###### Ultra adware killer scan report ###### Ultra Adware Killer version: 7.5.4.0 (64bits). UAK database number: 1325. Windows version: Windows 8 64-bit Internet Explorer version: 10.00.9200.16384 (win8_rtm.120725-1247) Google Chrome version: 71.0.3578.98 Mozilla Firefox version: 64.0 Scan started by user: Jean-Marie. Option "Scan all users": Checked. Scan start time: 2019/01/14 09:00:03. Note: Registry paths may contain prefixes for easier identification of the corresponding registry key: HKLM32: The 32 bit portion of the HKEY_LOCAL_MACHINE key, in 64 bit Windows versions. HKLM64: The 64 bit portion of the HKEY_LOCAL_MACHINE key, in 64 bit Windows versions. @: A user's registry key (HKEY_USERS\). ->Programs scan: Detected program: GOM Player Uninstall key: HKLM32\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GOM Player Folder path: C:\Program Files (x86)\GRETECH\GOMPlayer User name : (All users) Item state: Unchecked Detected program: SkinPack Noble Uninstall key: HKLM32\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkinPack Folder path: C:\SkinPack User name : (All users) Item state: Checked Detected file object: Advanced Identity Protector Path: C:\Users\Jean-Marie\AppData\Roaming\Advanced Identity Protector User name : Jean-Marie Item state: Checked Detected file object: Ashampoo Backup Path: C:\Users\Jean-Marie\AppData\Local\Ashampoo Backup User name : Jean-Marie Item state: Checked Detected file object: Baidu Path: C:\ProgramData\Baidu User name : (All users) Item state: Checked Detected file object: Caphyon Path: C:\ProgramData\Caphyon User name : (All users) Item state: Checked Detected file object: Hotspot Shield Path: C:\ProgramData\Hotspot Shield User name : (All users) Item state: Checked Detected file object: Winamp Path: C:\Program Files (x86)\Winamp User name : (All users) Item state: Checked ->Autostart scan: Registry autostart entries: Name: Free Download Manager User name: Jean-Marie Command: "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized Item state: Un-checked Name: AdobeGCInvoker-1.0 User name: (All users) Command: "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" Item state: Un-checked Name: Wondershare Helper Compact.exe User name: (All users) Command: C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe Item state: Un-checked Startup folder items: Scheduled tasks scan (root folder only): Task name: Adobe Acrobat Update Task User name: (All users) Command: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Item state: Un-checked Task name: AdobeGCInvoker-1.0-MicrosoftAccount-jean-marie.carribon@wanadoo.fr User name: (All users) Command: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled Item state: Un-checked Task name: ASCU11_PerformanceMonitor User name: (All users) Command: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe /Task Item state: Un-checked Task name: ASCU11_SkipUac_Jean-Marie User name: (All users) Command: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe /SkipUac Item state: Un-checked Task name: ASCU_ASCTray_Auto User name: (All users) Command: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe /AlwaysShow Item state: Un-checked Task name: Avast Emergency Update User name: (All users) Command: C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Item state: Un-checked Task name: CCAVPostInstall User name: (All users) Command: C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe -postinstall Item state: Un-checked Task name: CorelUpdateHelperTaskCore User name: (All users) Command: c:\Program Files (x86)\Corel\CUH\v2\CUH.exe /t Item state: Un-checked Task name: DropboxUpdateTaskMachineCore User name: (All users) Command: C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c Item state: Un-checked Task name: DropboxUpdateTaskMachineUA User name: (All users) Command: C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler Item state: Un-checked Task name: EPSON XP-710 Series Invitation {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B} User name: (All users) Command: C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE /EXE:"{2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B}" /F:"Invitation" Item state: Un-checked