WTools => Moved successfully.
C:\ProgramData\{0554d145-3ee6-dcd6-0554-4d1453ee4514} => Moved successfully.
HKCU\Software\XtremeRAT => key Removed successfully
HKU\S-1-5-21-1711936963-1032946900-3355487878-1001\Software\XtremeRAT => key not found.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 23:12:13 ====