Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by 27972 (2016-07-06 13:38:11) Run:1
Running from C:\Users\27972\Documents\Farber Recovery Scan Tool
Loaded Profiles: 27972 (Available Profiles: 27972 & Sonya & Aziza & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Tcpip\..\Interfaces\{1db4209b-00a7-4763-a63f-6d8371fb4ac5}: [NameServer] 82.163.142.7 95.211.158.134
SearchScopes: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.eshield.com/serp?guid={1ED4791B-A481-4AE8-89EE-AF6F81FDEFAD}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000 -> {5FBC36E2-AD3B-4E43-A2BC-E81DD96FE970} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=custom2
Toolbar: HKLM - eShield - {898E8883-5181-4959-B230-E3C01F807653} - C:\Program Files (x86)\TNT2\2.0.0.1995\IEToolbar64.dll No File
FF Plugin HKU\S-1-5-21-2825347086-2981257662-4213469737-1000: @tnt2npapi.com/Plugin -> C:\Users\27972\AppData\Local\TNT2\2.0.0.1995\npTNT2.dll [2015-08-12] (Eshield)
FF Extension: eShield - C:\Users\27972\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\toolbar11467@eshield.com [2015-08-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox => not found
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=custom2"
CHR Extension: (eShield) - C:\Users\27972\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\PremierOpinion\pmcm.crx <not found>
2016-06-27 00:21 - 2016-06-27 00:21 - 00768416 _____ (Reimage) C:\Users\27972\Downloads\ReimageRepair.exe
2016-06-26 21:50 - 2016-06-26 21:50 - 00000000 ____D C:\Users\Все пользователи\db7f6d9d-75c1-0
2016-06-26 21:44 - 2016-06-26 21:44 - 00000000 ____D C:\ProgramData\db7f6d9d-02f3-0
2016-06-26 21:44 - 2016-06-26 21:44 - 00000000 ____D C:\ProgramData\{26866dc3-512c-1}
2016-06-26 21:44 - 2016-06-26 21:44 - 00000000 ____D C:\ProgramData\{09b7bbd4-712c-0}
2016-06-26 21:44 - 2016-06-26 21:44 - 00000000 ____D C:\ProgramData\{0162428d-412c-0}
2016-06-26 21:44 - 2016-05-27 00:26 - 00000000 ____D C:\ProgramData\3126b259-3dd3-1
2016-06-26 21:46 - 2016-05-27 00:26 - 00000000 ____D C:\ProgramData\3126b259-4237-0
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1" /f
CMD: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1" /f /reg:32
CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{898E8883-5181-4959-B230-E3C01F807653}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.1995\IEToolbar64.dll => No File
Task: {04286734-0F4D-43E1-BE2A-CF0B7DD01ED6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0AAC9C26-4AAF-4C4D-B90D-2489D61714ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0B7BBD80-430A-476D-B678-8EDDCA121BA9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {12B838E5-C1C1-4EA9-8535-D6935A0C9E94} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1BCAB131-35CA-4C39-8B40-A2098BB4F383} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {207D6D67-D876-4965-9483-CAC6E342D97E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4506E1FD-1940-479E-9FE8-5696BE4EF939} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {459AFBDA-EC2E-482F-BD05-02DD7F03E868} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90887EF0-1C10-43DD-81D9-03145CBEF6FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BF49698C-208E-4ADA-9D68-596C02EFE74B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EB591647-3C8C-420B-B1CB-C991F132BDC5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F500A4D5-360F-4335-8DCF-7186F3402AE8} - System32\Tasks\DNSPLUM => dnsplum.exe <==== ATTENTION
FirewallRules: [{867E74C6-BA1E-496C-9941-3EEAAE6A9635}] => (Allow) C:\Users\27972\AppData\Local\TNT2\2.0.0.1995\TNT2User.exe
FirewallRules: [{53A4E74B-F476-4903-A7D6-02B5FCCE3A40}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{A6656C16-9533-45E2-84B2-0D8BFDFFE242}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
C:\Users\27972\AppData\Local\TNT2
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:
*****************