Task name: EPSON XP-710 Series Update {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B} User name: (All users) Command: C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE /EXE:"{2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B}" /F:"Update" Item state: Un-checked Task name: GoogleUpdateTaskMachineCore User name: (All users) Command: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Item state: Un-checked Task name: GoogleUpdateTaskMachineCore1d4a1bec409fa5e User name: (All users) Command: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Item state: Un-checked Task name: GoogleUpdateTaskMachineUA User name: (All users) Command: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Item state: Un-checked Task name: OneSafe PC Cleaner automatic scan and notifications User name: (All users) Command: "C:\OneSafe PC Cleaner\OSPCNotifications.exe" Item state: Un-checked Task name: Opera scheduled Autoupdate 1536011848 User name: (All users) Command: C:\Users\Jean-Marie\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) Item state: Un-checked Task name: PowerDirectorStyleAgent User name: (All users) Command: C:\Program Files (x86)\CyberLink\Shared files\PDStyleAgent\PDStyleAgent.exe Item state: Un-checked Task name: Process Lasso Core Engine Only User name: (All users) Command: "C:\Program Files\Process Lasso\processgovernor.exe" Item state: Un-checked Task name: Process Lasso Management Console (GUI) User name: (All users) Command: "C:\Program Files\Process Lasso\processlasso.exe" Item state: Un-checked Task name: SmartyUninstallerLauncher User name: (All users) Command: C:\Program Files\Smarty Uninstaller 4\SmartyUninstaller.exe Item state: Un-checked Task name: Uninstaller_SkipUac_Jean-Marie User name: (All users) Command: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer Item state: Un-checked Task name: User_Feed_Synchronization-{894F9756-3BDE-4E8A-AC50-A7CC1E86F4AD} User name: (All users) Command: C:\Windows\system32\msfeedssync.exe sync Item state: Un-checked AppInit_DLLs scan: DNS hijackers scan: Name: 156.154.70.25,156.154.71.25 User name: (All users) Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B389AB24-C362-4FAB-B29C-601C91B5A911} Value name: NameServer Item state: Un-checked ->Microsoft Edge scan: Microsoft Edge extensions: Microsoft Edge reset options: ->Internet Explorer scan: Internet Explorer home and search pages: Internet Explorer search providers: Name: Obtenez Emails - Powered by Yahoo! User name: Jean-Marie URL: http://query.obtenezemail.com/s?uc=20181206&source=gdfremie172890-iei&i_id=email_1.30&uid=d7b8d170-1667-fbdd-3430-885f7bc1ead2&ap=romb&query={searchTerms} Item state: Checked Name: Propositions de recherche Amazon.fr User name: Jean-Marie URL: http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} Item state: Checked Name: Mon Convertisseur - Powered by Yahoo! User name: Jean-Marie URL: http://query.monconvertisseur.com/s?uc=20181204&i_id=converter__1.30&uid=0d090a60-4bbd-a1a3-3dfc-f1f27bd9e668&source=gdfrcoci72890&ap=romb&query={searchTerms} Item state: Checked Name: Recherche User name: Jean-Marie URL: http://www.fr-gogo.com/search?q={searchTerms} Item state: Checked Name: Yahoo User name: Jean-Marie URL: http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF Item state: Checked Name: eBay User name: Jean-Marie URL: http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} Item state: Checked Name: Propositions de recherche Amazon.fr User name: postgres URL: http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} Item state: Checked Name: Yahoo User name: postgres URL: http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF Item state: Checked Name: eBay User name: postgres URL: http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} Item state: Checked Name: Ask.com User name: DefaultUser URL: http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF Item state: Checked Name: Propositions de recherche Amazon.fr User name: DefaultUser URL: http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} Item state: Checked Name: Yahoo User name: DefaultUser URL: http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF Item state: Checked Name: eBay