Restore point was successfully created.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1db4209b-00a7-4763-a63f-6d8371fb4ac5}\\NameServer => value removed successfully
"HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5FBC36E2-AD3B-4E43-A2BC-E81DD96FE970}" => key removed successfully
HKCR\CLSID\{5FBC36E2-AD3B-4E43-A2BC-E81DD96FE970} => key not found. 
"HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => key removed successfully
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{898E8883-5181-4959-B230-E3C01F807653} => value not found.
HKCR\CLSID\{898E8883-5181-4959-B230-E3C01F807653} => key not found. 
HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\Software\MozillaPlugins\@tnt2npapi.com/Plugin => key not found. 
C:\Users\27972\AppData\Local\TNT2\2.0.0.1995\npTNT2.dll => not found.
C:\Users\27972\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\toolbar11467@eshield.com => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} => value removed successfully
Chrome StartupUrls => removed successfully
C:\Users\27972\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle" => key removed successfully
C:\Users\27972\Downloads\ReimageRepair.exe => moved successfully
C:\Users\Все пользователи\db7f6d9d-75c1-0 => moved successfully
C:\ProgramData\db7f6d9d-02f3-0 => moved successfully
C:\ProgramData\{26866dc3-512c-1} => moved successfully
C:\ProgramData\{09b7bbd4-712c-0} => moved successfully
C:\ProgramData\{0162428d-412c-0} => moved successfully
C:\ProgramData\3126b259-3dd3-1 => moved successfully
C:\ProgramData\3126b259-4237-0 => moved successfully

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1" /f =========

ЋЇҐа жЁп гбЇҐи­® § ўҐаиҐ­ .


========= End of Reg: =========


=========  reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1" /f /reg:32 =========

�訡��: �� 㤠���� ���� 㪠����� ࠧ��� ��� ��ࠬ��� � ॥���.

========= End of CMD: =========

HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{898E8883-5181-4959-B230-E3C01F807653} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04286734-0F4D-43E1-BE2A-CF0B7DD01ED6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04286734-0F4D-43E1-BE2A-CF0B7DD01ED6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AAC9C26-4AAF-4C4D-B90D-2489D61714ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAC9C26-4AAF-4C4D-B90D-2489D61714ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B7BBD80-430A-476D-B678-8EDDCA121BA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7BBD80-430A-476D-B678-8EDDCA121BA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12B838E5-C1C1-4EA9-8535-D6935A0C9E94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B838E5-C1C1-4EA9-8535-D6935A0C9E94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BCAB131-35CA-4C39-8B40-A2098BB4F383}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BCAB131-35CA-4C39-8B40-A2098BB4F383}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{207D6D67-D876-4965-9483-CAC6E342D97E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{207D6D67-D876-4965-9483-CAC6E342D97E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4506E1FD-1940-479E-9FE8-5696BE4EF939}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4506E1FD-1940-479E-9FE8-5696BE4EF939}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{459AFBDA-EC2E-482F-BD05-02DD7F03E868}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{459AFBDA-EC2E-482F-BD05-02DD7F03E868}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90887EF0-1C10-43DD-81D9-03145CBEF6FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90887EF0-1C10-43DD-81D9-03145CBEF6FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF49698C-208E-4ADA-9D68-596C02EFE74B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF49698C-208E-4ADA-9D68-596C02EFE74B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB591647-3C8C-420B-B1CB-C991F132BDC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB591647-3C8C-420B-B1CB-C991F132BDC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F500A4D5-360F-4335-8DCF-7186F3402AE8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F500A4D5-360F-4335-8DCF-7186F3402AE8}" => key removed successfully
C:\WINDOWS\System32\Tasks\DNSPLUM => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSPLUM" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{867E74C6-BA1E-496C-9941-3EEAAE6A9635} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53A4E74B-F476-4903-A7D6-02B5FCCE3A40} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6656C16-9533-45E2-84B2-0D8BFDFFE242} => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion => moved successfully
"C:\Users\27972\AppData\Local\TNT2" => not found.

=========  ipconfig /flushdns =========


����ன�� ��⮪��� IP ��� Windows

��� ᮯ��⠢�⥫� DNS �ᯥ譮 ��饭.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 425803 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7450844 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 12614904 B
Edge => 132422702 B
Chrome => 354083 B
Firefox => 18132 B
Opera => 130088 B

Temp, IE cache, history, cookies, recent:
Default => 30542 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 155858 B
NetworkService => 38056 B
27972 => 28609402 B
Sonya => 566630 B
Aziza => 827342 B
DefaultAppPool => 16674 B

RecycleBin => 0 B
EmptyTemp: => 175.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:39:39 ====