User name: DefaultUser URL: http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} Item state: Checked Name: Propositions de recherche Amazon.fr User name: (All users) URL: http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} Item state: Checked Name: Yahoo User name: (All users) URL: http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF Item state: Checked Name: eBay User name: (All users) URL: http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} Item state: Checked Name: Propositions de recherche Amazon.fr User name: (All users) URL: http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} Item state: Checked Name: Yahoo User name: (All users) URL: http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF Item state: Checked Name: eBay User name: (All users) URL: http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} Item state: Checked Internet Explorer ad-ons: Name: Block miscellaneous advertisements User name: Jean-Marie File: C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll Item state: Checked Name: IDM integration (IDMIEHlprObj Class) User name: Jean-Marie File: C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll Item state: Checked Name: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} User name: Jean-Marie File: The CLSID key for this Ad-on does not exist. Item state: Checked Name: {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} User name: Jean-Marie File: C:\Program Files (x86)\UX Pack\OldNewExplorer\OldNewExplorer64.dll Item state: Checked Name: {53707962-6F74-2D53-2644-206D7942484F} User name: Jean-Marie File: The CLSID key for this Ad-on does not exist. Item state: Checked Name: IDMDwnlMgr Class User name: Jean-Marie File: C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll Item state: Checked Name: VLC ActiveX Plugin and IE Web Plugin v2 User name: Jean-Marie File: C:\Program Files\VideoLAN\VLC\axvlc.dll Item state: Checked Name: {9BE66CC0-1DD1-11B2-8617-E3A3ED26E3B0} User name: Jean-Marie File: The CLSID key for this Ad-on does not exist. Item state: Checked Name: IDM integration (IDMIEHlprObj Class) User name: Système File: C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll Item state: Checked Name: {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} User name: (All users) File: C:\Program Files (x86)\UX Pack\OldNewExplorer\OldNewExplorer64.dll Item state: Checked Name: {53707962-6F74-2D53-2644-206D7942484F} User name: (All users) File: The CLSID key for this Ad-on does not exist. Item state: Checked Name: {75579960-3DAF-4389-9CFA-C2BB270C91E6} User name: (All users) File: The CLSID key for this Ad-on does not exist. Item state: Checked Name: Deployment Toolkit User name: (All users) File: C:\Windows\SysWOW64\deployJava1.dll Item state: Checked Internet Explorer shortcuts: Shortcut path: C:\Users\Jean-Marie\Desktop\AdsFix_Donate.lnk User name: Jean-Marie Arguments: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN Item state: Checked Internet Explorer's Group Policies: Internet Explorer and Shell reset options: Reset option: Reset IE's DOM Storage User name: Jean-Marie Info: Check this item if you want to reset IE's DOM Storage Item state: Un-checked ->Google Chrome scan: Google Chrome startup and home pages: Google Chrome search providers: Google Chrome extensions: Google Chrome shortcuts: Shortcut path: C:\Users\Jean-Marie\Desktop\Goodgame Big Farm.lnk User name: Jean-Marie Arguments: --app=https://bigfarm.goodgamestudios.com/?w=376971 --app-window-size=1280,1024 Item state: Un-checked Shortcut path: C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Big Farm\Goodgame Big Farm.lnk User name: Jean-Marie Arguments: --app=https://bigfarm.goodgamestudios.com/?w=376971 --app-window-size=1280,1024 Item state: Un-checked Shortcut path: C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire\Goodgame Empire.lnk User name: Jean-Marie Arguments: --app=https://empire.goodgamestudios.com/?w=376971 --app-window-size=1280,1024 Item state: Un-checked Chrome's Group Policies: Google Chrome reset options: ->Mozilla Firefox scan: Firefox startup pages: Firefox search plug-ins: Firefox extensions: Firefox shortcuts: Firefox reset options: Option name: Reset Firefox Ad-ons User name: Jean-Marie Path: C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\5786dgji.default\addons.json Item state: Unchecked Option name: Reset Firefox Extensions User name: Jean-Marie Path: C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\5786dgji.default\extensions Item state: Unchecked Option name: Reset Firefox User Search Providers User name: Jean-Marie Path: C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\5786dgji.default\searchplugins Item state: Unchecked Option name: Reset Firefox Settings User name: Jean-Marie Path: C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\5786dgji.default\prefs.js Item state: Unchecked ->Anti-Malware scan: Infected file objects: Path: C:\SkinPack\uninst.exe Threat level: Low Malware type: Heuristic.6953.13 Modified in: 2018/12/08 08:03:27 Item state: Checked Path: C:\Users\Jean-Marie\Desktop\LFS Hyper & UEFM Suite 2018.39\processclose_2_08.01.17.1 (1).exe Threat level: Medium Malware type: Malware.6864.23 Modified in: 2018/11/14 19:40:30 Item state: Checked Path: C:\Users\Jean-Marie\Desktop\processclose_2_08.01.17.1.exe Threat level: Medium Malware type: Malware.6864.23 Modified in: 2019/01/05 13:21:04 Item state: Checked Path: C:\Program Files (x86)\PDF-to-Word\demos\pdf2word.exe Threat level: Low Malware type: Malware.6723.9 Modified in: 2009/11/06 18:06:00 Item state: Checked Path: C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF-to-Word\PDF-to-Word Demo.lnk Threat level: Low Malware type: Malware.6723.9 Modified in: 2019/01/11 20:03:00 Item state: Checked Path: C:\OneSafe PC Cleaner\OneSafePCCleaner.exe Threat level: Low Malware type: PUP.6952.11 Modified in: 2018/12/19 13:17:26 Item state: Checked Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner\Güncellemeleri kontrol et.lnk Threat level: Low Malware type: PUP.6952.11 Modified in: 2019/01/14 06:08:09 Item state: Checked Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner\OneSafe PC Cleaner.lnk Threat level: Low Malware type: PUP.6952.11 Modified in: 2019/01/14 06:08:08 Item state: Checked Path: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner\Vérifiez les mises à jour.lnk Threat level: Low Malware type: PUP.6952.11 Modified in: 2019/01/14 06:08:09 Item state: Checked Path: C:\OneSafe PC Cleaner\OSPCNotifications.exe Threat level: Low Malware type: PUP.6952.9 Modified in: 2018/12/19 13:17:34 Item state: Checked Infected registry keys Key: HKLM32\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkinPack Threat level: Low Malware type: Heuristic.6953.13 Item state: Checked Key: HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Value: C:\Users\Jean-Marie\Desktop\LFS Hyper & UEFM Suite 2018.39\processclose_2_08.01.17.1 (1).exe.FriendlyAppName Threat level: Medium Malware type: Malware.6864.23 Item state: Checked Key: HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Value: C:\Users\Jean-Marie\Desktop\LFS Hyper & UEFM Suite 2018.39\processclose_2_08.01.17.1 (1).exe.ApplicationCompany Threat level: Medium Malware type: Malware.6864.23 Item state: Checked Key: HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Value: C:\Users\Jean-Marie\Desktop\processclose_2_08.01.17.1.exe.FriendlyAppName Threat level: Medium Malware type: Malware.6864.23 Item state: Checked Key: HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache Value: C:\Users\Jean-Marie\Desktop\processclose_2_08.01.17.1.exe.ApplicationCompany Threat level: Medium Malware type: Malware.6864.23 Item state: Checked Malware related optional fixes: Option name: Empty temporary folders Item state: Unchecked Option name: Run an SFC scan Item state: Unchecked Option name: Repair Windows with DISM Item state: Unchecked Option name: Reset the DNS settings Item state: Unchecked Option name: Reset the hosts file Item state: Unchecked Option name: Reset IP, Winsock and proxy Item state: Unchecked Option name: Reset and fix the Windows firewall Item state: Unchecked Option name: Reset the SubSystems registry key Item state: Unchecked ->End of scans Scan end time: 2019/01/14 09:07:47. Scan duration: 7 minutes and 44 seconds. The scan completed successfully. ############ End of report 40018 bytes ############